Harden constant-time compare accumulators

danielinux · danielinux · commit 42c312e16e4a · 2026-04-14T07:35:11.000+02:00
F/2565
diff --git a/src/image.c b/src/image.c
@@ -61,7 +61,7 @@ static uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED(4);
 int NOINLINEFUNCTION image_CT_compare(
     const uint8_t *expected, const uint8_t *actual, uint32_t len)
 {
-    uint8_t diff = 0;
+    volatile uint8_t diff = 0;
     uint32_t i;
 
     for (i = 0; i < len; i++) {
@@ -2404,7 +2404,7 @@ uint8_t* wolfBoot_peek_image(struct wolfBoot_image *img, uint32_t offset,
 static int keyslot_CT_hint_matches(const uint8_t *expected,
     const uint8_t *actual)
 {
-    uint8_t diff = 0;
+    volatile uint8_t diff = 0;
     uint32_t i;
 
     for (i = 0; i < WOLFBOOT_SHA_DIGEST_SIZE; i++) {
diff --git a/src/tpm.c b/src/tpm.c
@@ -48,7 +48,7 @@ int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b,
     uint32_t len)
 {
     uint32_t i;
-    uint8_t diff = 0;
+    volatile uint8_t diff = 0;
 
     for (i = 0; i < len; i++) {
         diff |= a[i] ^ b[i];

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b,`
`48`	`48`	`uint32_t len)`
`49`	`49`	`{`
`50`	`50`	`uint32_t i;`
`51`		`- uint8_t diff = 0;`
	`51`	`+ volatile uint8_t diff = 0;`
`52`	`52`
`53`	`53`	`for (i = 0; i < len; i++) {`
`54`	`54`	`diff \|= a[i] ^ b[i];`