From 1a5b2a267b88afd76e3b5e3694cdf0fc24b06595 Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapil.gupta@espressif.com>
Date: Tue, 18 Mar 2025 17:38:00 +0530
Subject: [PATCH] fix(esp_wifi): Add alternate SHA1 APIs in WiFi

Add alternate SHA1 APIs to handle cases when
`CONFIG_MBEDTLS_SHA1_C` is disabled.
---
 components/wpa_supplicant/CMakeLists.txt      |  3 +++
 .../src/crypto/crypto_mbedtls.c               | 24 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt
index aad799c040..9a5f9a3bf3 100644
--- a/components/wpa_supplicant/CMakeLists.txt
+++ b/components/wpa_supplicant/CMakeLists.txt
@@ -127,6 +127,9 @@ if(CONFIG_ESP_WIFI_MBEDTLS_CRYPTO)
     if(NOT CONFIG_MBEDTLS_DES_C)
         set(crypto_src ${crypto_src} "src/crypto/des-internal.c")
     endif()
+    if(NOT CONFIG_MBEDTLS_SHA1_C)
+        set(crypto_src ${crypto_src} "src/crypto/sha1.c")
+    endif()
     # Enabling this only for WiFi is probably not a good idea since MbedTLS
     # uses generic crypto init/update functions for this. That causes
     # binary size increment since all the other enabled module
diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
index 32abe2a522..5fe89410fa 100644
--- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
+++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
@@ -35,6 +35,7 @@
 #include "aes_wrap.h"
 #include "crypto.h"
 #include "mbedtls/esp_config.h"
+#include "mbedtls/sha1.h"
 
 #ifdef CONFIG_FAST_PBKDF2
 #include "fastpbkdf2.h"
@@ -105,7 +106,28 @@ int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len,
 
 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 {
+#if defined(MBEDTLS_SHA1_C)
     return digest_vector(MBEDTLS_MD_SHA1, num_elem, addr, len, mac);
+#elif defined(MBEDTLS_SHA1_ALT)
+    mbedtls_sha1_context ctx;
+    size_t i;
+    int ret;
+
+    mbedtls_sha1_init(&ctx);
+    for (i = 0; i < num_elem; i++) {
+        ret = mbedtls_sha1_update(&ctx, addr[i], len[i]);
+        if (ret != 0) {
+            goto exit;
+        }
+    }
+    ret = mbedtls_sha1_finish(&ctx, mac);
+
+exit:
+    mbedtls_sha1_free(&ctx);
+    return ret;
+#else
+    return -ENOTSUP;
+#endif
 }
 
 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
@@ -363,6 +385,7 @@ int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
     return hmac_md5_vector(key, key_len, 1, &data, &data_len, mac);
 }
 
+#ifdef MBEDTLS_SHA1_C
 int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
                      const u8 *addr[], const size_t *len, u8 *mac)
 {
@@ -375,6 +398,7 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
 {
     return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
 }
+#endif
 
 static void *aes_crypt_init(int mode, const u8 *key, size_t len)
 {