Merge branch 'fix/remove_unused_psa_migration_code_http_server' into 'master'

Fix/remove unused psa migration code http server

See merge request espressif/esp-idf!46112

components/esp_http_server/CMakeLists.txt

@@ -2,12 +2,6 @@ set(priv_req mbedtls lwip esp_timer)
 set(priv_inc_dir "src/util" "src/port/esp32")
 set(requires http_parser esp_event)
 
-if(CONFIG_HTTPD_SERVER_PSA_CRYPTO_MIGRATE)
-    set(HTTPD_CRYPTO_SRC "src/httpd_crypto_psa.c")
-else()
-    set(HTTPD_CRYPTO_SRC "src/httpd_crypto_mbedtls.c")
-endif()
-
 idf_component_register(SRCS "src/httpd_main.c"
                             "src/httpd_parse.c"
                             "src/httpd_sess.c"

components/esp_http_server/Kconfig

@@ -89,11 +89,4 @@ menu "HTTP Server"
             Enable this option to use WebSocket post-handshake callback. This will allow the server to register
             a callback function that will be called after the WebSocket handshake is processed i.e. after switching
             to the WebSocket protocol.
-
-    config HTTPD_SERVER_PSA_CRYPTO_MIGRATE
-        depends on MBEDTLS_VER_4_X_SUPPORT
-        bool "Migrate ESP HTTP Server to use PSA Crypto"
-        default y
-        help
-            Migrate ESP HTTP Server to use PSA Crypto.
 endmenu

components/esp_http_server/src/esp_httpd_priv.h

@@ -603,8 +603,6 @@ static inline void esp_http_server_dispatch_event(int32_t event_id, const void*
 }
 #endif // CONFIG_HTTPD_ENABLE_EVENTS
 
-esp_err_t httpd_crypto_sha1(const uint8_t *data, size_t data_len, uint8_t *hash);
-
 #ifdef __cplusplus
 }
 #endif

components/esp_http_server/src/httpd_crypto_mbedtls.c

@@ -1,45 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#include "mbedtls/sha1.h"
-#include "esp_err.h"
-#include "esp_log.h"
-
-static const char *TAG = "httpd_crypto_mbedtls";
-
-#define SHA1_LEN (20)
-
-esp_err_t httpd_crypto_sha1(const uint8_t *data, size_t data_len, uint8_t *hash)
-{
-    if (data == NULL || data_len == 0 || hash == NULL) {
-        ESP_LOGE(TAG, "Invalid input parameters");
-        return ESP_FAIL;
-    }
-
-    esp_err_t err = ESP_FAIL;
-    mbedtls_sha1_context ctx;
-    mbedtls_sha1_init(&ctx);
-
-    if (mbedtls_sha1_starts(&ctx) != 0) {
-        ESP_LOGE(TAG, "Failed to start SHA-1 hash");
-        goto exit;
-    }
-
-    if (mbedtls_sha1_update(&ctx, data, data_len) != 0) {
-        ESP_LOGE(TAG, "Failed to update SHA-1 hash");
-        goto exit;
-    }
-    if (mbedtls_sha1_finish(&ctx, hash) != 0) {
-        ESP_LOGE(TAG, "Failed to finish SHA-1 hash");
-        goto exit;
-    }
-
-    err = ESP_OK;
-
-exit:
-    mbedtls_sha1_free(&ctx);
-    return err;
-}

components/esp_http_server/src/httpd_crypto_psa.c

@@ -1,29 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#include "psa/crypto.h"
-#include "esp_err.h"
-#include "esp_log.h"
-
-static const char *TAG = "httpd_crypto_psa";
-
-#define SHA1_LEN (20)
-
-esp_err_t httpd_crypto_sha1(const uint8_t *data, size_t data_len, uint8_t *hash)
-{
-    if (data == NULL || data_len == 0 || hash == NULL) {
-        ESP_LOGE(TAG, "Invalid input parameters");
-        return ESP_FAIL;
-    }
-
-    size_t hash_len = 0;
-    psa_status_t status = psa_hash_compute(PSA_ALG_SHA_1, data, data_len, hash, SHA1_LEN, &hash_len);
-    if (status != PSA_SUCCESS || hash_len != SHA1_LEN) {
-        ESP_LOGE(TAG, "Failed to compute SHA-1 hash");
-        return ESP_FAIL;
-    }
-    return ESP_OK;
-}

components/esp_http_server/src/httpd_parse.c

@@ -509,6 +509,8 @@ static int read_block(httpd_req_t *req, http_parser *parser, size_t offset, size
     if (new_scratch == NULL) {
         free(raux->scratch);
         raux->scratch = NULL;
+        /* Set last.at to NULL to avoid accidental dereference of dangling pointer */
+        parser_data->last.at = NULL;
         ESP_LOGE(TAG, "Unable to allocate the scratch buffer");
         return 0;
     }

components/esp_http_server/src/httpd_ws.c

@@ -83,7 +83,7 @@ static bool httpd_ws_get_response_subprotocol(const char *supported_subprotocol,
     char *rest = NULL;
     char *s = strtok_r(subprotocol, ", ", &rest);
     do {
-        if (strncmp(s, supported_subprotocol, sizeof(subprotocol)) == 0) {
+        if (strncmp(s, supported_subprotocol, strlen(supported_subprotocol)) == 0) {
             ESP_LOGD(TAG, "Requested subprotocol supported: %s", s);
             return true;
         }

examples/protocols/http_server/ws_echo_server/sdkconfig.ci.psa

@@ -1,7 +0,0 @@
-# WebSocket Echo Server Example with PSA Crypto API
-# This config tests the PSA crypto backend for WebSocket handshake (SHA-1)
-CONFIG_LOG_DEFAULT_LEVEL_DEBUG=y
-CONFIG_EXAMPLE_WIFI_SSID_PWD_FROM_STDIN=y
-# PSA Crypto Configuration
-CONFIG_MBEDTLS_VER_4_X_SUPPORT=y
-CONFIG_HTTPD_SERVER_PSA_CRYPTO_MIGRATE=y