aesSignature() function in
BEM/app/bem_main.c uses Message Authentication Code (MAC) to verify the OAD
image signature.
The signature verification
implementation uses a non-constant time memcmp function, which potentially enables
the MAC check to be vulnerable to a timing attack.