Use constant-time delta base hash compare

danielinux · danielinux · commit fc9e7a3e8a90 · 2026-04-08T19:53:50.000+02:00
F/2253
diff --git a/include/image.h b/include/image.h
@@ -1252,6 +1252,8 @@ static void UNUSEDFUNCTION wolfBoot_image_clear_signature_ok(
 #endif
 
 /* Defined in image.c */
+int image_CT_compare(const uint8_t *expected, const uint8_t *actual,
+    uint32_t len);
 int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part);
 #ifdef EXT_FLASH
 int wolfBoot_open_image_external(struct wolfBoot_image* img, uint8_t part, uint8_t* addr);
diff --git a/src/image.c b/src/image.c
@@ -58,7 +58,7 @@
 /* Globals */
 static uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED(4);
 
-static int __attribute__((noinline)) image_CT_compare(
+int __attribute__((noinline)) image_CT_compare(
     const uint8_t *expected, const uint8_t *actual, uint32_t len)
 {
     uint8_t diff = 0;
diff --git a/src/update_flash.c b/src/update_flash.c
@@ -642,7 +642,7 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,
                 cur_v, delta_base_v);
             ret = -1;
         } else if (!resume && delta_base_hash &&
-                memcmp(base_hash, delta_base_hash, base_hash_sz) != 0) {
+                !image_CT_compare(base_hash, delta_base_hash, base_hash_sz)) {
             /* Wrong base image digest, cannot apply delta patch */
             wolfBoot_printf("Delta Base hash mismatch\n");
             ret = -1;

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@`
`58`	`58`	`/* Globals */`
`59`	`59`	`static uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED(4);`
`60`	`60`
`61`		`-static int __attribute__((noinline)) image_CT_compare(`
	`61`	`+int __attribute__((noinline)) image_CT_compare(`
`62`	`62`	`const uint8_t expected, const uint8_t actual, uint32_t len)`
`63`	`63`	`{`
`64`	`64`	`uint8_t diff = 0;`