From 1cc726b2a3e824713f51111fc0e5fa2c8b79dc91 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Fri, 8 Mar 2019 16:16:55 +1100
Subject: [PATCH] secure boot: Use mbedtls_sha256() not esp_sha()

Latter is probably compiled into most firmwares already, saves some size.

Ref https://github.com/espressif/esp-idf/issues/3127
---
 components/bootloader_support/src/secure_boot_signatures.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/bootloader_support/src/secure_boot_signatures.c b/components/bootloader_support/src/secure_boot_signatures.c
index ddb7ad73a..b6681bc79 100644
--- a/components/bootloader_support/src/secure_boot_signatures.c
+++ b/components/bootloader_support/src/secure_boot_signatures.c
@@ -25,7 +25,7 @@
 #include "rom/sha.h"
 typedef SHA_CTX sha_context;
 #else
-#include "hwcrypto/sha.h"
+#include "mbedtls/sha256.h"
 #endif
 
 static const char* TAG = "secure_boot";
@@ -57,8 +57,8 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
     bootloader_sha256_data(handle, data, length);
     bootloader_sha256_finish(handle, digest);
 #else
-    /* Use thread-safe esp-idf SHA function */
-    esp_sha(SHA2_256, data, length, digest);
+    /* Use thread-safe mbedTLS version */
+    mbedtls_sha256_ret(data, length, digest, 0);
 #endif
 
     // Map the signature block and verify the signature