[sw/spiflash] Remove OpenSSL dep. from spiflash
Switch spiflash to use the SHA256 implementation provided by
the vendored in cryptoc library.
Signed-off-by: Miguel Osorio <miguelosorio@google.com>
diff --git a/sw/host/spiflash/ftdi_spi_interface.cc b/sw/host/spiflash/ftdi_spi_interface.cc
index 7667310..3b14d25 100644
--- a/sw/host/spiflash/ftdi_spi_interface.cc
+++ b/sw/host/spiflash/ftdi_spi_interface.cc
@@ -9,12 +9,13 @@
#include <cstring>
#include <fcntl.h>
#include <iostream>
-#include <openssl/sha.h>
#include <string>
#include <termios.h>
#include <unistd.h>
#include <vector>
+#include "cryptoc/sha256.h"
+
// Include MPSSE SPI library
extern "C" {
#include "sw/host/vendor/mpsse/mpsse.h"
@@ -137,11 +138,8 @@
}
bool FtdiSpiInterface::CheckHash(const uint8_t *tx, size_t size) {
- uint8_t hash[SHA256_DIGEST_LENGTH];
- SHA256_CTX sha256;
- SHA256_Init(&sha256);
- SHA256_Update(&sha256, tx, size);
- SHA256_Final(hash, &sha256);
+ uint8_t hash[SHA256_DIGEST_SIZE];
+ SHA256_hash(tx, size, hash);
uint8_t *rx;
@@ -171,10 +169,10 @@
// Checking for the hash at any location or even split between messages may
// not be necessary, but it is probably safer.
usleep(options_.hash_check_delay_us);
- for (int i = 0; !hash_correct && i < SHA256_DIGEST_LENGTH; ++i) {
+ for (int i = 0; !hash_correct && i < SHA256_DIGEST_SIZE; ++i) {
if (rx[i] == hash[hash_index]) {
++hash_index;
- if (hash_index == SHA256_DIGEST_LENGTH) {
+ if (hash_index == SHA256_DIGEST_SIZE) {
hash_correct = true;
}
} else {
diff --git a/sw/host/spiflash/meson.build b/sw/host/spiflash/meson.build
index 9a0406c..b765688 100644
--- a/sw/host/spiflash/meson.build
+++ b/sw/host/spiflash/meson.build
@@ -12,7 +12,7 @@
],
implicit_include_directories: false,
dependencies: [
- dependency('libcrypto', native: true),
+ vendor_cryptoc_sha256,
# The libftdi1 dependency needs to be explicit to manage
# include paths on some systems.
dependency('libftdi1', native: true),
diff --git a/sw/host/spiflash/updater.cc b/sw/host/spiflash/updater.cc
index e46f727..0d16ffd 100644
--- a/sw/host/spiflash/updater.cc
+++ b/sw/host/spiflash/updater.cc
@@ -6,8 +6,11 @@
#include <algorithm>
#include <assert.h>
+#include <string.h>
#include <unistd.h>
+#include "cryptoc/sha256.h"
+
namespace opentitan {
namespace spiflash {
namespace {
@@ -43,12 +46,13 @@
* Calculate hash for frame `f` and store it in the frame header hash field.
*/
void HashFrame(Frame *f) {
- SHA256_CTX sha256;
- SHA256_Init(&sha256);
- SHA256_Update(&sha256, &f->hdr.frame_num, sizeof(f->hdr.frame_num));
- SHA256_Update(&sha256, &f->hdr.offset, sizeof(f->hdr.offset));
- SHA256_Update(&sha256, f->data, f->PayloadSize());
- SHA256_Final(f->hdr.hash, &sha256);
+ LITE_SHA256_CTX sha256;
+ SHA256_init(&sha256);
+ SHA256_update(&sha256, &f->hdr.frame_num, sizeof(f->hdr.frame_num));
+ SHA256_update(&sha256, &f->hdr.offset, sizeof(f->hdr.offset));
+ SHA256_update(&sha256, f->data, f->PayloadSize());
+ const uint8_t *result = SHA256_final(&sha256);
+ memcpy(f->hdr.hash, result, SHA256_DIGEST_SIZE);
}
} // namespace
diff --git a/sw/host/spiflash/updater.h b/sw/host/spiflash/updater.h
index 3aaeecc..394482b 100644
--- a/sw/host/spiflash/updater.h
+++ b/sw/host/spiflash/updater.h
@@ -5,8 +5,6 @@
#ifndef OPENTITAN_SW_HOST_SPIFLASH_UPDATER_H_
#define OPENTITAN_SW_HOST_SPIFLASH_UPDATER_H_
-#include <openssl/sha.h>
-
#include <algorithm>
#include <cstdint>
#include <cstring>
diff --git a/sw/host/spiflash/verilator_spi_interface.cc b/sw/host/spiflash/verilator_spi_interface.cc
index 5cd9e6a..db9e892 100644
--- a/sw/host/spiflash/verilator_spi_interface.cc
+++ b/sw/host/spiflash/verilator_spi_interface.cc
@@ -4,16 +4,16 @@
#include "sw/host/spiflash/verilator_spi_interface.h"
-#include <fcntl.h>
-#include <openssl/sha.h>
-#include <termios.h>
-#include <unistd.h>
-
#include <cstring>
+#include <fcntl.h>
#include <iostream>
#include <string>
+#include <termios.h>
+#include <unistd.h>
#include <vector>
+#include "cryptoc/sha256.h"
+
namespace opentitan {
namespace spiflash {
namespace {
@@ -109,11 +109,8 @@
}
bool VerilatorSpiInterface::CheckHash(const uint8_t *tx, size_t size) {
- uint8_t hash[SHA256_DIGEST_LENGTH];
- SHA256_CTX sha256;
- SHA256_Init(&sha256);
- SHA256_Update(&sha256, tx, size);
- SHA256_Final(hash, &sha256);
+ uint8_t hash[SHA256_DIGEST_SIZE];
+ SHA256_hash(tx, size, hash);
std::vector<uint8_t> rx(size);
size_t bytes_read = ReadBytes(fd_, &rx[0], size);
@@ -122,7 +119,7 @@
<< bytes_read << " expected: " << size << std::endl;
}
- return !std::memcmp(&rx[0], hash, SHA256_DIGEST_LENGTH);
+ return !std::memcmp(&rx[0], hash, SHA256_DIGEST_SIZE);
}
} // namespace spiflash
} // namespace opentitan
