diff options
| -rw-r--r-- | libs/binder/RpcCertificateUtils.cpp | 17 | ||||
| -rw-r--r-- | libs/binder/include/binder/CertificateFormat.h | 4 | ||||
| -rw-r--r-- | libs/binder/tests/binderRpcTest.cpp | 1 |
3 files changed, 21 insertions, 1 deletions
diff --git a/libs/binder/RpcCertificateUtils.cpp b/libs/binder/RpcCertificateUtils.cpp index d0ea3c71ad..2aec2f6f57 100644 --- a/libs/binder/RpcCertificateUtils.cpp +++ b/libs/binder/RpcCertificateUtils.cpp @@ -31,6 +31,18 @@ bssl::UniquePtr<X509> fromPem(const std::vector<uint8_t>& cert) { return bssl::UniquePtr<X509>(PEM_read_bio_X509(certBio.get(), nullptr, nullptr, nullptr)); } +bssl::UniquePtr<X509> fromDer(const std::vector<uint8_t>& cert) { + if (cert.size() > std::numeric_limits<long>::max()) return nullptr; + const unsigned char* data = cert.data(); + auto expectedEnd = data + cert.size(); + bssl::UniquePtr<X509> ret(d2i_X509(nullptr, &data, static_cast<long>(cert.size()))); + if (data != expectedEnd) { + ALOGE("%s: %td bytes remaining!", __PRETTY_FUNCTION__, expectedEnd - data); + return nullptr; + } + return ret; +} + } // namespace bssl::UniquePtr<X509> deserializeCertificate(const std::vector<uint8_t>& cert, @@ -38,6 +50,8 @@ bssl::UniquePtr<X509> deserializeCertificate(const std::vector<uint8_t>& cert, switch (format) { case CertificateFormat::PEM: return fromPem(cert); + case CertificateFormat::DER: + return fromDer(cert); } LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format)); } @@ -48,6 +62,9 @@ std::vector<uint8_t> serializeCertificate(X509* x509, CertificateFormat format) case CertificateFormat::PEM: { TEST_AND_RETURN({}, PEM_write_bio_X509(certBio.get(), x509)); } break; + case CertificateFormat::DER: { + TEST_AND_RETURN({}, i2d_X509_bio(certBio.get(), x509)); + } break; default: { LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format)); } diff --git a/libs/binder/include/binder/CertificateFormat.h b/libs/binder/include/binder/CertificateFormat.h index d33ee7e484..22a8e47270 100644 --- a/libs/binder/include/binder/CertificateFormat.h +++ b/libs/binder/include/binder/CertificateFormat.h @@ -24,13 +24,15 @@ namespace android { enum class CertificateFormat { PEM, - // TODO(b/195166979): support other formats, e.g. DER + DER, }; static inline std::string PrintToString(CertificateFormat format) { switch (format) { case CertificateFormat::PEM: return "PEM"; + case CertificateFormat::DER: + return "DER"; default: return "<unknown>"; } diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp index 8c805bb6cc..8ffd68d278 100644 --- a/libs/binder/tests/binderRpcTest.cpp +++ b/libs/binder/tests/binderRpcTest.cpp @@ -1730,6 +1730,7 @@ TEST_P(RpcTransportTest, MaliciousClient) { std::vector<CertificateFormat> testCertificateFormats() { return { CertificateFormat::PEM, + CertificateFormat::DER, }; } |