bootutil: Fix bootutil_find_key return value

mark-horvath-arm · nvlsianpu · commit 7ebf0e8277e8 · 2022-11-25T17:54:03.000+01:00
The return value of bootutil_find_key is used as the key_id in the
bootutil_img_validate function, and negative key_id value used in case
of errors. If MCUBOOT_HW_KEY is set, than the key hash is read by
boot_retrieve_public_key_hash function, but the exceptation is only to
return nonzero on failure, so its error code should not be propagated
up to the caller. Instead, bootutil_find_key should return -1 in case
of a platform error.

Change-Id: I8e2bd12a5cf53787e10ae45c2ab556e8a856692d
Signed-off-by: Mark Horvath &lt;mark.horvath@arm.com&gt;
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
@@ -247,7 +247,7 @@ bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len)
 
     rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size);
     if (rc) {
-        return rc;
+        return -1;
     }
 
     /* Adding hardening to avoid this potential attack:

Original file line number	Diff line number	Diff line change
`@@ -247,7 +247,7 @@ bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len)`
`247`	`247`
`248`	`248`	`rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size);`
`249`	`249`	`if (rc) {`
`250`		`- return rc;`
	`250`	`+ return -1;`
`251`	`251`	`}`
`252`	`252`
`253`	`253`	`/* Adding hardening to avoid this potential attack:`