system/keymaster.git -

Age	Commit message (Collapse)	Author
2016-01-26	Add utilities to format/parse ASN.1 attestation records.	Shawn Willden
	Bug: 22914603 Change-Id: I9279df29ec06e07fbd60427e22b8f7a74648c8ed
2015-10-28	Return correct error from keymaster0engine for large RSA input	Shawn Willden
	Also, ensure that we always put some error on the OpenSSL error queue whenever a wrapped keymaster0 operation fails. Higher layers will look a the last entry on the queue and use it to determine what error code to return. Not putting any error on the queue means that those higher layers will get whatever error was last enqueued, making the result effectively random. Non-determinism bad. Bug: 25337630 Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
2015-07-30	Left-pad messages when doing "unpadded" RSA operations.marshmallow-dev	Shawn Willden
	When RSA messages that are shorter than the key size, and padding is not applied, BoringSSL (sensbibly) refuses, because odds are very high that the caller is doing something dumb. However, this causes some (dumb) things that used to work to no longer work. This CL also fixes the error code returned when a message is signed or encrypted which is the same length as the public modulus but is numerically larger than or equal to the public modulus. Rather than KM_ERROR_UNKNOWN_ERROR, it now returns KM_ERROR_INVALID_ARGUMENT. Bug: 22599805 Change-Id: I99aca5516b092f3676ffdc6c5de39f2777e3d275
2015-07-14	Use specified digest for RSA OAEP.	Shawn Willden
	Bug: 22405614 Change-Id: Ia5eb67a571a9d46acca4b4e708bb8178bd3acd0d
2015-06-01	Support all digests for RSA.	Shawn Willden
	Also switch to using the EVP APIs where possible for RSA ops. Change-Id: I092a5c7598073980d36ce5137cfe17f0499a10b9
2015-05-09	keymaster: support building with tip-of-tree BoringSSL.	Adam Langley
	Change-Id: Ie9bcbcb33f7904fbffef9dee4f5b4203b1d8f888 (cherry picked from commit b17720bd6675de8d3925ea7fb2ea5c7a8f773ac4)
2015-05-09	Revert "Remove compatibility with OpenSSL."	Shawn Willden
	This created a build breakage in Trusty, and so was reverted in AOSP. Reverting here to sync. This reverts commit de4ffa99837df492faca1ded33b14446c4a5c9be. Change-Id: I80ffcb8f432e4af849aae49f40d313dd475d47fc
2015-05-07	Remove compatibility with OpenSSL.	Shawn Willden
	Android has switched from OpenSSL to BoringSSL. There were various accommodations in the code for supporting both, but coming changes make maintaining that support more difficult than it's worth, I'm abandoning OpenSSL. Change-Id: I9203c0215537c7f7aa2a89859ea52ff0f0582a9e (cherry picked from commit 9011d1ae960beb29ba50634813c28892e738aac7)
2015-03-23	Improve error reporting and logging.	Shawn Willden
	Bug: 19603049 Bug: 19509317 Change-Id: I041c973802e6c567adc5b1f280fc5bac27ba28d6
2015-02-26	Update OpenSSL error codes for BoringSSL.	Adam Langley
	The OpenSSL error code system really doesn't work very well. The values export far too much of the internals (including internal function names!) and so are quite unstable. Really they're only suitable for printing out. However, people do need to programatically handle errors in some cases and since the error queue is all there is, that's what one has to use. This change updates the error handling in the light of BoringSSL. Change-Id: I3cc99729e755a7e8e28d399631d7c4b2408c877a
2015-02-25	Add OpenSSL error translation utility.	Shawn Willden
	Bug: 19507949 Change-Id: I8d499868173e476f5e9f92a7b0e518c3163815ac