From 1c74bf57dd1f992023cb2477d571cc780d00f8eb Mon Sep 17 00:00:00 2001
From: Ashish Sharma <ashish.sharma@espressif.com>
Date: Tue, 6 Jan 2026 16:19:31 +0800
Subject: [PATCH] fix(esp_http_client): fix incorrect digest calculation for
 SHA256 auth digest

According to RFC 7616, nonce-prime and cnonce-prime is used for SHA-256-sess only and not for SHA-256.
This commit updates the check and uses nonce only for "-sess" algorithms.

Regression from 66995965e783df909096ce56a0ac93778116a504
---
 components/esp_http_client/lib/http_auth.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/components/esp_http_client/lib/http_auth.c b/components/esp_http_client/lib/http_auth.c
index b51b8fc396..9e5477cd1f 100644
--- a/components/esp_http_client/lib/http_auth.c
+++ b/components/esp_http_client/lib/http_auth.c
@@ -157,8 +157,7 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
 
     ESP_LOGD(TAG, "%s %s %s %s", "Digest", username, auth_data->realm, password);
     if ((strcasecmp(auth_data->algorithm, "md5-sess") == 0) ||
-            (strcasecmp(auth_data->algorithm, "SHA256") == 0) ||
-            (strcasecmp(auth_data->algorithm, "SHA-256") == 0)) {
+            (strcasecmp(auth_data->algorithm, "SHA-256-sess") == 0)) {
         if (digest_func(ha1, "%s:%s:%016llx", ha1, auth_data->nonce, auth_data->cnonce) <= 0) {
             goto _digest_exit;
         }