[PATCH v1 1/1] rsa: fix incorrect positive EINVAL in padding_pss_verify()

[Aristo Chen]

All other error paths in padding_pss_verify() return negative error
codes (-EINVAL, -ENOMEM), which is the same as the rest of the U-Boot
RSA stack. The positive value is inconsistent with U-Boot's convention
and is a potential bug: any caller that tests (ret < 0) to detect
failure would incorrectly treat a malformed PSS signature as a success.

Signed-off-by: Aristo Chen <aristo.chen at canonical.com>
---
 lib/rsa/rsa-verify.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 3169c3a6dd1..28d1a915d94 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -274,7 +274,7 @@ int padding_pss_verify(struct image_sign_info *info,
 	if (db_nopad[0] != 0x01) {
 		printf("%s: invalid pss padding ", __func__);
 		printf("(leftmost byte of db after 0-padding isn't 0x01)\n");
-		ret = EINVAL;
+		ret = -EINVAL;
 		goto out;
 	}
 
-- 
2.43.0