bootutil: Fix bootutil_find_key return value

The return value of bootutil_find_key is used as the key_id in the
bootutil_img_validate function, and negative key_id value used in case
of errors. If MCUBOOT_HW_KEY is set, than the key hash is read by
boot_retrieve_public_key_hash function, but the exceptation is only to
return nonzero on failure, so its error code should not be propagated
up to the caller. Instead, bootutil_find_key should return -1 in case
of a platform error.

Change-Id: I8e2bd12a5cf53787e10ae45c2ab556e8a856692d
Signed-off-by: Mark Horvath <mark.horvath@arm.com>
This commit is contained in:
Mark Horvath 2021-02-19 09:55:35 +01:00 committed by Andrzej Puzdrowski
parent 82ee5d0bb9
commit 7ebf0e8277
1 changed files with 1 additions and 1 deletions

View File

@ -247,7 +247,7 @@ bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len)
rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size); rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size);
if (rc) { if (rc) {
return rc; return -1;
} }
/* Adding hardening to avoid this potential attack: /* Adding hardening to avoid this potential attack: