commit 000595b74791662bf060510422ffa49948531a05
author Alice Wang <aliceywang@google.com> Mon Oct 02 13:46:45 2023 +0000
committer Alice Wang <aliceywang@google.com> Tue Nov 14 14:57:05 2023 +0000
tree 08269de4a7c291211ad7156fdb6ed2a6fb162e4f
parent de6bee5fffdb1df91f0250a38c6f238888a4feaf

[rkp] Restore the EC_Key from the remotely provisioned key blob

This cl builds EcKey from the decrypted remotely provisioned
key blob inside the service VM.

The restored EC_Key will be used to sign the new certificate to
be appended to the remotely provisioned cert chain using ECDSA.

An implementation of __memset_chk has been added because it is
needed by BoringSSL.

Bug: 241428146
Test: atest libbssl_avf_nostd.test rialto_test
Change-Id: I805c73efa309c01f55eb13a085dcca36f1e39f54

vmbase/src/heap.rs

diff --git a/vmbase/src/heap.rs b/vmbase/src/heap.rs
index ec03d38..99c06aa 100644
--- a/vmbase/src/heap.rs
+++ b/vmbase/src/heap.rs
@@ -86,6 +86,21 @@
 }
 
 #[no_mangle]
+unsafe extern "C" fn __memset_chk(
+    dest: *mut c_void,
+    val: u8,
+    len: usize,
+    destlen: usize,
+) -> *mut c_void {
+    assert!(len <= destlen, "memset buffer overflow detected");
+    // SAFETY: `dest` is valid for writes of `len` bytes.
+    unsafe {
+        ptr::write_bytes(dest, val, len);
+    }
+    dest
+}
+
+#[no_mangle]
 /// SAFETY: ptr must be null or point to a currently-allocated block returned by allocate (either
 /// directly or via malloc or calloc). Note that this function is called directly from C, so we have
 /// to trust that the C code is doing the right thing; there are checks below which will catch some