From 84e382387d928598e1ed9c18f5085cb8d5f47365 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Tue, 6 Jan 2026 00:09:14 -1000 Subject: [PATCH] [ota] Fix ESP32-S3 OTA crash with hardware SHA acceleration on IDF 5.5.x --- esphome/components/esphome/ota/ota_esphome.cpp | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/esphome/components/esphome/ota/ota_esphome.cpp b/esphome/components/esphome/ota/ota_esphome.cpp index ba25c69fae..dccaf781d8 100644 --- a/esphome/components/esphome/ota/ota_esphome.cpp +++ b/esphome/components/esphome/ota/ota_esphome.cpp @@ -558,13 +558,11 @@ bool ESPHomeOTAComponent::handle_auth_send_() { // [1+hex_size...1+2*hex_size-1]: cnonce (hex_size bytes) - client's nonce // [1+2*hex_size...1+3*hex_size-1]: response (hex_size bytes) - client's hash - // CRITICAL ESP32-S3 HARDWARE SHA ACCELERATION: Hash object must stay in same stack frame - // (no passing to other functions). All hash operations must happen in this function. - sha256::SHA256 hasher; - - const size_t hex_size = hasher.get_size() * 2; - const size_t nonce_len = hasher.get_size() / 4; - const size_t auth_buf_size = 1 + 3 * hex_size; + // Allocate auth buffer before creating SHA256 hasher to avoid potential + // heap/DMA interactions on ESP32-S3 with hardware SHA acceleration + constexpr size_t hex_size = SHA256_HEX_SIZE; + constexpr size_t nonce_len = 8; // SHA256 digest size (32) / 4 + constexpr size_t auth_buf_size = 1 + 3 * hex_size; this->auth_buf_ = std::make_unique(auth_buf_size); this->auth_buf_pos_ = 0; @@ -575,6 +573,10 @@ bool ESPHomeOTAComponent::handle_auth_send_() { return false; } + // CRITICAL ESP32-S3 HARDWARE SHA ACCELERATION: Hash object must stay in same stack frame + // (no passing to other functions). All hash operations must happen in this function. + // Create hasher AFTER heap allocations to avoid potential cache/DMA interference. + sha256::SHA256 hasher; hasher.init(); hasher.add(buf, nonce_len); hasher.calculate();