MD5 Checksum Validation does not work

[rainerfritz]

Hi!

I tested the MD5 checksum verification and it has no effect when providing a false checksum digest string.

I could solve it by setting the checksum after Update.begin.

#elif defined(ESP32) if (!Update.begin(UPDATE_SIZE_UNKNOWN, mode == OTA_MODE_FILESYSTEM ? U_SPIFFS : U_FLASH)) { Serial.print("Failed to start update process\n"); // Save error to string StreamString str; Update.printError(str); _update_error_str = str.c_str(); _update_error_str.concat("\n"); Serial.println(_update_error_str.c_str()); } // Get file MD5 hash from arg if (request->hasParam("hash")) { String hash = request->getParam("hash")->value(); Serial.print(String("MD5 from client: "+hash+"\n").c_str()); if (!Update.setMD5(hash.c_str())) { Serial.print("ERROR: MD5 hash not valid\n"); return request->send(400, "text/plain", "MD5 parameter invalid"); } } #endif

[ayushsharma82]

Interesting... ElegantOTA uses direct API from relevant MCU's Arduino Core so this might be an issue which should be opened on their repository if Update.setMD5 function is not working properly but please provide complete details for proper diagnosis:

1. Microcontroller:
2. Installed Arduino Core Version:
3. Are you using Arduino IDE or PIO? :
4. Are you using AsyncWebServer? (ie. Async mode in ElegantOTA) :

[rainerfritz]

I am using the AsynWebserver on a Heltec Wifi-Lora32 v2 board.
Arduino Core is 3.0.5 from Tasmota: Tasmota Espressif
using it on Pio. The Update.h is here:
Update.h

I provided with the call of /ota/start a valid but wrong hash as parameter. When writing finishes, it does not raise the checksum mismatch error.
When I modify your code that Update.setMD5() is called after Update.begin() is called, the error triggers.

BR
Rainer