Address comments from aosp/1588677
Test: atest CtsKeystoreTestCases
Change-Id: I8b00c59bd68ae9c7bde7ae8154020301c5e839ae
diff --git a/keystore2/src/crypto/crypto.hpp b/keystore2/src/crypto/crypto.hpp
index 1b8971f..6686c8c 100644
--- a/keystore2/src/crypto/crypto.hpp
+++ b/keystore2/src/crypto/crypto.hpp
@@ -67,7 +67,7 @@
// cert_len, extract the subject, DER-encode it and write the result to
// subject_buf, which has subject_buf_len capacity.
//
-// Because the length of the issuer is unknown, and becaue we'd like to (a) be
+// Because the length of the subject is unknown, and because we'd like to (a) be
// able to handle subjects of any size and (b) avoid parsing the certificate
// twice most of the time, once to discover the length and once to parse it, the
// return value is overloaded.
diff --git a/keystore2/src/crypto/lib.rs b/keystore2/src/crypto/lib.rs
index f23778c..77dab67 100644
--- a/keystore2/src/crypto/lib.rs
+++ b/keystore2/src/crypto/lib.rs
@@ -354,11 +354,13 @@
Ok(OwnedECPoint(result))
}
-/// Uses BoringSSL to extract the DER-encoded issuer subject from a
-/// DER-encoded X.509 certificate.
-pub fn parse_issuer_subject_from_certificate(cert_buf: &[u8]) -> Result<Vec<u8>, Error> {
+/// Uses BoringSSL to extract the DER-encoded subject from a DER-encoded X.509 certificate.
+pub fn parse_subject_from_certificate(cert_buf: &[u8]) -> Result<Vec<u8>, Error> {
// Try with a 200-byte output buffer, should be enough in all but bizarre cases.
let mut retval = vec![0; 200];
+
+ // Safety: extractSubjectFromCertificate reads at most cert_buf.len() bytes from cert_buf and
+ // writes at most retval.len() bytes to retval.
let mut size = unsafe {
extractSubjectFromCertificate(
cert_buf.as_ptr(),
@@ -374,12 +376,11 @@
if size < 0 {
// Our buffer wasn't big enough. Make one that is just the right size and try again.
- let negated_size = usize::try_from(-size);
- retval = match negated_size.ok() {
- None => return Err(Error::ExtractSubjectFailed),
- Some(size) => vec![0; size],
- };
+ let negated_size = usize::try_from(-size).map_err(|_e| Error::ExtractSubjectFailed)?;
+ retval = vec![0; negated_size];
+ // Safety: extractSubjectFromCertificate reads at most cert_buf.len() bytes from cert_buf
+ // and writes at most retval.len() bytes to retval.
size = unsafe {
extractSubjectFromCertificate(
cert_buf.as_ptr(),
@@ -395,14 +396,8 @@
}
// Reduce buffer size to the amount written.
- let safe_size = usize::try_from(size);
- retval.resize(
- match safe_size.ok() {
- None => return Err(Error::ExtractSubjectFailed),
- Some(size) => size,
- },
- 0,
- );
+ let safe_size = usize::try_from(size).map_err(|_e| Error::ExtractSubjectFailed)?;
+ retval.truncate(safe_size);
Ok(retval)
}
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 5e1ce84..50cb9bf 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -53,7 +53,7 @@
};
use anyhow::{anyhow, Context, Result};
use binder::{IBinder, Strong, ThreadState};
-use keystore2_crypto::parse_issuer_subject_from_certificate;
+use keystore2_crypto::parse_subject_from_certificate;
/// Implementation of the IKeystoreSecurityLevel Interface.
pub struct KeystoreSecurityLevel {
@@ -431,7 +431,7 @@
.load_attest_key_blob_and_cert(&key, caller_uid)
.context("In get_attest_key: Failed to load blob and cert")?;
- let issuer_subject: Vec<u8> = parse_issuer_subject_from_certificate(&cert)
+ let issuer_subject: Vec<u8> = parse_subject_from_certificate(&cert)
.context("In get_attest_key: Failed to parse subject from certificate.")?;
Ok(AttestationKey {