Snap for 8717000 from a2a1421dd525e13afca476fae55d1b6921ab31da to tm-release
Change-Id: I245df67d29b36bc8f532c73881885f7549d17723
diff --git a/android_keymaster/android_keymaster.cpp b/android_keymaster/android_keymaster.cpp
index 828dead..420bbf2 100644
--- a/android_keymaster/android_keymaster.cpp
+++ b/android_keymaster/android_keymaster.cpp
@@ -942,21 +942,27 @@
GetRootOfTrustResponse response(message_version());
if (!context_->attestation_context()) {
+ LOG_E("Have no attestation context, cannot get RootOfTrust", 0);
response.error = KM_ERROR_UNIMPLEMENTED;
return response;
}
const AttestationContext::VerifiedBootParams* vbParams =
context_->attestation_context()->GetVerifiedBootParams(&response.error);
- if (response.error != KM_ERROR_OK) return response;
+ if (response.error != KM_ERROR_OK) {
+ LOG_E("Error retrieving verified boot params: %lu", response.error);
+ return response;
+ }
auto boot_patch_level = context_->GetBootPatchlevel();
if (!boot_patch_level) {
+ LOG_E("Error retrieving boot patch level: %lu", response.error);
response.error = KM_ERROR_UNIMPLEMENTED;
return response;
}
if (!context_->enforcement_policy()) {
+ LOG_E("Have no enforcement policy, cannot get RootOfTrust", 0);
response.error = KM_ERROR_UNIMPLEMENTED;
return response;
}
diff --git a/contexts/keymaster1_passthrough_context.cpp b/contexts/keymaster1_passthrough_context.cpp
index 5c82633..02c4623 100644
--- a/contexts/keymaster1_passthrough_context.cpp
+++ b/contexts/keymaster1_passthrough_context.cpp
@@ -38,7 +38,7 @@
keymaster1_device_t* dev)
: SoftAttestationContext(version), device_(dev),
pt_engine_(KeymasterPassthroughEngine::createInstance(dev)),
- km1_engine_(new Keymaster1Engine(dev)) {}
+ km1_engine_(new (std::nothrow) Keymaster1Engine(dev)) {}
keymaster_error_t Keymaster1PassthroughContext::SetSystemVersion(uint32_t os_version,
uint32_t os_patchlevel) {
@@ -58,22 +58,22 @@
if (!result) {
switch (algorithm) {
case KM_ALGORITHM_RSA:
- result.reset(new Keymaster1ArbitrationFactory<RsaKeymaster1KeyFactory>(
+ result.reset(new (std::nothrow) Keymaster1ArbitrationFactory<RsaKeymaster1KeyFactory>(
pt_engine_.get(), KM_ALGORITHM_RSA, device_, *this /* blob_maker */,
*this /* context */, km1_engine_.get()));
break;
case KM_ALGORITHM_EC:
- result.reset(new Keymaster1ArbitrationFactory<EcdsaKeymaster1KeyFactory>(
+ result.reset(new (std::nothrow) Keymaster1ArbitrationFactory<EcdsaKeymaster1KeyFactory>(
pt_engine_.get(), KM_ALGORITHM_EC, device_, *this /* blob_maker */,
*this /* context */, km1_engine_.get()));
break;
case KM_ALGORITHM_AES:
- result.reset(new Keymaster1ArbitrationFactory<AesKeyFactory>(
+ result.reset(new (std::nothrow) Keymaster1ArbitrationFactory<AesKeyFactory>(
pt_engine_.get(), KM_ALGORITHM_AES, device_, *this /* blob_maker */,
*this /* random_source */));
break;
case KM_ALGORITHM_HMAC:
- result.reset(new Keymaster1ArbitrationFactory<HmacKeyFactory>(
+ result.reset(new (std::nothrow) Keymaster1ArbitrationFactory<HmacKeyFactory>(
pt_engine_.get(), KM_ALGORITHM_HMAC, device_, *this /* blob_maker */,
*this /* random_source */));
break;
@@ -152,7 +152,7 @@
BuildHiddenAuthorizations(additional_params, &hidden, softwareRootOfTrust);
if (error != KM_ERROR_OK) return error;
- // Assume it's an integrity-assured blob (new software-only blob
+ // Assume it's an integrity-assured blob (new software-only blob).
error =
DeserializeIntegrityAssuredBlob(blob, hidden, &key_material, &hw_enforced, &sw_enforced);
if (error != KM_ERROR_INVALID_KEY_BLOB && error != KM_ERROR_OK) return error;
diff --git a/contexts/keymaster2_passthrough_context.cpp b/contexts/keymaster2_passthrough_context.cpp
index fe83de8..75ed9b6 100644
--- a/contexts/keymaster2_passthrough_context.cpp
+++ b/contexts/keymaster2_passthrough_context.cpp
@@ -42,7 +42,7 @@
KeyFactory* Keymaster2PassthroughContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
auto& result = factories_[algorithm];
if (!result) {
- result.reset(new KeymasterPassthroughKeyFactory(engine_.get(), algorithm));
+ result.reset(new (std::nothrow) KeymasterPassthroughKeyFactory(engine_.get(), algorithm));
}
return result.get();
}
diff --git a/contexts/pure_soft_keymaster_context.cpp b/contexts/pure_soft_keymaster_context.cpp
index e9d8245..937238b 100644
--- a/contexts/pure_soft_keymaster_context.cpp
+++ b/contexts/pure_soft_keymaster_context.cpp
@@ -54,11 +54,14 @@
keymaster_security_level_t security_level)
: SoftAttestationContext(version),
- rsa_factory_(new RsaKeyFactory(*this /* blob_maker */, *this /* context */)),
- ec_factory_(new EcKeyFactory(*this /* blob_maker */, *this /* context */)),
- aes_factory_(new AesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
- tdes_factory_(new TripleDesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
- hmac_factory_(new HmacKeyFactory(*this /* blob_maker */, *this /* random_source */)),
+ rsa_factory_(new (std::nothrow) RsaKeyFactory(*this /* blob_maker */, *this /* context */)),
+ ec_factory_(new (std::nothrow) EcKeyFactory(*this /* blob_maker */, *this /* context */)),
+ aes_factory_(new (std::nothrow)
+ AesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
+ tdes_factory_(new (std::nothrow)
+ TripleDesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
+ hmac_factory_(new (std::nothrow)
+ HmacKeyFactory(*this /* blob_maker */, *this /* random_source */)),
os_version_(0), os_patchlevel_(0), soft_keymaster_enforcement_(64, 64),
security_level_(security_level) {
// We're pretending to be some sort of secure hardware which supports secure key storage,
diff --git a/contexts/soft_keymaster_context.cpp b/contexts/soft_keymaster_context.cpp
index 86bdd3f..66c1a57 100644
--- a/contexts/soft_keymaster_context.cpp
+++ b/contexts/soft_keymaster_context.cpp
@@ -52,11 +52,14 @@
SoftKeymasterContext::SoftKeymasterContext(KmVersion version, const std::string& root_of_trust)
: SoftAttestationContext(version), //
- rsa_factory_(new RsaKeyFactory(*this /* blob_maker */, *this /* context */)),
- ec_factory_(new EcKeyFactory(*this /* blob_maker */, *this /* context */)),
- aes_factory_(new AesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
- tdes_factory_(new TripleDesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
- hmac_factory_(new HmacKeyFactory(*this /* blob_maker */, *this /* random_source */)),
+ rsa_factory_(new (std::nothrow) RsaKeyFactory(*this /* blob_maker */, *this /* context */)),
+ ec_factory_(new (std::nothrow) EcKeyFactory(*this /* blob_maker */, *this /* context */)),
+ aes_factory_(new (std::nothrow)
+ AesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
+ tdes_factory_(new (std::nothrow)
+ TripleDesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
+ hmac_factory_(new (std::nothrow)
+ HmacKeyFactory(*this /* blob_maker */, *this /* random_source */)),
km1_dev_(nullptr), root_of_trust_(string2Blob(root_of_trust)), os_version_(0),
os_patchlevel_(0) {}
@@ -67,10 +70,10 @@
km1_dev_ = keymaster1_device;
- km1_engine_.reset(new Keymaster1Engine(keymaster1_device));
- rsa_factory_.reset(new RsaKeymaster1KeyFactory(
+ km1_engine_.reset(new (std::nothrow) Keymaster1Engine(keymaster1_device));
+ rsa_factory_.reset(new (std::nothrow) RsaKeymaster1KeyFactory(
*this /* blob_maker */, *this /* attestation_context */, km1_engine_.get()));
- ec_factory_.reset(new EcdsaKeymaster1KeyFactory(
+ ec_factory_.reset(new (std::nothrow) EcdsaKeymaster1KeyFactory(
*this /* blob_maker */, *this /* attestation_context */, km1_engine_.get()));
// Use default HMAC and AES key factories. Higher layers will pass HMAC/AES keys/ops that are
diff --git a/contexts/soft_keymaster_device.cpp b/contexts/soft_keymaster_device.cpp
index 71b0dd1..45c5b2a 100644
--- a/contexts/soft_keymaster_device.cpp
+++ b/contexts/soft_keymaster_device.cpp
@@ -158,8 +158,9 @@
}
SoftKeymasterDevice::SoftKeymasterDevice(KmVersion version)
- : wrapped_km1_device_(nullptr), context_(new SoftKeymasterContext(version)),
- impl_(new AndroidKeymaster(context_, kOperationTableSize)), configured_(false) {
+ : wrapped_km1_device_(nullptr), context_(new (std::nothrow) SoftKeymasterContext(version)),
+ impl_(new (std::nothrow) AndroidKeymaster(context_, kOperationTableSize)),
+ configured_(false) {
LOG_I("Creating device", 0);
LOG_D("Device address: %p", this);
@@ -169,7 +170,8 @@
SoftKeymasterDevice::SoftKeymasterDevice(SoftKeymasterContext* context)
: wrapped_km1_device_(nullptr), context_(context),
- impl_(new AndroidKeymaster(context_, kOperationTableSize)), configured_(false) {
+ impl_(new (std::nothrow) AndroidKeymaster(context_, kOperationTableSize)),
+ configured_(false) {
LOG_I("Creating test device", 0);
LOG_D("Device address: %p", this);
diff --git a/include/keymaster/android_keymaster_utils.h b/include/keymaster/android_keymaster_utils.h
index a23694b..324287a 100644
--- a/include/keymaster/android_keymaster_utils.h
+++ b/include/keymaster/android_keymaster_utils.h
@@ -326,7 +326,7 @@
// Insert the provided blob at the front of the chain. CertificateChain takes ownership of the
// contents of `new_entry`.
bool push_front(const keymaster_blob_t& new_entry) {
- keymaster_blob_t* new_entries = new keymaster_blob_t[entry_count + 1];
+ keymaster_blob_t* new_entries = new (std::nothrow) keymaster_blob_t[entry_count + 1];
if (!new_entries) return false;
new_entries[0] = new_entry;
diff --git a/km_openssl/ec_key_factory.cpp b/km_openssl/ec_key_factory.cpp
index 2e0e2f1..4ec3175 100644
--- a/km_openssl/ec_key_factory.cpp
+++ b/km_openssl/ec_key_factory.cpp
@@ -234,12 +234,18 @@
switch (EVP_PKEY_type(pkey->type)) {
case EVP_PKEY_ED25519:
key.reset(new (std::nothrow) Ed25519Key(*hw_enforced, *sw_enforced, this));
+ if (key.get() == nullptr) {
+ return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+ }
if (!key->EvpToInternal(pkey.get())) {
return KM_ERROR_UNSUPPORTED_KEY_FORMAT;
}
break;
case EVP_PKEY_X25519:
key.reset(new (std::nothrow) X25519Key(*hw_enforced, *sw_enforced, this));
+ if (key.get() == nullptr) {
+ return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+ }
if (!key->EvpToInternal(pkey.get())) {
return KM_ERROR_UNSUPPORTED_KEY_FORMAT;
}
@@ -249,6 +255,9 @@
if (!ec_key.get()) return KM_ERROR_INVALID_ARGUMENT;
key.reset(new (std::nothrow) EcKey(*hw_enforced, *sw_enforced, this, move(ec_key)));
+ if (key.get() == nullptr) {
+ return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+ }
break;
}
default:
diff --git a/legacy_support/ec_keymaster1_key.cpp b/legacy_support/ec_keymaster1_key.cpp
index fa4dc07..ddb3725 100644
--- a/legacy_support/ec_keymaster1_key.cpp
+++ b/legacy_support/ec_keymaster1_key.cpp
@@ -31,9 +31,9 @@
const KeymasterContext& context,
const Keymaster1Engine* engine)
: EcKeyFactory(blob_maker, context), engine_(engine),
- sign_factory_(new EcdsaKeymaster1OperationFactory(KM_PURPOSE_SIGN, engine)),
+ sign_factory_(new (std::nothrow) EcdsaKeymaster1OperationFactory(KM_PURPOSE_SIGN, engine)),
// For pubkey ops we can use the normal operation factories.
- verify_factory_(new EcdsaVerifyOperationFactory) {}
+ verify_factory_(new (std::nothrow) EcdsaVerifyOperationFactory) {}
static bool is_supported(uint32_t digest) {
return digest == KM_DIGEST_NONE || digest == KM_DIGEST_SHA_2_256;
diff --git a/legacy_support/ecdsa_keymaster1_operation.cpp b/legacy_support/ecdsa_keymaster1_operation.cpp
index ede1b3f..bb8b041 100644
--- a/legacy_support/ecdsa_keymaster1_operation.cpp
+++ b/legacy_support/ecdsa_keymaster1_operation.cpp
@@ -104,7 +104,7 @@
switch (purpose_) {
case KM_PURPOSE_SIGN:
- return OperationPtr(new EcdsaKeymaster1Operation<EcdsaSignOperation>(
+ return OperationPtr(new (std::nothrow) EcdsaKeymaster1Operation<EcdsaSignOperation>(
key.hw_enforced_move(), key.sw_enforced_move(), digest, ecdsa.release(), engine_));
default:
LOG_E(
diff --git a/legacy_support/keymaster1_engine.cpp b/legacy_support/keymaster1_engine.cpp
index 28a64ad..4cd16e5 100644
--- a/legacy_support/keymaster1_engine.cpp
+++ b/legacy_support/keymaster1_engine.cpp
@@ -135,7 +135,7 @@
return nullptr;
}
- KeyData* key_data = new KeyData(blob, additional_params);
+ KeyData* key_data = new (std::nothrow) KeyData(blob, additional_params);
if (!RSA_set_ex_data(rsa.get(), rsa_index_, key_data)) {
*error = TranslateLastOpenSslError();
delete key_data;
@@ -174,7 +174,7 @@
return nullptr;
}
- KeyData* key_data = new KeyData(blob, additional_params);
+ KeyData* key_data = new (std::nothrow) KeyData(blob, additional_params);
if (!EC_KEY_set_ex_data(ec_key.get(), ec_key_index_, key_data)) {
*error = TranslateLastOpenSslError();
delete key_data;
@@ -238,7 +238,7 @@
if (!data) return 1;
// Default copy ctor is good.
- *from_d = new KeyData(*data);
+ *from_d = new (std::nothrow) KeyData(*data);
if (*from_d) return 1;
return 0;
}
diff --git a/legacy_support/keymaster_passthrough_engine.cpp b/legacy_support/keymaster_passthrough_engine.cpp
index ed22320..d966d71 100644
--- a/legacy_support/keymaster_passthrough_engine.cpp
+++ b/legacy_support/keymaster_passthrough_engine.cpp
@@ -45,33 +45,35 @@
explicit TKeymasterPassthroughEngine(const KeymasterDeviceType* km_device)
: km_device_(km_device) {
rsa_encrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT, km_device_));
rsa_decrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_DECRYPT, km_device_));
- rsa_sign_op_factory_.reset(new opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_DECRYPT, km_device_));
+ rsa_sign_op_factory_.reset(new (std::nothrow)
+ opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, km_device_));
rsa_verify_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_VERIFY, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_RSA, KM_PURPOSE_VERIFY, km_device_));
ec_encrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT, km_device_));
ec_decrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_DECRYPT, km_device_));
- ec_sign_op_factory_.reset(new opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_SIGN, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_DECRYPT, km_device_));
+ ec_sign_op_factory_.reset(new (std::nothrow)
+ opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_SIGN, km_device_));
ec_verify_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_VERIFY, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_VERIFY, km_device_));
ec_derive_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_DERIVE_KEY, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_EC, KM_PURPOSE_DERIVE_KEY, km_device_));
aes_encrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_AES, KM_PURPOSE_ENCRYPT, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_AES, KM_PURPOSE_ENCRYPT, km_device_));
aes_decrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_AES, KM_PURPOSE_DECRYPT, km_device_));
- triple_des_encrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_TRIPLE_DES, KM_PURPOSE_ENCRYPT, km_device_));
- triple_des_decrypt_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_TRIPLE_DES, KM_PURPOSE_DECRYPT, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_AES, KM_PURPOSE_DECRYPT, km_device_));
+ triple_des_encrypt_op_factory_.reset(new (std::nothrow) opfactory_t(
+ KM_ALGORITHM_TRIPLE_DES, KM_PURPOSE_ENCRYPT, km_device_));
+ triple_des_decrypt_op_factory_.reset(new (std::nothrow) opfactory_t(
+ KM_ALGORITHM_TRIPLE_DES, KM_PURPOSE_DECRYPT, km_device_));
hmac_sign_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_HMAC, KM_PURPOSE_SIGN, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_HMAC, KM_PURPOSE_SIGN, km_device_));
hmac_verify_op_factory_.reset(
- new opfactory_t(KM_ALGORITHM_HMAC, KM_PURPOSE_VERIFY, km_device_));
+ new (std::nothrow) opfactory_t(KM_ALGORITHM_HMAC, KM_PURPOSE_VERIFY, km_device_));
}
virtual ~TKeymasterPassthroughEngine() {
// QUIRK: we only take ownership if this is a KM2 device.
@@ -294,10 +296,10 @@
typedef UniquePtr<KeymasterPassthroughEngine> engine_ptr_t;
engine_ptr_t KeymasterPassthroughEngine::createInstance(const keymaster1_device_t* dev) {
- return engine_ptr_t(new TKeymasterPassthroughEngine<keymaster1_device_t>(dev));
+ return engine_ptr_t(new (std::nothrow) TKeymasterPassthroughEngine<keymaster1_device_t>(dev));
}
engine_ptr_t KeymasterPassthroughEngine::createInstance(const keymaster2_device_t* dev) {
- return engine_ptr_t(new TKeymasterPassthroughEngine<keymaster2_device_t>(dev));
+ return engine_ptr_t(new (std::nothrow) TKeymasterPassthroughEngine<keymaster2_device_t>(dev));
}
} // namespace keymaster
diff --git a/legacy_support/rsa_keymaster1_key.cpp b/legacy_support/rsa_keymaster1_key.cpp
index 5859bde..ff5576c 100644
--- a/legacy_support/rsa_keymaster1_key.cpp
+++ b/legacy_support/rsa_keymaster1_key.cpp
@@ -28,11 +28,12 @@
const KeymasterContext& context,
const Keymaster1Engine* engine)
: RsaKeyFactory(blob_maker, context), engine_(engine),
- sign_factory_(new RsaKeymaster1OperationFactory(KM_PURPOSE_SIGN, engine)),
- decrypt_factory_(new RsaKeymaster1OperationFactory(KM_PURPOSE_DECRYPT, engine)),
+ sign_factory_(new (std::nothrow) RsaKeymaster1OperationFactory(KM_PURPOSE_SIGN, engine)),
+ decrypt_factory_(new (std::nothrow)
+ RsaKeymaster1OperationFactory(KM_PURPOSE_DECRYPT, engine)),
// For pubkey ops we can use the normal operation factories.
- verify_factory_(new RsaVerificationOperationFactory),
- encrypt_factory_(new RsaEncryptionOperationFactory) {}
+ verify_factory_(new (std::nothrow) RsaVerificationOperationFactory),
+ encrypt_factory_(new (std::nothrow) RsaEncryptionOperationFactory) {}
static bool is_supported(uint32_t digest) {
return digest == KM_DIGEST_NONE || digest == KM_DIGEST_SHA_2_256;
diff --git a/legacy_support/rsa_keymaster1_operation.cpp b/legacy_support/rsa_keymaster1_operation.cpp
index a32a8a6..7f4d59f 100644
--- a/legacy_support/rsa_keymaster1_operation.cpp
+++ b/legacy_support/rsa_keymaster1_operation.cpp
@@ -128,11 +128,11 @@
switch (purpose_) {
case KM_PURPOSE_SIGN:
- return OperationPtr(new RsaKeymaster1Operation<RsaSignOperation>(
+ return OperationPtr(new (std::nothrow) RsaKeymaster1Operation<RsaSignOperation>(
key.hw_enforced_move(), key.sw_enforced_move(), digest, padding, rsa.release(),
engine_));
case KM_PURPOSE_DECRYPT:
- return OperationPtr(new RsaKeymaster1Operation<RsaDecryptOperation>(
+ return OperationPtr(new (std::nothrow) RsaKeymaster1Operation<RsaDecryptOperation>(
key.hw_enforced_move(), key.sw_enforced_move(), digest, padding, rsa.release(),
engine_));
default:
diff --git a/ng/AndroidKeyMintDevice.cpp b/ng/AndroidKeyMintDevice.cpp
index 9d2cc69..25ad463 100644
--- a/ng/AndroidKeyMintDevice.cpp
+++ b/ng/AndroidKeyMintDevice.cpp
@@ -213,9 +213,9 @@
constexpr size_t kOperationTableSize = 16;
AndroidKeyMintDevice::AndroidKeyMintDevice(SecurityLevel securityLevel)
- : impl_(new ::keymaster::AndroidKeymaster(
- [&]() -> auto {
- auto context = new PureSoftKeymasterContext(
+ : impl_(new (std::nothrow)::keymaster::AndroidKeymaster(
+ [&]() -> auto{
+ auto context = new (std::nothrow) PureSoftKeymasterContext(
KmVersion::KEYMINT_2, static_cast<keymaster_security_level_t>(securityLevel));
context->SetSystemVersion(::keymaster::GetOsVersion(),
::keymaster::GetOsPatchlevel());
diff --git a/ng/AndroidKeymaster3Device.cpp b/ng/AndroidKeymaster3Device.cpp
index 5ab1739..8c17f69 100644
--- a/ng/AndroidKeymaster3Device.cpp
+++ b/ng/AndroidKeymaster3Device.cpp
@@ -85,7 +85,7 @@
class KmParamSet : public keymaster_key_param_set_t {
public:
explicit KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
- params = new keymaster_key_param_t[keyParams.size()];
+ params = new (std::nothrow) keymaster_key_param_t[keyParams.size()];
length = keyParams.size();
for (size_t i = 0; i < keyParams.size(); ++i) {
auto tag = legacy_enum_conversion(keyParams[i].tag);
@@ -220,9 +220,9 @@
} // anonymous namespace
AndroidKeymaster3Device::AndroidKeymaster3Device()
- : impl_(new ::keymaster::AndroidKeymaster(
- []() -> auto {
- auto context = new PureSoftKeymasterContext(KmVersion::KEYMASTER_3);
+ : impl_(new (std::nothrow)::keymaster::AndroidKeymaster(
+ []() -> auto{
+ auto context = new (std::nothrow) PureSoftKeymasterContext(KmVersion::KEYMASTER_3);
context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
context->SetVendorPatchlevel(GetVendorPatchlevel());
// Software devices cannot be configured by the boot loader but they have
@@ -237,7 +237,8 @@
AndroidKeymaster3Device::AndroidKeymaster3Device(KeymasterContext* context,
KeymasterHardwareProfile profile)
- : impl_(new ::keymaster::AndroidKeymaster(context, kOperationTableSize)), profile_(profile) {}
+ : impl_(new (std::nothrow)::keymaster::AndroidKeymaster(context, kOperationTableSize)),
+ profile_(profile) {}
AndroidKeymaster3Device::~AndroidKeymaster3Device() {}
@@ -504,20 +505,22 @@
}
IKeymasterDevice* CreateKeymasterDevice() {
- return new AndroidKeymaster3Device();
+ return new (std::nothrow) AndroidKeymaster3Device();
}
IKeymasterDevice* CreateKeymasterDevice(keymaster2_device_t* km2_device) {
if (ConfigureDevice(km2_device) != KM_ERROR_OK) return nullptr;
- auto context = new Keymaster2PassthroughContext(KmVersion::KEYMASTER_3, km2_device);
+ auto context =
+ new (std::nothrow) Keymaster2PassthroughContext(KmVersion::KEYMASTER_3, km2_device);
context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
- return new AndroidKeymaster3Device(context, KeymasterHardwareProfile::KM2);
+ return new (std::nothrow) AndroidKeymaster3Device(context, KeymasterHardwareProfile::KM2);
}
IKeymasterDevice* CreateKeymasterDevice(keymaster1_device_t* km1_device) {
- auto context = new Keymaster1PassthroughContext(KmVersion::KEYMASTER_3, km1_device);
+ auto context =
+ new (std::nothrow) Keymaster1PassthroughContext(KmVersion::KEYMASTER_3, km1_device);
context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
- return new AndroidKeymaster3Device(context, KeymasterHardwareProfile::KM1);
+ return new (std::nothrow) AndroidKeymaster3Device(context, KeymasterHardwareProfile::KM1);
}
} // namespace ng
diff --git a/ng/AndroidKeymaster41Device.cpp b/ng/AndroidKeymaster41Device.cpp
index c360ff2..e9abb9e 100644
--- a/ng/AndroidKeymaster41Device.cpp
+++ b/ng/AndroidKeymaster41Device.cpp
@@ -35,7 +35,7 @@
} // namespace
IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {
- return new AndroidKeymaster41Device(securityLevel);
+ return new (std::nothrow) AndroidKeymaster41Device(securityLevel);
}
Return<V41ErrorCode>
diff --git a/ng/AndroidKeymaster4Device.cpp b/ng/AndroidKeymaster4Device.cpp
index 33b329f..1072418 100644
--- a/ng/AndroidKeymaster4Device.cpp
+++ b/ng/AndroidKeymaster4Device.cpp
@@ -175,7 +175,7 @@
keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec<KeyParameter>& keyParams) {
keymaster_key_param_set_t set;
- set.params = new keymaster_key_param_t[keyParams.size()];
+ set.params = new (std::nothrow) keymaster_key_param_t[keyParams.size()];
set.length = keyParams.size();
for (size_t i = 0; i < keyParams.size(); ++i) {
@@ -219,9 +219,9 @@
}
AndroidKeymaster4Device::AndroidKeymaster4Device(KmVersion version, SecurityLevel securityLevel)
- : impl_(new ::keymaster::AndroidKeymaster(
- [&]() -> auto {
- auto context = new PureSoftKeymasterContext(
+ : impl_(new (std::nothrow)::keymaster::AndroidKeymaster(
+ [&]() -> auto{
+ auto context = new (std::nothrow) PureSoftKeymasterContext(
version, static_cast<keymaster_security_level_t>(securityLevel));
context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
context->SetVendorPatchlevel(GetVendorPatchlevel());
@@ -259,7 +259,8 @@
const hidl_vec<::android::hardware::keymaster::V4_0::HmacSharingParameters>& params,
computeSharedHmac_cb _hidl_cb) {
ComputeSharedHmacRequest request(impl_->message_version());
- request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];
+ request.params_array.params_array =
+ new (std::nothrow) keymaster::HmacSharingParameters[params.size()];
request.params_array.num_params = params.size();
for (size_t i = 0; i < params.size(); ++i) {
request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
@@ -586,7 +587,7 @@
}
IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {
- return new AndroidKeymaster4Device(securityLevel);
+ return new (std::nothrow) AndroidKeymaster4Device(securityLevel);
}
} // namespace ng
diff --git a/ng/AndroidRemotelyProvisionedComponentDevice.cpp b/ng/AndroidRemotelyProvisionedComponentDevice.cpp
index e6bd40f..54ea70c 100644
--- a/ng/AndroidRemotelyProvisionedComponentDevice.cpp
+++ b/ng/AndroidRemotelyProvisionedComponentDevice.cpp
@@ -112,7 +112,10 @@
GenerateCsrRequest request(impl_->message_version());
request.test_mode = testMode;
request.num_keys = keysToSign.size();
- request.keys_to_sign_array = new KeymasterBlob[keysToSign.size()];
+ request.keys_to_sign_array = new (std::nothrow) KeymasterBlob[keysToSign.size()];
+ if (request.keys_to_sign_array == nullptr) {
+ return km_utils::kmError2ScopedAStatus(KM_ERROR_MEMORY_ALLOCATION_FAILED);
+ }
for (size_t i = 0; i < keysToSign.size(); i++) {
request.SetKeyToSign(i, keysToSign[i].macedKey.data(), keysToSign[i].macedKey.size());
}
diff --git a/ng/AndroidSharedSecret.cpp b/ng/AndroidSharedSecret.cpp
index 0ae3d2d..c800666 100644
--- a/ng/AndroidSharedSecret.cpp
+++ b/ng/AndroidSharedSecret.cpp
@@ -44,7 +44,11 @@
ScopedAStatus AndroidSharedSecret::computeSharedSecret(const vector<SharedSecretParameters>& params,
vector<uint8_t>* sharingCheck) {
ComputeSharedHmacRequest request(impl_->message_version());
- request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];
+ request.params_array.params_array =
+ new (std::nothrow) keymaster::HmacSharingParameters[params.size()];
+ if (request.params_array.params_array == nullptr) {
+ return kmError2ScopedAStatus(KM_ERROR_MEMORY_ALLOCATION_FAILED);
+ }
request.params_array.num_params = params.size();
for (size_t i = 0; i < params.size(); ++i) {
request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
diff --git a/ng/KeyMintAidlUtils.cpp b/ng/KeyMintAidlUtils.cpp
index 17a53a5..28b5744 100644
--- a/ng/KeyMintAidlUtils.cpp
+++ b/ng/KeyMintAidlUtils.cpp
@@ -98,7 +98,7 @@
keymaster_key_param_set_t aidlKeyParams2Km(const vector<KeyParameter>& keyParams) {
keymaster_key_param_set_t set;
- set.params = new keymaster_key_param_t[keyParams.size()];
+ set.params = new (std::nothrow) keymaster_key_param_t[keyParams.size()];
set.length = keyParams.size();
for (size_t i = 0; i < keyParams.size(); ++i) {
diff --git a/tests/key_blob_test.cpp b/tests/key_blob_test.cpp
index f50d4fe..f69551b 100644
--- a/tests/key_blob_test.cpp
+++ b/tests/key_blob_test.cpp
@@ -228,7 +228,7 @@
// Find enforced serialization data and modify it.
size_t hw_enforced_size = hw_enforced_.SerializedSize();
- UniquePtr<uint8_t[]> hw_enforced_data(new uint8_t[hw_enforced_size]);
+ UniquePtr<uint8_t[]> hw_enforced_data(new (std::nothrow) uint8_t[hw_enforced_size]);
hw_enforced_.Serialize(hw_enforced_data.get(), hw_enforced_data.get() + hw_enforced_size);
auto hw_enforced_ptr =
