secure boot: Use mbedtls_sha256() not esp_sha()

Latter is probably compiled into most firmwares already, saves some size.

Ref https://github.com/espressif/esp-idf/issues/3127
This commit is contained in:
Angus Gratton 2019-03-08 16:16:55 +11:00 committed by bot
parent 1d8e1c4ce4
commit 5c6be8380e

View file

@ -25,7 +25,7 @@
#include "rom/sha.h" #include "rom/sha.h"
typedef SHA_CTX sha_context; typedef SHA_CTX sha_context;
#else #else
#include "hwcrypto/sha.h" #include "mbedtls/sha256.h"
#endif #endif
static const char* TAG = "secure_boot"; static const char* TAG = "secure_boot";
@ -57,8 +57,8 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
bootloader_sha256_data(handle, data, length); bootloader_sha256_data(handle, data, length);
bootloader_sha256_finish(handle, digest); bootloader_sha256_finish(handle, digest);
#else #else
/* Use thread-safe esp-idf SHA function */ /* Use thread-safe mbedTLS version */
esp_sha(SHA2_256, data, length, digest); mbedtls_sha256_ret(data, length, digest, 0);
#endif #endif
// Map the signature block and verify the signature // Map the signature block and verify the signature