diff --git a/components/esp_http_server/CMakeLists.txt b/components/esp_http_server/CMakeLists.txt index df86efa977..25bc836276 100644 --- a/components/esp_http_server/CMakeLists.txt +++ b/components/esp_http_server/CMakeLists.txt @@ -2,12 +2,6 @@ set(priv_req mbedtls lwip esp_timer) set(priv_inc_dir "src/util" "src/port/esp32") set(requires http_parser esp_event) -if(CONFIG_HTTPD_SERVER_PSA_CRYPTO_MIGRATE) - set(HTTPD_CRYPTO_SRC "src/httpd_crypto_psa.c") -else() - set(HTTPD_CRYPTO_SRC "src/httpd_crypto_mbedtls.c") -endif() - idf_component_register(SRCS "src/httpd_main.c" "src/httpd_parse.c" "src/httpd_sess.c" diff --git a/components/esp_http_server/Kconfig b/components/esp_http_server/Kconfig index 38b1dad20d..3913eb004c 100644 --- a/components/esp_http_server/Kconfig +++ b/components/esp_http_server/Kconfig @@ -89,11 +89,4 @@ menu "HTTP Server" Enable this option to use WebSocket post-handshake callback. This will allow the server to register a callback function that will be called after the WebSocket handshake is processed i.e. after switching to the WebSocket protocol. - - config HTTPD_SERVER_PSA_CRYPTO_MIGRATE - depends on MBEDTLS_VER_4_X_SUPPORT - bool "Migrate ESP HTTP Server to use PSA Crypto" - default y - help - Migrate ESP HTTP Server to use PSA Crypto. endmenu diff --git a/components/esp_http_server/src/esp_httpd_priv.h b/components/esp_http_server/src/esp_httpd_priv.h index f05243d7c8..18bcc1e86e 100644 --- a/components/esp_http_server/src/esp_httpd_priv.h +++ b/components/esp_http_server/src/esp_httpd_priv.h @@ -603,8 +603,6 @@ static inline void esp_http_server_dispatch_event(int32_t event_id, const void* } #endif // CONFIG_HTTPD_ENABLE_EVENTS -esp_err_t httpd_crypto_sha1(const uint8_t *data, size_t data_len, uint8_t *hash); - #ifdef __cplusplus } #endif diff --git a/components/esp_http_server/src/httpd_crypto_mbedtls.c b/components/esp_http_server/src/httpd_crypto_mbedtls.c deleted file mode 100644 index fc99158bf3..0000000000 --- a/components/esp_http_server/src/httpd_crypto_mbedtls.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include "mbedtls/sha1.h" -#include "esp_err.h" -#include "esp_log.h" - -static const char *TAG = "httpd_crypto_mbedtls"; - -#define SHA1_LEN (20) - -esp_err_t httpd_crypto_sha1(const uint8_t *data, size_t data_len, uint8_t *hash) -{ - if (data == NULL || data_len == 0 || hash == NULL) { - ESP_LOGE(TAG, "Invalid input parameters"); - return ESP_FAIL; - } - - esp_err_t err = ESP_FAIL; - mbedtls_sha1_context ctx; - mbedtls_sha1_init(&ctx); - - if (mbedtls_sha1_starts(&ctx) != 0) { - ESP_LOGE(TAG, "Failed to start SHA-1 hash"); - goto exit; - } - - if (mbedtls_sha1_update(&ctx, data, data_len) != 0) { - ESP_LOGE(TAG, "Failed to update SHA-1 hash"); - goto exit; - } - if (mbedtls_sha1_finish(&ctx, hash) != 0) { - ESP_LOGE(TAG, "Failed to finish SHA-1 hash"); - goto exit; - } - - err = ESP_OK; - -exit: - mbedtls_sha1_free(&ctx); - return err; -} diff --git a/components/esp_http_server/src/httpd_crypto_psa.c b/components/esp_http_server/src/httpd_crypto_psa.c deleted file mode 100644 index a0211fd5d4..0000000000 --- a/components/esp_http_server/src/httpd_crypto_psa.c +++ /dev/null @@ -1,29 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include "psa/crypto.h" -#include "esp_err.h" -#include "esp_log.h" - -static const char *TAG = "httpd_crypto_psa"; - -#define SHA1_LEN (20) - -esp_err_t httpd_crypto_sha1(const uint8_t *data, size_t data_len, uint8_t *hash) -{ - if (data == NULL || data_len == 0 || hash == NULL) { - ESP_LOGE(TAG, "Invalid input parameters"); - return ESP_FAIL; - } - - size_t hash_len = 0; - psa_status_t status = psa_hash_compute(PSA_ALG_SHA_1, data, data_len, hash, SHA1_LEN, &hash_len); - if (status != PSA_SUCCESS || hash_len != SHA1_LEN) { - ESP_LOGE(TAG, "Failed to compute SHA-1 hash"); - return ESP_FAIL; - } - return ESP_OK; -} diff --git a/components/esp_http_server/src/httpd_parse.c b/components/esp_http_server/src/httpd_parse.c index 176a21d885..b1afd0ad98 100644 --- a/components/esp_http_server/src/httpd_parse.c +++ b/components/esp_http_server/src/httpd_parse.c @@ -509,6 +509,8 @@ static int read_block(httpd_req_t *req, http_parser *parser, size_t offset, size if (new_scratch == NULL) { free(raux->scratch); raux->scratch = NULL; + /* Set last.at to NULL to avoid accidental dereference of dangling pointer */ + parser_data->last.at = NULL; ESP_LOGE(TAG, "Unable to allocate the scratch buffer"); return 0; } diff --git a/components/esp_http_server/src/httpd_ws.c b/components/esp_http_server/src/httpd_ws.c index 49eb409fb2..a3a879dea0 100644 --- a/components/esp_http_server/src/httpd_ws.c +++ b/components/esp_http_server/src/httpd_ws.c @@ -83,7 +83,7 @@ static bool httpd_ws_get_response_subprotocol(const char *supported_subprotocol, char *rest = NULL; char *s = strtok_r(subprotocol, ", ", &rest); do { - if (strncmp(s, supported_subprotocol, sizeof(subprotocol)) == 0) { + if (strncmp(s, supported_subprotocol, strlen(supported_subprotocol)) == 0) { ESP_LOGD(TAG, "Requested subprotocol supported: %s", s); return true; } diff --git a/examples/protocols/http_server/ws_echo_server/sdkconfig.ci.psa b/examples/protocols/http_server/ws_echo_server/sdkconfig.ci.psa deleted file mode 100644 index b56e076c3d..0000000000 --- a/examples/protocols/http_server/ws_echo_server/sdkconfig.ci.psa +++ /dev/null @@ -1,7 +0,0 @@ -# WebSocket Echo Server Example with PSA Crypto API -# This config tests the PSA crypto backend for WebSocket handshake (SHA-1) -CONFIG_LOG_DEFAULT_LEVEL_DEBUG=y -CONFIG_EXAMPLE_WIFI_SSID_PWD_FROM_STDIN=y -# PSA Crypto Configuration -CONFIG_MBEDTLS_VER_4_X_SUPPORT=y -CONFIG_HTTPD_SERVER_PSA_CRYPTO_MIGRATE=y