image: restore ct compare contract

danielinux · danielinux · commit c1b2c40a40e7 · 2026-04-10T21:22:26.000+02:00
Make image_CT_compare return 0 on match again and update RSA hash checks plus delta base-hash validation to use the original semantics.

F/CI
diff --git a/include/image.h b/include/image.h
@@ -426,7 +426,7 @@ static void __attribute__((noinline)) wolfBoot_image_clear_signature_ok(
         asm volatile("mov r0, #50":::"r0"); \
         compare_res = image_CT_compare(digest, img->sha_hash, \
             WOLFBOOT_SHA_DIGEST_SIZE); \
-        /* Redundant checks that ensure the function actually returned 1 */ \
+        /* Redundant checks that ensure the function actually returned 0 */ \
         asm volatile("cmp r0, #0":::"cc"); \
         asm volatile("cmp r0, #0":::"cc"); \
         asm volatile("cmp r0, #0":::"cc"); \
@@ -447,7 +447,7 @@ static void __attribute__((noinline)) wolfBoot_image_clear_signature_ok(
         compare_res = image_CT_compare(digest, img->sha_hash, \
             WOLFBOOT_SHA_DIGEST_SIZE); \
         compare_res; \
-        /* Redundant checks that ensure the function actually returned 1 */ \
+        /* Redundant checks that ensure the function actually returned 0 */ \
         asm volatile("cmp r0, #0":::"cc"); \
         asm volatile("cmp r0, #0":::"cc"); \
         asm volatile("cmp r0, #0":::"cc"); \
@@ -1236,7 +1236,7 @@ static void UNUSEDFUNCTION wolfBoot_image_clear_signature_ok(
     ret = fn(__VA_ARGS__);
 
 #define RSA_VERIFY_HASH(img,digest) \
-    if (image_CT_compare(img->sha_hash, digest, WOLFBOOT_SHA_DIGEST_SIZE)) \
+    if (image_CT_compare(img->sha_hash, digest, WOLFBOOT_SHA_DIGEST_SIZE) == 0) \
         wolfBoot_image_confirm_signature_ok(img);
 
 #define PART_SANITY_CHECK(p) \
diff --git a/src/image.c b/src/image.c
@@ -68,7 +68,7 @@ int __attribute__((noinline)) image_CT_compare(
         diff |= expected[i] ^ actual[i];
     }
 
-    return diff == 0;
+    return diff;
 }
 
 #if defined(WOLFBOOT_CERT_CHAIN_VERIFY) && \
@@ -1551,7 +1551,7 @@ int wolfBoot_verify_integrity(struct wolfBoot_image *img)
         return -1;
     if (image_hash(img, digest) != 0)
         return -1;
-    if (!image_CT_compare(digest, stored_sha, stored_sha_len))
+    if (image_CT_compare(digest, stored_sha, stored_sha_len) != 0)
         return -1;
     img->sha_ok = 1;
     img->sha_hash = stored_sha;
@@ -1990,7 +1990,7 @@ int wolfBoot_check_flash_image_elf(uint8_t part, unsigned long* entry_out)
 
     /* Finalize SHA calculation */
     final_hash(&ctx, calc_digest);
-    if (!image_CT_compare(exp_digest, calc_digest, WOLFBOOT_SHA_DIGEST_SIZE)) {
+    if (image_CT_compare(exp_digest, calc_digest, WOLFBOOT_SHA_DIGEST_SIZE) != 0) {
         wolfBoot_printf("ELF: [CHECK] SHA verification FAILED\n");
         wolfBoot_printf(
             "ELF: [CHECK] Expected   %02x%02x%02x%02x%02x%02x%02x%02x\n",
diff --git a/src/update_flash.c b/src/update_flash.c
@@ -667,7 +667,7 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,
                 cur_v, delta_base_v);
             ret = -1;
         } else if (!resume && delta_base_hash &&
-                !image_CT_compare(base_hash, delta_base_hash, base_hash_sz)) {
+                image_CT_compare(base_hash, delta_base_hash, base_hash_sz) != 0) {
             /* Wrong base image digest, cannot apply delta patch */
             wolfBoot_printf("Delta Base hash mismatch\n");
             ret = -1;
