From eabd9d6d2ac5b50dc06eb0c9ac2c3d8715eec030 Mon Sep 17 00:00:00 2001 From: Brian J Murray Date: Thu, 6 Jan 2022 15:13:51 -0800 Subject: Verify op_ is not a nullptr If op_ is a nullptr, the test runner can SIGSEGV. Test: manual, atest EncryptionOperationsTest#TripleDesCbcPkcs7PaddingCorrupted Bug: None Signed-off-by: Brian J Murray Change-Id: Ibdd6139952ca8bc83ac1a82202839feee39562e1 --- security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp') diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 3695f1e094..02462fce3a 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -537,6 +537,9 @@ ErrorCode KeyMintAidlTestBase::Update(const string& input, string* output) { Status result; if (!output) return ErrorCode::UNEXPECTED_NULL_POINTER; + EXPECT_NE(op_, nullptr); + if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER; + std::vector o_put; result = op_->update(vector(input.begin(), input.end()), {}, {}, &o_put); -- cgit v1.2.3 From ab1851e9f2c40942fff243504788795aeaf89961 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Tue, 14 Dec 2021 14:32:51 +0000 Subject: Alter spec text for RSA-PSS to match reality The Key{Mint,Master} spec previously said that RSA-PSS mode should use SHA-1 for the MGF1 digest, separately from whatever Tag::DIGEST gets specified as the main digest. However, both the reference implementation and the VTS/CTS tests use BoringSSL's defaults, which is to re-use the main digest as the MGF1 digest if none is separately specified. Given that this behaviour is embedded in many implementations over several years (and given that there isn't a security implication), change the spec to match this behaviour. Also update the VTS test code to make this clear/obvious. Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest Bug: 210424594 Change-Id: I4303f28d094ef4d4b9dc931d6728b1fa040de20d Ignore-AOSP-First: target internal master first due to merge conflict --- security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp') diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 02462fce3a..374f2da7a8 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -812,6 +812,7 @@ void KeyMintAidlTestBase::LocalVerifyMessage(const string& message, const string if (padding == PaddingMode::RSA_PSS) { EXPECT_GT(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING), 0); EXPECT_GT(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, EVP_MD_size(md)), 0); + EXPECT_GT(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, md), 0); } ASSERT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, -- cgit v1.2.3