tpm: localize constant compare again

Restore wolfBoot_constant_compare to TPM-local code and use file-local helpers in update_flash and AHCI instead of a shared cross-module symbol.

F/CI

Author: danielinux

include/image.h

@@ -1254,7 +1254,6 @@ static void UNUSEDFUNCTION wolfBoot_image_clear_signature_ok(
 /* Defined in image.c */
 int image_CT_compare(const uint8_t *expected, const uint8_t *actual,
     uint32_t len);
-int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b, uint32_t len);
 int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part);
 #ifdef EXT_FLASH
 int wolfBoot_open_image_external(struct wolfBoot_image* img, uint8_t part, uint8_t* addr);

include/tpm.h

@@ -79,6 +79,10 @@ int wolfBoot_load_pubkey(const uint8_t* pubkey_hint, WOLFTPM2_KEY* pubKey,
     TPM_ALG_ID* pAlg);
 #endif
 
+#if defined(WOLFBOOT_TPM_KEYSTORE) || defined(WOLFBOOT_TPM_SEAL)
+int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b, uint32_t len);
+#endif
+
 #ifdef WOLFBOOT_TPM_KEYSTORE
 int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint);
 #endif

src/string.c

@@ -27,9 +27,6 @@
 #endif
 
 #include <stddef.h>
-#if defined(_RENESAS_RA_)
-#include <stdint.h>
-#endif
 #if !defined(TARGET_library) && defined(__STDC_HOSTED__) && __STDC_HOSTED__ \
     && !defined(__CCRX__)
 #include <string.h>
@@ -223,18 +220,6 @@ int memcmp(const void *_s1, const void *_s2, size_t n)
     return diff;
 }
 
-int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b, uint32_t len)
-{
-    uint32_t i;
-    uint8_t diff = 0;
-
-    for (i = 0; i < len; i++) {
-        diff |= a[i] ^ b[i];
-    }
-
-    return diff;
-}
-
 void* memchr(void const *s, int c_in, size_t n)
 {
     unsigned char c = (unsigned char)c_in;

src/tpm.c

@@ -44,6 +44,19 @@ WOLFTPM2_KEY     wolftpm_srk;
 #endif
 
 #if defined(WOLFBOOT_TPM_SEAL) || defined(WOLFBOOT_TPM_KEYSTORE)
+int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b,
+    uint32_t len)
+{
+    uint32_t i;
+    uint8_t diff = 0;
+
+    for (i = 0; i < len; i++) {
+        diff |= a[i] ^ b[i];
+    }
+
+    return diff;
+}
+
 void wolfBoot_print_hexstr(const unsigned char* bin, unsigned long sz,
     unsigned long maxLine)
 {

src/update_flash.c

@@ -42,6 +42,19 @@ static void wolfBoot_zeroize(void *ptr, size_t len)
     }
 }
 
+static int wolfBoot_local_constant_compare(const uint8_t* a, const uint8_t* b,
+    uint32_t len)
+{
+    uint32_t i;
+    uint8_t diff = 0;
+
+    for (i = 0; i < len; i++) {
+        diff |= a[i] ^ b[i];
+    }
+
+    return diff;
+}
+
 #ifdef EXT_ENCRYPTED
 int wolfBoot_force_fallback_iv(int enable);
 #include "encrypt.h"
@@ -1293,7 +1306,7 @@ int wolfBoot_unlock_disk(void)
                     secretCheck, &secretCheckSz);
                 if (ret == 0) {
                     if (secretSz != secretCheckSz ||
-                        wolfBoot_constant_compare(secret, secretCheck,
+                        wolfBoot_local_constant_compare(secret, secretCheck,
                             (uint32_t)secretSz) != 0)
                     {
                         wolfBoot_printf("secret check mismatch!\n");

src/x86/ahci.c

@@ -109,6 +109,19 @@ __attribute__((aligned(HBA_TBL_ALIGN)));
 #define AHCI_DEBUG_PRINTF(...) do {} while(0)
 #endif /* DEBUG_AHCI */
 
+static int wolfBoot_local_constant_compare(const uint8_t* a, const uint8_t* b,
+    uint32_t len)
+{
+    uint32_t i;
+    uint8_t diff = 0;
+
+    for (i = 0; i < len; i++) {
+        diff |= a[i] ^ b[i];
+    }
+
+    return diff;
+}
+
 /**
  * @brief Sets the AHCI Base Address Register (ABAR) for the given device.
  *
@@ -296,7 +309,7 @@ static int sata_create_and_seal_unlock_secret(const uint8_t *pubkey_hint,
                               secret_check, &secret_check_sz);
         if (ret == 0) {
             if (*secret_size != secret_check_sz ||
-                wolfBoot_constant_compare(secret, secret_check,
+                wolfBoot_local_constant_compare(secret, secret_check,
                     (uint32_t)secret_check_sz) != 0)
                 {
                     wolfBoot_printf("secret check mismatch!\n");