Use BoringSSL instead of mincrypt to speed up package verification.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
diff --git a/fuse_sideload.cpp b/fuse_sideload.cpp
index 9c3e75f..1725e88 100644
--- a/fuse_sideload.cpp
+++ b/fuse_sideload.cpp
@@ -61,7 +61,8 @@
#include <sys/uio.h>
#include <unistd.h>
-#include "mincrypt/sha256.h"
+#include <openssl/sha.h>
+
#include "fuse_sideload.h"
#define PACKAGE_FILE_ID (FUSE_ROOT_ID+1)
@@ -269,22 +270,22 @@
// block).
// - Otherwise, return -EINVAL for the read.
- uint8_t hash[SHA256_DIGEST_SIZE];
- SHA256_hash(fd->block_data, fd->block_size, hash);
- uint8_t* blockhash = fd->hashes + block * SHA256_DIGEST_SIZE;
- if (memcmp(hash, blockhash, SHA256_DIGEST_SIZE) == 0) {
+ uint8_t hash[SHA256_DIGEST_LENGTH];
+ SHA256(fd->block_data, fd->block_size, hash);
+ uint8_t* blockhash = fd->hashes + block * SHA256_DIGEST_LENGTH;
+ if (memcmp(hash, blockhash, SHA256_DIGEST_LENGTH) == 0) {
return 0;
}
int i;
- for (i = 0; i < SHA256_DIGEST_SIZE; ++i) {
+ for (i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
if (blockhash[i] != 0) {
fd->curr_block = -1;
return -EIO;
}
}
- memcpy(blockhash, hash, SHA256_DIGEST_SIZE);
+ memcpy(blockhash, hash, SHA256_DIGEST_LENGTH);
return 0;
}
@@ -393,10 +394,10 @@
goto done;
}
- fd.hashes = (uint8_t*)calloc(fd.file_blocks, SHA256_DIGEST_SIZE);
+ fd.hashes = (uint8_t*)calloc(fd.file_blocks, SHA256_DIGEST_LENGTH);
if (fd.hashes == NULL) {
fprintf(stderr, "failed to allocate %d bites for hashes\n",
- fd.file_blocks * SHA256_DIGEST_SIZE);
+ fd.file_blocks * SHA256_DIGEST_LENGTH);
result = -1;
goto done;
}