system/keymaster: update BoringSSL error mapping.
Fix keymaster to unblock the BoringSSL update. Some error strings no longer
exist. Each of these was unreachable, so I haven't bothered replacing the
mapping.
- EVP_R_EXPECTING_A_DH_KEY. This was not reachable in keymaster. It's only
emitted by the EVP_PKEY_get0_DH and EVP_PKEY_get1_DH functions which are
never called by keymaster. In BoringSSL, since DH EVP_PKEYs never existed, it
was impossible for those functions to succeed.
- EVP_R_WRONG_PUBLIC_KEY_TYPE. In OpenSSL, this was only ever emitted in the
deprecated EVP_SignFinal and EVP_VerifyFinal functions, which keymaster
doesn't use. In BoringSSL, this was emitted as part of X509_verify which is
not used in keymaster (outside of some test code). To align with OpenSSL and
avoid churn in the future, BoringSSL has since switched that to
ASN1_R_WRONG_PUBLIC_KEY_TYPE to match OpenSSL's X509_verify behavior.
- EVP_R_UNKNOWN_DIGEST. In OpenSSL, this was only ever emitted in some PBE code
which is not reachable from keymaster. In BoringSSL, this was only emitted as
part of RSA-PSS code in X509_verify, which is not used in keymaster. The
corresponding OpenSSL error was RSA_R_UNKNOWN_DIGEST which keymaster was not
paying attention to before. BoringSSL currently maps most RSA-PSS parse
errors to X509_R_INVALID_PSS_PARAMETERS for simplicity since no one ever
needed to condition on the old RSA_R_ errors in OpenSSL.
Change-Id: I8ffba5bc5fd1b703fc186fbddce50504f90c1029
1 file changed