From 44dc86edf848c0e311340ddab5378e76979f486f Mon Sep 17 00:00:00 2001
From: Shawn Willden <swillden@google.com>
Date: Fri, 4 May 2018 10:08:36 -0600
Subject: [PATCH] Fix bug in VTS attestation cert verification.

Keymaster VTS is failing to verify that the last certificate in the
chain is self-signed.  CTS and GTS tests verify this, but it should be
validated at this level as well.

Bug: 79123157
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I5ff33fc8186182c2cf8d43d90cd59f89ce45d416
---
 keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
index d5c006ea8f..c90e96cda1 100644
--- a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -294,7 +294,7 @@ X509* parse_cert_blob(const hidl_vec<uint8_t>& blob) {
 }
 
 bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) {
-    for (size_t i = 0; i < chain.size() - 1; ++i) {
+    for (size_t i = 0; i < chain.size(); ++i) {
         X509_Ptr key_cert(parse_cert_blob(chain[i]));
         X509_Ptr signing_cert;
         if (i < chain.size() - 1) {