From 8097c7c86d076c72149b389492a6532efea617cc Mon Sep 17 00:00:00 2001
From: Will Tatam <will@netmindz.net>
Date: Sun, 9 Nov 2025 11:41:51 +0000
Subject: [PATCH] refactor current bootloader reading out of the server ino ota

---
 wled00/fcn_declare.h   |  3 ---
 wled00/ota_update.cpp  | 54 +++++++++++++++++++++++++++++++++++----
 wled00/ota_update.h    | 18 +++++++++++++
 wled00/wled.h          |  3 +++
 wled00/wled_server.cpp | 57 ------------------------------------------
 5 files changed, 70 insertions(+), 65 deletions(-)

diff --git a/wled00/fcn_declare.h b/wled00/fcn_declare.h
index 0b557d45..01c2c2ec 100644
--- a/wled00/fcn_declare.h
+++ b/wled00/fcn_declare.h
@@ -546,9 +546,6 @@ void serveMessage(AsyncWebServerRequest* request, uint16_t code, const String& h
 void serveJsonError(AsyncWebServerRequest* request, uint16_t code, uint16_t error);
 void serveSettings(AsyncWebServerRequest* request, bool post = false);
 void serveSettingsJS(AsyncWebServerRequest* request);
-#if defined(ARDUINO_ARCH_ESP32) && !defined(WLED_DISABLE_OTA)
-String getBootloaderSHA256Hex();
-#endif
 
 //ws.cpp
 void handleWs();
diff --git a/wled00/ota_update.cpp b/wled00/ota_update.cpp
index b1e72366..5fc79db5 100644
--- a/wled00/ota_update.cpp
+++ b/wled00/ota_update.cpp
@@ -5,11 +5,7 @@
 #include <esp_app_format.h>
 #include <esp_ota_ops.h>
 #include <esp_flash.h>
-#endif
-
-// Forward declarations
-#if defined(ARDUINO_ARCH_ESP32) && !defined(WLED_DISABLE_OTA)
-void invalidateBootloaderSHA256Cache();
+#include <mbedtls/sha256.h>
 #endif
 
 // Platform-specific metadata locations
@@ -263,6 +259,54 @@ void handleOTAData(AsyncWebServerRequest *request, size_t index, uint8_t *data,
 }
 
 #if defined(ARDUINO_ARCH_ESP32) && !defined(WLED_DISABLE_OTA)
+// Cache for bootloader SHA256 digest
+static uint8_t bootloaderSHA256[32];
+static bool bootloaderSHA256Cached = false;
+
+// Calculate and cache the bootloader SHA256 digest
+void calculateBootloaderSHA256() {
+  if (bootloaderSHA256Cached) return;
+
+  // Bootloader is at fixed offset 0x1000 (4KB) and is typically 32KB
+  const uint32_t bootloaderOffset = 0x1000;
+  const uint32_t bootloaderSize = 0x8000; // 32KB, typical bootloader size
+
+  mbedtls_sha256_context ctx;
+  mbedtls_sha256_init(&ctx);
+  mbedtls_sha256_starts(&ctx, 0); // 0 = SHA256 (not SHA224)
+
+  const size_t chunkSize = 256;
+  uint8_t buffer[chunkSize];
+
+  for (uint32_t offset = 0; offset < bootloaderSize; offset += chunkSize) {
+    size_t readSize = min((size_t)(bootloaderSize - offset), chunkSize);
+    if (esp_flash_read(NULL, buffer, bootloaderOffset + offset, readSize) == ESP_OK) {
+      mbedtls_sha256_update(&ctx, buffer, readSize);
+    }
+  }
+
+  mbedtls_sha256_finish(&ctx, bootloaderSHA256);
+  mbedtls_sha256_free(&ctx);
+  bootloaderSHA256Cached = true;
+}
+
+// Get bootloader SHA256 as hex string
+String getBootloaderSHA256Hex() {
+  calculateBootloaderSHA256();
+
+  char hex[65];
+  for (int i = 0; i < 32; i++) {
+    sprintf(hex + (i * 2), "%02x", bootloaderSHA256[i]);
+  }
+  hex[64] = '\0';
+  return String(hex);
+}
+
+// Invalidate cached bootloader SHA256 (call after bootloader update)
+void invalidateBootloaderSHA256Cache() {
+  bootloaderSHA256Cached = false;
+}
+
 // Verify complete buffered bootloader using ESP-IDF validation approach
 // This matches the key validation steps from esp_image_verify() in ESP-IDF
 // Returns the actual bootloader data pointer and length via the buffer and len parameters
diff --git a/wled00/ota_update.h b/wled00/ota_update.h
index 4750ced0..82d97d6c 100644
--- a/wled00/ota_update.h
+++ b/wled00/ota_update.h
@@ -52,6 +52,24 @@ std::pair<bool, String> getOTAResult(AsyncWebServerRequest *request);
 void handleOTAData(AsyncWebServerRequest *request, size_t index, uint8_t *data, size_t len, bool isFinal);
 
 #if defined(ARDUINO_ARCH_ESP32) && !defined(WLED_DISABLE_OTA)
+/**
+ * Calculate and cache the bootloader SHA256 digest
+ * Reads the bootloader from flash at offset 0x1000 and computes SHA256 hash
+ */
+void calculateBootloaderSHA256();
+
+/**
+ * Get bootloader SHA256 as hex string
+ * @return String containing 64-character hex representation of SHA256 hash
+ */
+String getBootloaderSHA256Hex();
+
+/**
+ * Invalidate cached bootloader SHA256 (call after bootloader update)
+ * Forces recalculation on next call to calculateBootloaderSHA256 or getBootloaderSHA256Hex
+ */
+void invalidateBootloaderSHA256Cache();
+
 /**
  * Verify complete buffered bootloader using ESP-IDF validation approach
  * This matches the key validation steps from esp_image_verify() in ESP-IDF
diff --git a/wled00/wled.h b/wled00/wled.h
index 7f3188be..d1cddd8f 100644
--- a/wled00/wled.h
+++ b/wled00/wled.h
@@ -189,6 +189,9 @@ using PSRAMDynamicJsonDocument = BasicJsonDocument<PSRAM_Allocator>;
 #include "FastLED.h"
 #include "const.h"
 #include "fcn_declare.h"
+#ifndef WLED_DISABLE_OTA
+  #include "ota_update.h"
+#endif
 #include "NodeStruct.h"
 #include "pin_manager.h"
 #include "colors.h"
diff --git a/wled00/wled_server.cpp b/wled00/wled_server.cpp
index c7b2998e..09bb5139 100644
--- a/wled00/wled_server.cpp
+++ b/wled00/wled_server.cpp
@@ -15,12 +15,6 @@
 #include "html_cpal.h"
 #include "html_edit.h"
 
-#if defined(ARDUINO_ARCH_ESP32) && !defined(WLED_DISABLE_OTA)
-#include <esp_ota_ops.h>
-  #include <esp_flash.h>
-  #include <esp_image_format.h>
-#include <mbedtls/sha256.h>
-#endif
 
 // define flash strings once (saves flash memory)
 static const char s_redirecting[] PROGMEM = "Redirecting...";
@@ -39,11 +33,6 @@ static const char s_no_store[]       PROGMEM = "no-store";
 static const char s_expires[]        PROGMEM = "Expires";
 static const char _common_js[]       PROGMEM = "/common.js";
 
-#if defined(ARDUINO_ARCH_ESP32) && !defined(WLED_DISABLE_OTA)
-// Cache for bootloader SHA256 digest
-static uint8_t bootloaderSHA256[32];
-static bool bootloaderSHA256Cached = false;
-#endif
 
 //Is this an IP?
 static bool isIp(const String &str) {
@@ -193,52 +182,6 @@ static String msgProcessor(const String& var)
   return String();
 }
 
-#if defined(ARDUINO_ARCH_ESP32) && !defined(WLED_DISABLE_OTA)
-// Calculate and cache the bootloader SHA256 digest
-static void calculateBootloaderSHA256() {
-  if (bootloaderSHA256Cached) return;
-  
-  // Bootloader is at fixed offset 0x1000 (4KB) and is typically 32KB
-  const uint32_t bootloaderOffset = 0x1000;
-  const uint32_t bootloaderSize = 0x8000; // 32KB, typical bootloader size
-  
-  mbedtls_sha256_context ctx;
-  mbedtls_sha256_init(&ctx);
-  mbedtls_sha256_starts(&ctx, 0); // 0 = SHA256 (not SHA224)
-  
-  const size_t chunkSize = 256;
-  uint8_t buffer[chunkSize];
-  
-  for (uint32_t offset = 0; offset < bootloaderSize; offset += chunkSize) {
-    size_t readSize = min((size_t)(bootloaderSize - offset), chunkSize);
-    if (esp_flash_read(NULL, buffer, bootloaderOffset + offset, readSize) == ESP_OK) {
-      mbedtls_sha256_update(&ctx, buffer, readSize);
-    }
-  }
-  
-  mbedtls_sha256_finish(&ctx, bootloaderSHA256);
-  mbedtls_sha256_free(&ctx);
-  bootloaderSHA256Cached = true;
-}
-
-// Get bootloader SHA256 as hex string
-String getBootloaderSHA256Hex() {
-  calculateBootloaderSHA256();
-  
-  char hex[65];
-  for (int i = 0; i < 32; i++) {
-    sprintf(hex + (i * 2), "%02x", bootloaderSHA256[i]);
-  }
-  hex[64] = '\0';
-  return String(hex);
-}
-
-// Invalidate cached bootloader SHA256 (call after bootloader update)
-void invalidateBootloaderSHA256Cache() {
-  bootloaderSHA256Cached = false;
-}
-
-#endif
 
 static void handleUpload(AsyncWebServerRequest *request, const String& filename, size_t index, uint8_t *data, size_t len, bool isFinal) {
   if (!correctPIN) {