[nrf fromtree] bootutil: Fix FIH return type for EC256

Roland Mikhel · carlescufi · commit 60b2d401add1 · 2023-05-04T15:32:17.000+02:00
For bootutil_verify_sig the declaration expects fih_ret as the return type not fih_int, this has now been fixed. Signed-off-by: Roland Mikhel <roland.mikhel@arm.com> Change-Id: If5943758bebdbf401b1eb387de334fa19a3a7781 (cherry picked from commit 186ac88) Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
@@ -34,7 +34,7 @@
 #include "bootutil/fault_injection_hardening.h"
 #include "bootutil/crypto/ecdsa_p256.h"
 
-fih_int
+fih_ret
 bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
                     uint8_t key_id)
 {
@@ -50,11 +50,16 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
 
     rc = bootutil_ecdsa_p256_parse_public_key(&ctx, &pubkey, end);
     if (rc) {
+        goto out;
+    }
+
+    rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, end-pubkey, hash, hlen, sig, slen);
+    fih_rc = fih_ret_encode_zero_equality(rc);
+    if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
         FIH_SET(fih_rc, FIH_FAILURE);
-        FIH_RET(fih_rc);
     }
 
-    FIH_CALL(bootutil_ecdsa_p256_verify, fih_rc, &ctx, pubkey, end-pubkey, hash, hlen, sig, slen);
+out:
     bootutil_ecdsa_p256_drop(&ctx);
 
     FIH_RET(fih_rc);
