The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
Keymaster VTS is failing to verify that the last certificate in the
chain is self-signed. CTS and GTS tests verify this, but it should be
validated at this level as well.
Bug: 79123157
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I5ff33fc8186182c2cf8d43d90cd59f89ce45d416
This test was added on a bad assumption about the behavior of the
keymaster spec, and is now being removed.
Test: VTS
Bug: 77307569
Change-Id: Iac2f6f45ea1816505ff3b47bbdc548ff1161c96b
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: Id19d19b19532ac8d4c52aad46a954faa4515289d
Change-Id: Id19d19b19532ac8d4c52aad46a954faa4515289d
(cherry picked from commit 1840be6d35)
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit 95b60a0f41.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I2893c23ab173ff5c39085d56b555e54770900cbc
OpenSSL changes error code of large RSA data from
KM_ERROR_INVALID_INPUT_LENGTH to KM_ERROR_INVALID_ARGUMENT which causes
HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and
HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge tests failed.
Fix keymaster VTS to accept both the error codes.
Bug: 68289922
Test: HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and
HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLargeHidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge
and HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge are
passed after applying this modification and other Keymaster 3.0
VTS test cases are not affected.
Change-Id: I493bfa1c6e4b69560dfae3585a416b5c3d33e215
KM0 supports only asymmetric encryption. And for those we cannot
distinguish between imported and generated keys.
This patch adds correct handling for KM0 origin tags.
Test: run vts test with wrapped km0 module from
system/security/softkeymaster
Bug: 67358942
Bug: 67363396
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I7f5ddd21dde284dbfbd68b3b83fb75c1457dbd59
Some RSA operation tests expect ErrorCode::INVALID_ARGUMENT
and others ErrorCode::INVALID_INPUT_LENGTH for the same
diagnosed syndrome, i.e., the input message was too long.
This patch relaxes the expectations on one of these tests
expecting ErrorCode::INVALID_INPUT_LENGTH, to also accept the
more consistent ErrorCode::INVALID_ARGUMENT.
Bug: 67358942
Bug: 67359132
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I573d3a01b052f0256611064f23ae791007cf7122
A pair of tests that send corrupted data to keymaster were disabled
because they cause a reboot on Angler and Bullhead. Because VTS is not
being run on those devices, I'm enabling them.
Separately, I'm going to get this bug triaged as a security
vulnerability, which may result in a fix being forthcoming. As a simple
functional defect, the vendor refused to fix the old devices.
Bug: 33385206
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: I3bdea4e9756d3f77d54de09fd7ed2de04edeb1fd
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.
Merged-In: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.
Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
Support for 256 bit RSA keys are not mandated by keymaster specs and
must not be used in the VTS tests.
Bug: 62581389
Change-Id: If315088db2752ac2efe31fdb95db7ca13c3ce225
The attestation version cannot be infered from the keymaster version
because we provide software attestation for legacy keymaster 1 keys.
This patch changes the attestation test to expect either attestation
version 1 or 2.
Bug: 37351644
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I4db83a543db20191d288b2ca8308aa6597cd8e22
DeleteKey may legitimately return ErrorCode::UNIMPLEMENTED rather than
ErrorCode::OK, but the VTS test didn't allow that in all cases. In many
case the return code was also left unchecked.
Test: adb shell/data/nativetest64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Bug: 62193967
Change-Id: I19a90a87850675b0700baf7409e57098e0584d54
The tests added verify that a generated key is no longer usable
after it was
- explicictely deleted with deleteKey, or
- all keys where deleted with deleteAllKeys.
Bug: 32022681
Test: make vts -j30 BUILD_GOOGLE_VTS=true TARGET_PRODUCT=aosp_arm64 &&
vts-tradefed run commandAndExit vts --skip-all-system-status-check
--primary-abi-only --skip-preconditions
--module VtsHalKeymasterV3_0TargetTest -l INFO
Change-Id: I172ee5d3ccf1850c3c92d3a1a9e991f46b07a0e3
Note: Recent Google devices have keymaster implementations that don't
pass this test suite. See https://goo.gl/6hsGwa for a summary.
Bug: 32022681
Test: This is the test suite.
Change-Id: Ib200b68e0c7844df02eb9f086385d6c36e306d45
