| dbc2184e | 08-Dec-2021 |
Ruchika Gupta <ruchika.gupta@linaro.org> |
ta: pkcs11: Fix memory leak
When sanitizing indirect templates, obj2 was getting allocated
twice leading to memory leak.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne
ta: pkcs11: Fix memory leak
When sanitizing indirect templates, obj2 was getting allocated
twice leading to memory leak.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/5022
show more ...
|
| a5ea52c2 | 08-Oct-2021 |
Elvira Khabirova <e.khabirova@omp.ru> |
ta: pkcs11: fix a double-free
entry_processing_key() frees out_buf on error from
derive_key_by_symm_enc(). Before this change, that led to a double-free.
Fixes: 8c499324e457 ("ta: pkcs11: Add funct
ta: pkcs11: fix a double-free
entry_processing_key() frees out_buf on error from
derive_key_by_symm_enc(). Before this change, that led to a double-free.
Fixes: 8c499324e457 ("ta: pkcs11: Add function to set key data")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
show more ...
|
| 70b6683b | 03-Jun-2021 |
Victor Chong <victor.chong@linaro.org> |
ta: pkcs11: Add support for more HMAC mechanisms
Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <et
ta: pkcs11: Add support for more HMAC mechanisms
Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
show more ...
|
| 42765f82 | 12-Jul-2021 |
Victor Chong <victor.chong@linaro.org> |
ta: pkcs11: Fix sign size comparison
The current check does not take into account input signature sizes that
are larger than the hash size, which are invalid and should return an
error. The input si
ta: pkcs11: Fix sign size comparison
The current check does not take into account input signature sizes that
are larger than the hash size, which are invalid and should return an
error. The input signature size can be less than the hash size, but not
for the mechanisms the function is currently used for. Change the check
to match exactly the hash size.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
show more ...
|
| 95636b36 | 25-Aug-2021 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: make heap size configurable
Add a configuration switch for the PKCS11 TA heap size defaulting
to 16kB as legacy.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-b
ta: pkcs11: make heap size configurable
Add a configuration switch for the PKCS11 TA heap size defaulting
to 16kB as legacy.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
show more ...
|
| edce8377 | 25-Aug-2021 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: describe CFG_PKCS11_TA_TOKEN_COUNT
Add a default value and a description for PKCS11 TA config switch
CFG_PKCS11_TA_TOKEN_COUNT in ta/pkcs11/sub.mk.
Signed-off-by: Etienne Carriere <etie
ta: pkcs11: describe CFG_PKCS11_TA_TOKEN_COUNT
Add a default value and a description for PKCS11 TA config switch
CFG_PKCS11_TA_TOKEN_COUNT in ta/pkcs11/sub.mk.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
show more ...
|
| 06bc8d19 | 25-Aug-2021 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: move default config to ta sub.mk
Move PKCS#11 TA default configuration settings from mk/config.mk
to ta/pkcs11/sub.mk.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Revi
ta: pkcs11: move default config to ta sub.mk
Move PKCS#11 TA default configuration settings from mk/config.mk
to ta/pkcs11/sub.mk.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
show more ...
|
| 9df68186 | 24-Aug-2021 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: fix error code in asymmetric signature update sequence
Correct return code in asymmetric update sequence when digest of
the input data is updated on a multi-stage operation. Prior this
c
ta: pkcs11: fix error code in asymmetric signature update sequence
Correct return code in asymmetric update sequence when digest of
the input data is updated on a multi-stage operation. Prior this
change, the implementation returned CKR_GENERAL_ERROR instead of
CKR_OK because the expected success return value was loaded for
that stage.
Fixes: fb279d8b608e ("ta: pkcs11: Add support for elliptic curve signing & verification")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
show more ...
|
| 324b9e14 | 18-Jul-2021 |
Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> |
ta: pkcs11: Enforce that helpers are up to date
During each build enforce that src/pkcs11-helpers.c is up to date.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etie
ta: pkcs11: Enforce that helpers are up to date
During each build enforce that src/pkcs11-helpers.c is up to date.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| f3cc23fe | 18-Jul-2021 |
Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> |
ta: pkcs11: Add missing PKCS11_CKR_ helpers
Adds used but missing PKCS11_CKR_ helpers:
- PKCS11_CKR_KEY_TYPE_INCONSISTENT
- PKCS11_CKR_KEY_NOT_WRAPPABLE
- PKCS11_CKR_KEY_UNEXTRACTABLE
Signed-off-by
ta: pkcs11: Add missing PKCS11_CKR_ helpers
Adds used but missing PKCS11_CKR_ helpers:
- PKCS11_CKR_KEY_TYPE_INCONSISTENT
- PKCS11_CKR_KEY_NOT_WRAPPABLE
- PKCS11_CKR_KEY_UNEXTRACTABLE
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| 73124d51 | 18-Jul-2021 |
Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> |
ta: pkcs11: Sort PKCS11_CKR_ helper lines
Sort PKCS11_CKR_ helper lines to match their order in pkcs11_ta.h.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Ca
ta: pkcs11: Sort PKCS11_CKR_ helper lines
Sort PKCS11_CKR_ helper lines to match their order in pkcs11_ta.h.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
show more ...
|