Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 7f30e5415896226e1aa9d4903593dc7fc868c2e7^! / . / diced / open_dice / src / dice.rs
commit7f30e5415896226e1aa9d4903593dc7fc868c2e7[log] [tgz]
authorAndrew Walbran <qwandor@google.com>Fri Jul 07 13:42:25 2023 +0100
committerAndrew Walbran <qwandor@google.com>Fri Jul 07 13:42:25 2023 +0100
treeaa4b4804f3afca41df612d2fe021e56c30112b45
parentd6f1ea334492159eda6e826b1c0855c71c29f3e2 [diff] [blame]
Standardise safety comments for unsafe blocks.

These will soon be required by a lint.

Bug: 290018030
Test: m pvmfw_bin
Change-Id: I4faf7eb14eb8825af542c2da886d93c096068cb6

diff --git a/diced/open_dice/src/dice.rs b/diced/open_dice/src/dice.rs
index 0704d21..e42e373 100644
--- a/diced/open_dice/src/dice.rs
+++ b/diced/open_dice/src/dice.rs

@@ -217,9 +217,9 @@
 /// Derives a CDI private key seed from a `cdi_attest` value.
 pub fn derive_cdi_private_key_seed(cdi_attest: &Cdi) -> Result<PrivateKeySeed> {
     let mut seed = PrivateKeySeed::default();
-    // SAFETY: The function writes to the buffer within the given bounds, and only reads the
-    // input values. The first argument context is not used in this function.
     check_result(
+        // SAFETY: The function writes to the buffer within the given bounds, and only reads the
+        // input values. The first argument context is not used in this function.
         unsafe {
             DiceDeriveCdiPrivateKeySeed(
                 ptr::null_mut(), // context
@@ -235,9 +235,9 @@
 /// Derives an ID from the given `cdi_public_key` value.
 pub fn derive_cdi_certificate_id(cdi_public_key: &[u8]) -> Result<DiceId> {
     let mut id = [0u8; ID_SIZE];
-    // SAFETY: The function writes to the buffer within the given bounds, and only reads the
-    // input values. The first argument context is not used in this function.
     check_result(
+        // SAFETY: The function writes to the buffer within the given bounds, and only reads the
+        // input values. The first argument context is not used in this function.
         unsafe {
             DiceDeriveCdiCertificateId(
                 ptr::null_mut(), // context
@@ -264,10 +264,10 @@
     next_cdi_values: &mut CdiValues,
 ) -> Result<usize> {
     let mut next_cdi_certificate_actual_size = 0;
-    // SAFETY: The function only reads the current CDI values and inputs and writes
-    // to `next_cdi_certificate` and next CDI values within its bounds.
-    // The first argument can be null and is not used in the current implementation.
     check_result(
+        // SAFETY: The function only reads the current CDI values and inputs and writes
+        // to `next_cdi_certificate` and next CDI values within its bounds.
+        // The first argument can be null and is not used in the current implementation.
         unsafe {
             DiceMainFlow(
                 ptr::null_mut(), // context