Example:
keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]'
from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}'
Change-Id: I8cd239880821724050d1716b78851807e0246ef2
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
We don't need our engine to be copied when initialized with
ENGINE_by_id, so just make sure our flags are cleared when we
initialize.
Change-Id: Ie75fad37c2f78a769c425889c1d0661b468cd0c7
The keymaster HAL implementations don't need the delete_keypair method,
but keystore currently throws an error when it's not implemented. This
causes problems with at least the OpenSSL software implementation.
Bug: 6985351
Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8
The peril of not using calloc mean delete_all is not initialized until
we explcitly set it. Explicitly set delete_all to NULL to avoid that.
Change-Id: Ic370453e6142c6d1b2566df9844b4fac4bc53042
ENGINE_by_id will load up multiple copies of the engine which will
create a new ex_data index each time it's called. This change makes sure
the ex_data index is only initialized once.
Change-Id: I5e197faf6273ec3b3cafcbeadf7da8ec04a4f50b
This is so that Face Unlock can be a valid option for a lockscreen.
Otherwise get a PERMISSION_DENIED when uid = 101000.
Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e
Turn on the compiler flags -Wall -Wextra -Werror to make sure no
compiler warnings are added to the project.
Eliminate all unused arguments. Remove unused variables in code.
Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c
Old key types were not distinguished by the keystore itself. This change
takes some of the reserved fields in the old format and changes it to a
version number and key type.
Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996
To allow efficient deletion by hardware keymaster modules, add a direct
delete_all call when keystore is reset. This will also probably fix
problems where the hardware keymaster gets more keys than keystore knows
about and fills up its storage.
Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2
Add hardware crypto capabilities to keystore. This allows hardware
escrow of private key material.
There is also an OpenSSL engine that connects to keystore to allow use
of the keystore keys from native code built into the platform.
This includes a software implementation of keymaster using OpenSSL
as the backend. This is just as insecure as the previous solution,
but it's needed so devices without hardware support can continue
to operate in the new scheme without a lot of compatibility code.
Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f
Add a libkeystore_client.so library for clients to use.
Add const-correctness to the keystore.cpp classes.
Increase maximum arguments for future work.
Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2
