diff --git a/CryptoPkg/Binaries/OneCrypto_ext_dep.json b/CryptoPkg/Binaries/OneCrypto_ext_dep.json index 886d55d33f9..40d1093fbc5 100644 --- a/CryptoPkg/Binaries/OneCrypto_ext_dep.json +++ b/CryptoPkg/Binaries/OneCrypto_ext_dep.json @@ -1,10 +1,11 @@ { "scope": "global", "type": "web", + "id": "onecrypto-bin", "name": "onecrypto-bin", - "source": "https://github.com/microsoft/mu_crypto_release/releases/download/v1.0.0-OneCrypto/OneCrypto-Accelerated.zip", - "version": "1.0.0", - "sha256": "dbca1dd1e8410df574e5d3cdf258adbc94b660a3844157d1421f668d71164ec2", + "source": "https://github.com/microsoft/mu_crypto_release/releases/download/v1.0.1-OneCrypto/OneCrypto-Accelerated.zip", + "version": "1.0.1", + "sha256": "4f7ff3f6483c35f9168c67b28a462353f138115a3cd024551d80525550cd54b1", "compression_type": "zip", "internal_path": "/", "flags": ["set_build_var"], diff --git a/CryptoPkg/Library/BaseCryptLibOnOneCrypto/OneCryptoLib.c b/CryptoPkg/Library/BaseCryptLibOnOneCrypto/OneCryptoLib.c index 20e5adc029c..28c5fec9860 100644 --- a/CryptoPkg/Library/BaseCryptLibOnOneCrypto/OneCryptoLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnOneCrypto/OneCryptoLib.c @@ -152,7 +152,7 @@ CryptoServiceNotAvailable ( ONE_CRYPTO_PROTOCOL *CryptoServices; \ \ CryptoServices = GetAndValidateCryptoProtocol (#Function, (MinMajor), (MinMinor)); \ - if ((CryptoServices == NULL) && (CryptoServices->Function == NULL)) { \ + if ((CryptoServices == NULL) || (CryptoServices->Function == NULL)) { \ CryptoServiceNotAvailable (#Function); \ return ErrorReturnValue; \ } \ @@ -178,7 +178,7 @@ CryptoServiceNotAvailable ( ONE_CRYPTO_PROTOCOL *CryptoServices; \ \ CryptoServices = GetAndValidateCryptoProtocol (#Function, (MinMajor), (MinMinor)); \ - if ((CryptoServices == NULL) && (CryptoServices->Function == NULL)) { \ + if ((CryptoServices == NULL) || (CryptoServices->Function == NULL)) { \ CryptoServiceNotAvailable (#Function); \ return; \ } \ @@ -4457,7 +4457,39 @@ X509ConstructCertificateStackV ( IN VA_LIST Args ) { - CALL_CRYPTO_SERVICE (X509ConstructCertificateStackV, (X509Stack, Args), FALSE, 1, 0); + ONE_CRYPTO_PROTOCOL *CryptoServices; + UINT8 *Cert; + UINTN CertSize; + BOOLEAN Status; + + if (X509Stack == NULL) { + return FALSE; + } + + CryptoServices = GetAndValidateCryptoProtocol ("X509ConstructCertificateStack", 1, 0); + if ((CryptoServices == NULL) || (CryptoServices->X509ConstructCertificateStack == NULL)) { + CryptoServiceNotAvailable ("X509ConstructCertificateStack"); + return FALSE; + } + + Status = TRUE; + Cert = VA_ARG (Args, UINT8 *); + while (Cert != NULL) { + CertSize = VA_ARG (Args, UINTN); + if (CertSize == 0) { + Status = FALSE; + break; + } + + Status = CryptoServices->X509ConstructCertificateStack (X509Stack, Cert, CertSize, NULL); + if (!Status) { + break; + } + + Cert = VA_ARG (Args, UINT8 *); + } + + return Status; } /** @@ -4488,10 +4520,12 @@ X509ConstructCertificateStack ( ) { VA_LIST Args; + BOOLEAN Result; VA_START (Args, X509Stack); - CALL_CRYPTO_SERVICE (X509ConstructCertificateStack, (X509Stack, Args), FALSE, 1, 0); + Result = X509ConstructCertificateStackV (X509Stack, Args); VA_END (Args); + return Result; } /** diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c index 1141821daa2..32100d1b260 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c @@ -626,11 +626,200 @@ TestVerifyX509 ( return UNIT_TEST_PASSED; } +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackNullInput ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + + Status = X509ConstructCertificateStack (NULL, mTestCaCert, sizeof (mTestCaCert), NULL); + UT_ASSERT_TRUE (!Status); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackSingleCert ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 *X509Stack; + + X509Stack = NULL; + Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, sizeof (mTestCaCert), NULL); + UT_ASSERT_TRUE (Status); + UT_ASSERT_TRUE (X509Stack != NULL); + + X509StackFree (X509Stack); + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackAppend ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 *X509Stack; + + X509Stack = NULL; + + Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, sizeof (mTestCaCert), NULL); + UT_ASSERT_TRUE (Status); + UT_ASSERT_TRUE (X509Stack != NULL); + + Status = X509ConstructCertificateStack (&X509Stack, mTestCert, sizeof (mTestCert), NULL); + UT_ASSERT_TRUE (Status); + UT_ASSERT_TRUE (X509Stack != NULL); + + Status = X509ConstructCertificateStack (&X509Stack, mTestEndCert, sizeof (mTestEndCert), NULL); + UT_ASSERT_TRUE (Status); + UT_ASSERT_TRUE (X509Stack != NULL); + + X509StackFree (X509Stack); + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackInvalidCert ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 *X509Stack; + + X509Stack = NULL; + Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, sizeof (mTestCaCert), NULL); + UT_ASSERT_TRUE (Status); + + Status = X509ConstructCertificateStack (&X509Stack, mTestCert, 8, NULL); + UT_ASSERT_TRUE (!Status); + UT_ASSERT_TRUE (X509Stack != NULL); + + X509StackFree (X509Stack); + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackMultipleCertsOneCall ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 *X509Stack; + + // + // Pass multiple cert/size pairs in a single variadic call. + // + X509Stack = NULL; + Status = X509ConstructCertificateStack ( + &X509Stack, + mTestCaCert, + sizeof (mTestCaCert), + mTestCert, + sizeof (mTestCert), + mTestEndCert, + sizeof (mTestEndCert), + NULL + ); + UT_ASSERT_TRUE (Status); + UT_ASSERT_TRUE (X509Stack != NULL); + + X509StackFree (X509Stack); + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackZeroSize ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 *X509Stack; + + // + // A cert with size 0 should fail without corrupting the stack pointer. + // + X509Stack = NULL; + Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, (UINTN)0, NULL); + UT_ASSERT_TRUE (!Status); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackEmptyList ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 *X509Stack; + + // + // Passing only NULL terminator should succeed with an empty stack. + // + X509Stack = NULL; + Status = X509ConstructCertificateStack (&X509Stack, NULL); + UT_ASSERT_TRUE (Status); + + if (X509Stack != NULL) { + X509StackFree (X509Stack); + } + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestX509ConstructCertificateStackVDirect ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8 *X509Stack; + + // + // Call the V variant through the public Stack wrapper to exercise + // the VA_LIST path with two certs. + // + X509Stack = NULL; + Status = X509ConstructCertificateStack ( + &X509Stack, + mTestCaCert, + sizeof (mTestCaCert), + mTestCert, + sizeof (mTestCert), + NULL + ); + UT_ASSERT_TRUE (Status); + UT_ASSERT_TRUE (X509Stack != NULL); + + X509StackFree (X509Stack); + return UNIT_TEST_PASSED; +} + TEST_DESC mX509Test[] = { // // -----Description--------------------------------------Class----------------------Function---------------------------------Pre---------------------Post---------Context // - { "TestVerifyX509()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyX509, NULL, NULL, NULL }, + { "TestVerifyX509()", "CryptoPkg.BaseCryptLib.X509", TestVerifyX509, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackNullInput()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackNullInput, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackSingleCert()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackSingleCert, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackAppend()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackAppend, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackInvalidCert()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackInvalidCert, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackMultipleCertsOneCall()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackMultipleCertsOneCall, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackZeroSize()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackZeroSize, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackEmptyList()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackEmptyList, NULL, NULL, NULL }, + { "TestX509ConstructCertificateStackVDirect()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackVDirect, NULL, NULL, NULL }, }; UINTN mX509TestNum = ARRAY_SIZE (mX509Test);