From 7e273879b578694fe8b3d78e8b18554e96da38ab Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" <nick@home-assistant.io>
Date: Tue, 23 Sep 2025 09:45:02 -0500
Subject: [PATCH] reduce magic numbers

---
 .../components/esphome/ota/ota_esphome.cpp    | 19 ++++++++++---------
 esphome/components/esphome/ota/ota_esphome.h  |  4 ++--
 esphome/espota2.py                            |  2 +-
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/esphome/components/esphome/ota/ota_esphome.cpp b/esphome/components/esphome/ota/ota_esphome.cpp
index 7fd16ce3d0..6df7144064 100644
--- a/esphome/components/esphome/ota/ota_esphome.cpp
+++ b/esphome/components/esphome/ota/ota_esphome.cpp
@@ -268,14 +268,14 @@ void ESPHomeOTAComponent::handle_data_() {
     // TODO: Remove this entire ifdef block in 2026.1.0
     if (client_supports_sha256) {
       sha256::SHA256 sha_hasher;
-      auth_success = this->perform_hash_auth_(&sha_hasher, this->password_, 16, ota::OTA_RESPONSE_REQUEST_SHA256_AUTH,
+      auth_success = this->perform_hash_auth_(&sha_hasher, this->password_, ota::OTA_RESPONSE_REQUEST_SHA256_AUTH,
                                               LOG_STR("SHA256"), sbuf);
     } else {
 #ifdef USE_OTA_MD5
       ESP_LOGW(TAG, "Using MD5 auth for compatibility (deprecated)");
       md5::MD5Digest md5_hasher;
-      auth_success = this->perform_hash_auth_(&md5_hasher, this->password_, 8, ota::OTA_RESPONSE_REQUEST_AUTH,
-                                              LOG_STR("MD5"), sbuf);
+      auth_success =
+          this->perform_hash_auth_(&md5_hasher, this->password_, ota::OTA_RESPONSE_REQUEST_AUTH, LOG_STR("MD5"), sbuf);
 #endif  // USE_OTA_MD5
     }
 #else
@@ -286,7 +286,7 @@ void ESPHomeOTAComponent::handle_data_() {
       goto error;  // NOLINT(cppcoreguidelines-avoid-goto)
     }
     sha256::SHA256 sha_hasher;
-    auth_success = this->perform_hash_auth_(&sha_hasher, this->password_, 16, ota::OTA_RESPONSE_REQUEST_SHA256_AUTH,
+    auth_success = this->perform_hash_auth_(&sha_hasher, this->password_, ota::OTA_RESPONSE_REQUEST_SHA256_AUTH,
                                             LOG_STR("SHA256"), sbuf);
 #endif  // ALLOW_OTA_DOWNGRADE_MD5
 #else
@@ -295,7 +295,7 @@ void ESPHomeOTAComponent::handle_data_() {
 #ifdef USE_OTA_MD5
     md5::MD5Digest md5_hasher;
     auth_success =
-        this->perform_hash_auth_(&md5_hasher, this->password_, 8, ota::OTA_RESPONSE_REQUEST_AUTH, LOG_STR("MD5"), sbuf);
+        this->perform_hash_auth_(&md5_hasher, this->password_, ota::OTA_RESPONSE_REQUEST_AUTH, LOG_STR("MD5"), sbuf);
 #endif  // USE_OTA_MD5
 #endif  // USE_OTA_SHA256
 
@@ -529,10 +529,11 @@ void ESPHomeOTAComponent::log_auth_warning_(const LogString *action, const LogSt
 }
 
 // Non-template function definition to reduce binary size
-bool ESPHomeOTAComponent::perform_hash_auth_(HashBase *hasher, const std::string &password, size_t nonce_size,
-                                             uint8_t auth_request, const LogString *name, char *buf) {
+bool ESPHomeOTAComponent::perform_hash_auth_(HashBase *hasher, const std::string &password, uint8_t auth_request,
+                                             const LogString *name, char *buf) {
   // Get sizes from the hasher
-  const size_t hex_size = hasher->get_size() * 2;  // Hex is twice the byte size
+  const size_t hex_size = hasher->get_size() * 2;       // Hex is twice the byte size
+  const size_t nonce_hex_len = hasher->get_size() / 2;  // Nonce hex length is 1/4 of full hex size
 
   // Use the provided buffer for all hex operations
 
@@ -552,7 +553,7 @@ bool ESPHomeOTAComponent::perform_hash_auth_(HashBase *hasher, const std::string
   nonce_bytes[2] = (r1 >> 8) & 0xFF;
   nonce_bytes[3] = r1 & 0xFF;
 
-  if (nonce_size == 8) {
+  if (nonce_hex_len == 8) {
     // MD5: 8 chars = "%08x" format = 4 bytes from one random uint32
     hasher->add(nonce_bytes, 4);
   } else {
diff --git a/esphome/components/esphome/ota/ota_esphome.h b/esphome/components/esphome/ota/ota_esphome.h
index 39f2f878de..5bacb60706 100644
--- a/esphome/components/esphome/ota/ota_esphome.h
+++ b/esphome/components/esphome/ota/ota_esphome.h
@@ -32,8 +32,8 @@ class ESPHomeOTAComponent : public ota::OTAComponent {
   void handle_handshake_();
   void handle_data_();
 #ifdef USE_OTA_PASSWORD
-  bool perform_hash_auth_(HashBase *hasher, const std::string &password, size_t nonce_size, uint8_t auth_request,
-                          const LogString *name, char *buf);
+  bool perform_hash_auth_(HashBase *hasher, const std::string &password, uint8_t auth_request, const LogString *name,
+                          char *buf);
   void log_auth_warning_(const LogString *action, const LogString *hash_name);
 #endif  // USE_OTA_PASSWORD
   bool readall_(uint8_t *buf, size_t len);
diff --git a/esphome/espota2.py b/esphome/espota2.py
index 2a4d21dc3e..2712d00127 100644
--- a/esphome/espota2.py
+++ b/esphome/espota2.py
@@ -166,7 +166,7 @@ def check_error(data: list[int] | bytes, expect: int | list[int] | None) -> None
         raise OTAError("Error: Authentication invalid. Is the password correct?")
     if dat == RESPONSE_ERROR_WRITING_FLASH:
         raise OTAError(
-            "Error: Wring OTA data to flash memory failed. See USB logs for more "
+            "Error: Writing OTA data to flash memory failed. See USB logs for more "
             "information."
         )
     if dat == RESPONSE_ERROR_UPDATE_END: