Age | Commit message (Collapse) | Author |
|
Bug: 22914603
Change-Id: I9279df29ec06e07fbd60427e22b8f7a74648c8ed
|
|
Also, ensure that we always put some error on the OpenSSL error queue
whenever a wrapped keymaster0 operation fails. Higher layers will look
a the last entry on the queue and use it to determine what error code to
return. Not putting any error on the queue means that those higher
layers will get whatever error was last enqueued, making the result
effectively random. Non-determinism bad.
Bug: 25337630
Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
|
|
When RSA messages that are shorter than the key size, and padding is not
applied, BoringSSL (sensbibly) refuses, because odds are very high that
the caller is doing something dumb. However, this causes some (dumb)
things that used to work to no longer work.
This CL also fixes the error code returned when a message is signed or
encrypted which is the same length as the public modulus but is
numerically larger than or equal to the public modulus. Rather than
KM_ERROR_UNKNOWN_ERROR, it now returns KM_ERROR_INVALID_ARGUMENT.
Bug: 22599805
Change-Id: I99aca5516b092f3676ffdc6c5de39f2777e3d275
|
|
Bug: 22405614
Change-Id: Ia5eb67a571a9d46acca4b4e708bb8178bd3acd0d
|
|
Also switch to using the EVP APIs where possible for RSA ops.
Change-Id: I092a5c7598073980d36ce5137cfe17f0499a10b9
|
|
Change-Id: Ie9bcbcb33f7904fbffef9dee4f5b4203b1d8f888
(cherry picked from commit b17720bd6675de8d3925ea7fb2ea5c7a8f773ac4)
|
|
This created a build breakage in Trusty, and so was reverted in AOSP. Reverting here to sync.
This reverts commit de4ffa99837df492faca1ded33b14446c4a5c9be.
Change-Id: I80ffcb8f432e4af849aae49f40d313dd475d47fc
|
|
Android has switched from OpenSSL to BoringSSL. There were various
accommodations in the code for supporting both, but coming changes make
maintaining that support more difficult than it's worth, I'm abandoning
OpenSSL.
Change-Id: I9203c0215537c7f7aa2a89859ea52ff0f0582a9e
(cherry picked from commit 9011d1ae960beb29ba50634813c28892e738aac7)
|
|
Bug: 19603049
Bug: 19509317
Change-Id: I041c973802e6c567adc5b1f280fc5bac27ba28d6
|
|
The OpenSSL error code system really doesn't work very well. The values
export far too much of the internals (including internal function
names!) and so are quite unstable. Really they're only suitable for
printing out.
However, people do need to programatically handle errors in some cases
and since the error queue is all there is, that's what one has to use.
This change updates the error handling in the light of BoringSSL.
Change-Id: I3cc99729e755a7e8e28d399631d7c4b2408c877a
|
|
Bug: 19507949
Change-Id: I8d499868173e476f5e9f92a7b0e518c3163815ac
|