preen

2025-09-24 06:02:21 +01:00 · 2025-09-21 15:36:27 -06:00
parent 0e9a1fc80d
commit 0d67d2de60
2 changed files with 11 additions and 4 deletions
--- a/esphome/components/esphome/ota/init.py
+++ b/esphome/components/esphome/ota/init.py
@@ -140,13 +140,14 @@ async def to_code(config):
    var = cg.new_Pvariable(config[CONF_ID])
    cg.add(var.set_port(config[CONF_PORT]))

-    # Only include SHA256 support on platforms that have it
-    if supports_sha256():
-        cg.add_define("USE_OTA_SHA256")
-
    if CONF_PASSWORD in config:
        cg.add(var.set_auth_password(config[CONF_PASSWORD]))
        cg.add_define("USE_OTA_PASSWORD")
+        # Only include hash algorithms when password is configured
+        cg.add_define("USE_OTA_MD5")
+        # Only include SHA256 support on platforms that have it
+        if supports_sha256():
+            cg.add_define("USE_OTA_SHA256")
    cg.add_define("USE_OTA_VERSION", config[CONF_VERSION])

    await cg.register_component(var, config)
--- a/esphome/components/esphome/ota/ota_esphome.cpp
+++ b/esphome/components/esphome/ota/ota_esphome.cpp
@@ -1,6 +1,8 @@
 #include "ota_esphome.h"
 #ifdef USE_OTA
+#ifdef USE_OTA_MD5
 #include "esphome/components/md5/md5.h"
+#endif
 #ifdef USE_OTA_SHA256
 #include "esphome/components/sha256/sha256.h"
 #endif
@@ -269,10 +271,12 @@ void ESPHomeOTAComponent::handle_data_() {
      auth_success = this->perform_hash_auth_(&sha_hasher, this->password_, 16, ota::OTA_RESPONSE_REQUEST_SHA256_AUTH,
                                              LOG_STR("SHA256"), sbuf);
    } else {
+#ifdef USE_OTA_MD5
      ESP_LOGW(TAG, "Using MD5 auth for compatibility (deprecated)");
      md5::MD5Digest md5_hasher;
      auth_success = this->perform_hash_auth_(&md5_hasher, this->password_, 8, ota::OTA_RESPONSE_REQUEST_AUTH,
                                              LOG_STR("MD5"), sbuf);
+#endif  // USE_OTA_MD5
    }
 #else
    // Strict mode: SHA256 required on capable platforms (future default)
@@ -288,9 +292,11 @@ void ESPHomeOTAComponent::handle_data_() {
 #else
    // Platform only supports MD5 - use it as the only available option
    // This is not a security downgrade as the platform cannot support SHA256
+#ifdef USE_OTA_MD5
    md5::MD5Digest md5_hasher;
    auth_success =
        this->perform_hash_auth_(&md5_hasher, this->password_, 8, ota::OTA_RESPONSE_REQUEST_AUTH, LOG_STR("MD5"), sbuf);
+#endif  // USE_OTA_MD5
 #endif  // USE_OTA_SHA256

    if (!auth_success) {