Skip to content

Fix: BaseCryptLibOnOneCrypto #1787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Flickdm merged 5 commits into from
May 13, 2026
Merged

Fix: BaseCryptLibOnOneCrypto #1787

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c5415b9
CryptoPkg: Fix OneCrypto protocol NULL guard logic
Flickdm May 7, 2026
56de51a
CryptoPkg: Add X509ConstructCertificateStack unit tests
Flickdm May 9, 2026
1c734ad
CryptoPkg: Fix variadic dispatch in X509ConstructCertificateStackV
Flickdm May 9, 2026
c19dcba
CryptoPkg: Add id field to OneCrypto ext_dep descriptor
Flickdm May 9, 2026
951bb85
CryptoPkg: Update OneCrypto external dependency to v1.0.1
Flickdm May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions CryptoPkg/Binaries/OneCrypto_ext_dep.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
{
"scope": "global",
"type": "web",
"id": "onecrypto-bin",
"name": "onecrypto-bin",
"source": "https://github.com/microsoft/mu_crypto_release/releases/download/v1.0.0-OneCrypto/OneCrypto-Accelerated.zip",
"version": "1.0.0",
"sha256": "dbca1dd1e8410df574e5d3cdf258adbc94b660a3844157d1421f668d71164ec2",
"source": "https://github.com/microsoft/mu_crypto_release/releases/download/v1.0.1-OneCrypto/OneCrypto-Accelerated.zip",
"version": "1.0.1",
"sha256": "4f7ff3f6483c35f9168c67b28a462353f138115a3cd024551d80525550cd54b1",
"compression_type": "zip",
"internal_path": "/",
"flags": ["set_build_var"],
Expand Down
42 changes: 38 additions & 4 deletions CryptoPkg/Library/BaseCryptLibOnOneCrypto/OneCryptoLib.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ CryptoServiceNotAvailable (
ONE_CRYPTO_PROTOCOL *CryptoServices; \
\
CryptoServices = GetAndValidateCryptoProtocol (#Function, (MinMajor), (MinMinor)); \
if ((CryptoServices == NULL) && (CryptoServices->Function == NULL)) { \
if ((CryptoServices == NULL) || (CryptoServices->Function == NULL)) { \
CryptoServiceNotAvailable (#Function); \
return ErrorReturnValue; \
} \
Expand All @@ -178,7 +178,7 @@ CryptoServiceNotAvailable (
ONE_CRYPTO_PROTOCOL *CryptoServices; \
\
CryptoServices = GetAndValidateCryptoProtocol (#Function, (MinMajor), (MinMinor)); \
if ((CryptoServices == NULL) && (CryptoServices->Function == NULL)) { \
if ((CryptoServices == NULL) || (CryptoServices->Function == NULL)) { \
CryptoServiceNotAvailable (#Function); \
return; \
} \
Expand Down Expand Up @@ -4457,7 +4457,39 @@ X509ConstructCertificateStackV (
IN VA_LIST Args
)
{
CALL_CRYPTO_SERVICE (X509ConstructCertificateStackV, (X509Stack, Args), FALSE, 1, 0);
ONE_CRYPTO_PROTOCOL *CryptoServices;
UINT8 *Cert;
UINTN CertSize;
BOOLEAN Status;

if (X509Stack == NULL) {
return FALSE;
}

CryptoServices = GetAndValidateCryptoProtocol ("X509ConstructCertificateStack", 1, 0);
if ((CryptoServices == NULL) || (CryptoServices->X509ConstructCertificateStack == NULL)) {
CryptoServiceNotAvailable ("X509ConstructCertificateStack");
return FALSE;
}

Status = TRUE;
Cert = VA_ARG (Args, UINT8 *);
while (Cert != NULL) {
CertSize = VA_ARG (Args, UINTN);
if (CertSize == 0) {
Status = FALSE;
break;
}

Status = CryptoServices->X509ConstructCertificateStack (X509Stack, Cert, CertSize, NULL);
if (!Status) {
break;
}

Cert = VA_ARG (Args, UINT8 *);
}

return Status;
}

/**
Expand Down Expand Up @@ -4488,10 +4520,12 @@ X509ConstructCertificateStack (
)
{
VA_LIST Args;
BOOLEAN Result;

VA_START (Args, X509Stack);
CALL_CRYPTO_SERVICE (X509ConstructCertificateStack, (X509Stack, Args), FALSE, 1, 0);
Result = X509ConstructCertificateStackV (X509Stack, Args);
VA_END (Args);
return Result;
}

/**
Expand Down
191 changes: 190 additions & 1 deletion CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -626,11 +626,200 @@ TestVerifyX509 (
return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackNullInput (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;

Status = X509ConstructCertificateStack (NULL, mTestCaCert, sizeof (mTestCaCert), NULL);
UT_ASSERT_TRUE (!Status);

return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackSingleCert (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;
UINT8 *X509Stack;

X509Stack = NULL;
Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, sizeof (mTestCaCert), NULL);
UT_ASSERT_TRUE (Status);
UT_ASSERT_TRUE (X509Stack != NULL);

X509StackFree (X509Stack);
return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackAppend (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;
UINT8 *X509Stack;

X509Stack = NULL;

Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, sizeof (mTestCaCert), NULL);
UT_ASSERT_TRUE (Status);
UT_ASSERT_TRUE (X509Stack != NULL);

Status = X509ConstructCertificateStack (&X509Stack, mTestCert, sizeof (mTestCert), NULL);
UT_ASSERT_TRUE (Status);
UT_ASSERT_TRUE (X509Stack != NULL);

Status = X509ConstructCertificateStack (&X509Stack, mTestEndCert, sizeof (mTestEndCert), NULL);
UT_ASSERT_TRUE (Status);
UT_ASSERT_TRUE (X509Stack != NULL);

X509StackFree (X509Stack);
return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackInvalidCert (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;
UINT8 *X509Stack;

X509Stack = NULL;
Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, sizeof (mTestCaCert), NULL);
UT_ASSERT_TRUE (Status);

Status = X509ConstructCertificateStack (&X509Stack, mTestCert, 8, NULL);
UT_ASSERT_TRUE (!Status);
UT_ASSERT_TRUE (X509Stack != NULL);

X509StackFree (X509Stack);
return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackMultipleCertsOneCall (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;
UINT8 *X509Stack;

//
// Pass multiple cert/size pairs in a single variadic call.
//
X509Stack = NULL;
Status = X509ConstructCertificateStack (
&X509Stack,
mTestCaCert,
sizeof (mTestCaCert),
mTestCert,
sizeof (mTestCert),
mTestEndCert,
sizeof (mTestEndCert),
NULL
);
UT_ASSERT_TRUE (Status);
UT_ASSERT_TRUE (X509Stack != NULL);

X509StackFree (X509Stack);
return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackZeroSize (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;
UINT8 *X509Stack;

//
// A cert with size 0 should fail without corrupting the stack pointer.
//
X509Stack = NULL;
Status = X509ConstructCertificateStack (&X509Stack, mTestCaCert, (UINTN)0, NULL);
UT_ASSERT_TRUE (!Status);

return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackEmptyList (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;
UINT8 *X509Stack;

//
// Passing only NULL terminator should succeed with an empty stack.
//
X509Stack = NULL;
Status = X509ConstructCertificateStack (&X509Stack, NULL);
UT_ASSERT_TRUE (Status);

if (X509Stack != NULL) {
X509StackFree (X509Stack);
}

return UNIT_TEST_PASSED;
}

UNIT_TEST_STATUS
EFIAPI
TestX509ConstructCertificateStackVDirect (
IN UNIT_TEST_CONTEXT Context
)
{
BOOLEAN Status;
UINT8 *X509Stack;

//
// Call the V variant through the public Stack wrapper to exercise
// the VA_LIST path with two certs.
//
X509Stack = NULL;
Status = X509ConstructCertificateStack (
&X509Stack,
mTestCaCert,
sizeof (mTestCaCert),
mTestCert,
sizeof (mTestCert),
NULL
);
UT_ASSERT_TRUE (Status);
UT_ASSERT_TRUE (X509Stack != NULL);

X509StackFree (X509Stack);
return UNIT_TEST_PASSED;
}

TEST_DESC mX509Test[] = {
//
// -----Description--------------------------------------Class----------------------Function---------------------------------Pre---------------------Post---------Context
//
{ "TestVerifyX509()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyX509, NULL, NULL, NULL },
{ "TestVerifyX509()", "CryptoPkg.BaseCryptLib.X509", TestVerifyX509, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackNullInput()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackNullInput, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackSingleCert()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackSingleCert, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackAppend()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackAppend, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackInvalidCert()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackInvalidCert, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackMultipleCertsOneCall()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackMultipleCertsOneCall, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackZeroSize()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackZeroSize, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackEmptyList()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackEmptyList, NULL, NULL, NULL },
{ "TestX509ConstructCertificateStackVDirect()", "CryptoPkg.BaseCryptLib.X509", TestX509ConstructCertificateStackVDirect, NULL, NULL, NULL },
};

UINTN mX509TestNum = ARRAY_SIZE (mX509Test);
Loading