Changeset 58459 for trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg – Oracle VirtualBox

trunk/src/VBox/Devices/EFI/Firmware

Property svn:mergeinfo set to (toggle deleted branches)
/vendor/edk2/current 103735-103757

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Application/Cryptest/Cryptest.c

-              r48674
+              r58459
 /** @file
+/** @file
   Application for Cryptographic Primitives Validation.
 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
+  }
+  Status = ValidateTSCounterSignature ();
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
   Status = ValidateCryptDh ();
   if (EFI_ERROR (Status)) {

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Application/Cryptest/Cryptest.h

-              r48674
+              r58459
 /** @file
+/** @file
   Application for Cryptographic Primitives Validation.
 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 /**
+  Validate UEFI-OpenSSL RFC3161 Timestamp CounterSignature Verification Interfaces.
+  @retval  EFI_SUCCESS  Validation succeeded.
+  @retval  EFI_ABORTED  Validation failed.
+**/
+EFI_STATUS
+ValidateTSCounterSignature (
+  VOID
+  );
+/**
   Validate UEFI-OpenSSL DH Interfaces.

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Application/Cryptest/Cryptest.inf

-              r48674
+              r58459
 ## @file
+#  UEFI Application for the Validation of cryptography library
+#  (based on OpenSSL 0.9.8l).
+#  This is a shell application that will test the crypto library.
+#  Shell application that will test the crypto library.
+#
+#  Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+#  UEFI Application for the Validation of cryptography library (based on OpenSSL 0.9.8zb).
+#
+#  Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = Cryptest
+  MODULE_UNI_FILE                = Cryptest.uni
   FILE_GUID                      = fb925ac7-192a-9567-8586-7c6f5f710607
   MODULE_TYPE                    = UEFI_APPLICATION
 …
   RsaVerify2.c
   AuthenticodeVerify.c
+  TSVerify.c
   DhVerify.c
   RandVerify.c
 …
   MemoryAllocationLib
   BaseCryptLib
+[UserExtensions.TianoCore."ExtraFiles"]
+  CryptestExtra.uni

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Application/Cryptest/DhVerify.c

-              r48674
+              r58459
 /** @file
+/** @file
   Application for Diffie-Hellman Primitives Validation.
 Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
   Print (L"\nUEFI-OpenSSL DH Engine Testing:\n");
+  //
+  // Initialize Key Length
+  //
+  PublicKey1Length = sizeof (PublicKey1);
+  PublicKey2Length = sizeof (PublicKey2);
+  Key1Length       = sizeof (Key1);
+  Key2Length       = sizeof (Key2);
   //

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Application/Cryptest/HashVerify.c

-              r48674
+              r58459
 /** @file
+/** @file
   Application for Hash Primitives Validation.
 Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
 xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
+  };
+//
+// Result for SHA-384("abc"). (From "D.1 SHA-384 Example" of NIST FIPS 180-2)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha384Digest[SHA384_DIGEST_SIZE] = {
+xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
+x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
+x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7
+  };
+//
+// Result for SHA-512("abc"). (From "C.1 SHA-512 Example" of NIST FIPS 180-2)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha512Digest[SHA512_DIGEST_SIZE] = {
+xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
+x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
+x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
+x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
   };
 …
   Print (L"- MD4:    ");
   //
   // MD4 Digest Validation
 …
   Print (L"[Pass]\n");
+  Print (L"- SHA384: ");
+  //
+  // SHA384 Digest Validation
+  //
+  ZeroMem (Digest, MAX_DIGEST_SIZE);
+  CtxSize = Sha384GetContextSize ();
+  HashCtx = AllocatePool (CtxSize);
+  Print (L"Init... ");
+  Status  = Sha384Init (HashCtx);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  Print (L"Update... ");
+  Status  = Sha384Update (HashCtx, HashData, DataSize);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  Print (L"Finalize... ");
+  Status  = Sha384Final (HashCtx, Digest);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  FreePool (HashCtx);
+  Print (L"Check Value... ");
+  if (CompareMem (Digest, Sha384Digest, SHA384_DIGEST_SIZE) != 0) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  Print (L"[Pass]\n");
+  Print (L"- SHA512: ");
+  //
+  // SHA512 Digest Validation
+  //
+  ZeroMem (Digest, MAX_DIGEST_SIZE);
+  CtxSize = Sha512GetContextSize ();
+  HashCtx = AllocatePool (CtxSize);
+  Print (L"Init... ");
+  Status  = Sha512Init (HashCtx);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  Print (L"Update... ");
+  Status  = Sha512Update (HashCtx, HashData, DataSize);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  Print (L"Finalize... ");
+  Status  = Sha512Final (HashCtx, Digest);
+  if (!Status) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  FreePool (HashCtx);
+  Print (L"Check Value... ");
+  if (CompareMem (Digest, Sha512Digest, SHA512_DIGEST_SIZE) != 0) {
+    Print (L"[Fail]");
+    return EFI_ABORTED;
+  }
+  Print (L"[Pass]\n");
   return EFI_SUCCESS;
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c

r48674	r58459
206	206	IN CONST UINT8 *MessageHash,
207	207	IN UINTN HashLength,
208		IN ~~UINT8~~ *Signature,
	208	IN CONST UINT8 *Signature,
209	209	IN UINTN SigLength
210	210	)

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h

r48674	r58459
180	180	IN CONST UINT8 *MessageHash,
181	181	IN UINTN HashLength,
182		IN ~~UINT8~~ *Signature,
	182	IN CONST UINT8 *Signature,
183	183	IN UINTN SigLength
184	184	);

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf

-              r48674
+              r58459
 ## @file
 #  Component description file for Cryptographic Runtime Driver.
+#  This driver installs runtime Crypt protocol to provide SHA256 and RSA service.
+#
 #  Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = CryptRuntimeDxe
+  MODULE_UNI_FILE                = CryptRuntimeDxe.uni
   FILE_GUID                      = 858031F3-96A2-406E-ABCC-ED264A3A31D6
   MODULE_TYPE                    = DXE_RUNTIME_DRIVER
 …
 [Depex]
   TRUE
+[UserExtensions.TianoCore."ExtraFiles"]
+  CryptRuntimeDxeExtra.uni

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/CryptoPkg.dec

-              r48674
+              r58459
 #  Package for cryptography modules.
+#
 #  This Package provides cryptographic-related libraries for UEFI
 #  security modules.
+#  This Package provides cryptographic-related libraries for UEFI security modules.
+#  It also provides a test application to test libraries.
+#
 #  Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 …
   DEC_SPECIFICATION              = 0x00010005
   PACKAGE_NAME                   = CryptoPkg
+  PACKAGE_UNI_FILE               = CryptoPkg.uni
   PACKAGE_GUID                   = 36470E80-36F2-4ba0-8CC8-937C7D9FF888
   PACKAGE_VERSION                = 0.92
+  PACKAGE_VERSION                = 0.96
 [Includes]
 …
   ## Include/Protocol/RuntimeCrypt.h
   gEfiRuntimeCryptProtocolGuid = { 0xe1475e0c, 0x1746, 0x4802, {0x86, 0x2e, 0x1, 0x1c, 0x2c, 0x2d, 0x9d, 0x86 }}
+[UserExtensions.TianoCore."ExtraFiles"]
+  CryptoPkgExtra.uni

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/CryptoPkg.dsc

-              r48674
+              r58459
 #  Cryptographic Library Package for UEFI Security Implementation.
+#
 #  Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 …
   PLATFORM_NAME                  = CryptoPkg
   PLATFORM_GUID                  = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
   PLATFORM_VERSION               = 0.92
+  PLATFORM_VERSION               = 0.96
   DSC_SPECIFICATION              = 0x00010005
   OUTPUT_DIRECTORY               = Build/CryptoPkg
   SUPPORTED_ARCHITECTURES        = IA32|X64|IPF|ARM
+  SUPPORTED_ARCHITECTURES        = IA32|X64|IPF|ARM|AARCH64
   BUILD_TARGETS                  = DEBUG|RELEASE
   SKUID_IDENTIFIER               = DEFAULT
 …
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
 [LibraryClasses.ARM]
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+  #
   # It is not possible to prevent the ARM compiler for generic intrinsic functions.
   # This library provides the instrinsic functions generate by a given compiler.
+  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
+  # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
+  # into all ARM and AARCH64 images.
+  #
   NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+  # Add support for stack protector
+  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
 [LibraryClasses.common.PEIM]
 …
 [LibraryClasses.common.UEFI_APPLICATION]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+###############################################################################
+#
+# BuildOptions Section - Define the module specific tool chain flags that
+#                        should be used as the default flags for a module.
+#                        These flags are appended to any standard flags that
+#                        are defined by the build process.
+#
+# -JCryptoPkg/Include : To disable the use of the system includes provided by
+#                       the RVCT toolchain.
+# --diag_remark=1     : To make the warning "#1-D: last line of file ends
+#                       without a newline" just a remark such that the
+#                       build doesn't stop as warnings are considered as
+#                       errors.
+#
+################################################################################
+[BuildOptions]
+RVCT:*_*_ARM_CC_FLAGS = -JCryptoPkg/Include --diag_remark=1
 ################################################################################

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Include/Library/BaseCryptLib.h

-              r48674
+              r58459
   functionality enabling.
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #define __BASE_CRYPT_LIB_H__
+#include <Uefi/UefiBaseType.h>
 ///
 /// MD4 digest size in bytes
 …
 ///
 #define SHA256_DIGEST_SIZE  32
+///
+/// SHA-384 digest size in bytes
+///
+#define SHA384_DIGEST_SIZE  48
+///
+/// SHA-512 digest size in bytes
+///
+#define SHA512_DIGEST_SIZE  64
 ///
 …
   Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for MD4 hash operations.
+  @retval  0   This interface is not supported.
 **/
 …
   If Md4Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  Md4Context  Pointer to MD4 context being initialized.
 …
   @retval TRUE   MD4 context initialization succeeded.
   @retval FALSE  MD4 context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Md4Context is NULL, then return FALSE.
   If NewMd4Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  Md4Context     Pointer to MD4 context being copied.
 …
   @retval TRUE   MD4 context copy succeeded.
   @retval FALSE  MD4 context copy failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Md4Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  Md4Context  Pointer to the MD4 context.
 …
   @retval TRUE   MD4 data digest succeeded.
   @retval FALSE  MD4 data digest failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Md4Context is NULL, then return FALSE.
   If HashValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  Md4Context  Pointer to the MD4 context.
 …
   @retval TRUE   MD4 digest computation succeeded.
   @retval FALSE  MD4 digest computation failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for MD5 hash operations.
+  @retval  0   This interface is not supported.
 **/
 …
   If Md5Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  Md5Context  Pointer to MD5 context being initialized.
 …
   @retval TRUE   MD5 context initialization succeeded.
   @retval FALSE  MD5 context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Md5Context is NULL, then return FALSE.
   If NewMd5Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  Md5Context     Pointer to MD5 context being copied.
 …
   @retval TRUE   MD5 context copy succeeded.
   @retval FALSE  MD5 context copy failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Md5Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  Md5Context  Pointer to the MD5 context.
 …
   @retval TRUE   MD5 data digest succeeded.
   @retval FALSE  MD5 data digest failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Md5Context is NULL, then return FALSE.
   If HashValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  Md5Context  Pointer to the MD5 context.
 …
   @retval TRUE   MD5 digest computation succeeded.
   @retval FALSE  MD5 digest computation failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for SHA-1 hash operations.
+  @retval  0   This interface is not supported.
 **/
 …
   If Sha1Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  Sha1Context  Pointer to SHA-1 context being initialized.
 …
   @retval TRUE   SHA-1 context initialization succeeded.
   @retval FALSE  SHA-1 context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Sha1Context is NULL, then return FALSE.
   If NewSha1Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  Sha1Context     Pointer to SHA-1 context being copied.
 …
   @retval TRUE   SHA-1 context copy succeeded.
   @retval FALSE  SHA-1 context copy failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Sha1Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
 …
   @retval TRUE   SHA-1 data digest succeeded.
   @retval FALSE  SHA-1 data digest failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Sha1Context is NULL, then return FALSE.
   If HashValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
 …
   @retval TRUE   SHA-1 digest computation succeeded.
   @retval FALSE  SHA-1 digest computation failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Sha256Context is NULL, then return FALSE.
   If NewSha256Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  Sha256Context     Pointer to SHA-256 context being copied.
 …
   @retval TRUE   SHA-256 context copy succeeded.
   @retval FALSE  SHA-256 context copy failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   );
+/**
+  Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.
+  @return  The size, in bytes, of the context buffer required for SHA-384 hash operations.
+**/
+UINTN
+EFIAPI
+Sha384GetContextSize (
+  VOID
+  );
+/**
+  Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for
+  subsequent use.
+  If Sha384Context is NULL, then return FALSE.
+  @param[out]  Sha384Context  Pointer to SHA-384 context being initialized.
+  @retval TRUE   SHA-384 context initialization succeeded.
+  @retval FALSE  SHA-384 context initialization failed.
+**/
+BOOLEAN
+EFIAPI
+Sha384Init (
+  OUT  VOID  *Sha384Context
+  );
+/**
+  Makes a copy of an existing SHA-384 context.
+  If Sha384Context is NULL, then return FALSE.
+  If NewSha384Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+  @param[in]  Sha384Context     Pointer to SHA-384 context being copied.
+  @param[out] NewSha384Context  Pointer to new SHA-384 context.
+  @retval TRUE   SHA-384 context copy succeeded.
+  @retval FALSE  SHA-384 context copy failed.
+  @retval FALSE  This interface is not supported.
+**/
+BOOLEAN
+EFIAPI
+Sha384Duplicate (
+  IN   CONST VOID  *Sha384Context,
+  OUT  VOID        *NewSha384Context
+  );
+/**
+  Digests the input data and updates SHA-384 context.
+  This function performs SHA-384 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  SHA-384 context should be already correctly intialized by Sha384Init(), and should not be finalized
+  by Sha384Final(). Behavior with invalid context is undefined.
+  If Sha384Context is NULL, then return FALSE.
+  @param[in, out]  Sha384Context  Pointer to the SHA-384 context.
+  @param[in]       Data           Pointer to the buffer containing the data to be hashed.
+  @param[in]       DataSize       Size of Data buffer in bytes.
+  @retval TRUE   SHA-384 data digest succeeded.
+  @retval FALSE  SHA-384 data digest failed.
+**/
+BOOLEAN
+EFIAPI
+Sha384Update (
+  IN OUT  VOID        *Sha384Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  );
+/**
+  Completes computation of the SHA-384 digest value.
+  This function completes SHA-384 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the SHA-384 context cannot
+  be used again.
+  SHA-384 context should be already correctly intialized by Sha384Init(), and should not be
+  finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.
+  If Sha384Context is NULL, then return FALSE.
+  If HashValue is NULL, then return FALSE.
+  @param[in, out]  Sha384Context  Pointer to the SHA-384 context.
+  @param[out]      HashValue      Pointer to a buffer that receives the SHA-384 digest
+                                  value (48 bytes).
+  @retval TRUE   SHA-384 digest computation succeeded.
+  @retval FALSE  SHA-384 digest computation failed.
+**/
+BOOLEAN
+EFIAPI
+Sha384Final (
+  IN OUT  VOID   *Sha384Context,
+  OUT     UINT8  *HashValue
+  );
+/**
+  Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.
+  @return  The size, in bytes, of the context buffer required for SHA-512 hash operations.
+**/
+UINTN
+EFIAPI
+Sha512GetContextSize (
+  VOID
+  );
+/**
+  Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for
+  subsequent use.
+  If Sha512Context is NULL, then return FALSE.
+  @param[out]  Sha512Context  Pointer to SHA-512 context being initialized.
+  @retval TRUE   SHA-512 context initialization succeeded.
+  @retval FALSE  SHA-512 context initialization failed.
+**/
+BOOLEAN
+EFIAPI
+Sha512Init (
+  OUT  VOID  *Sha512Context
+  );
+/**
+  Makes a copy of an existing SHA-512 context.
+  If Sha512Context is NULL, then return FALSE.
+  If NewSha512Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+  @param[in]  Sha512Context     Pointer to SHA-512 context being copied.
+  @param[out] NewSha512Context  Pointer to new SHA-512 context.
+  @retval TRUE   SHA-512 context copy succeeded.
+  @retval FALSE  SHA-512 context copy failed.
+  @retval FALSE  This interface is not supported.
+**/
+BOOLEAN
+EFIAPI
+Sha512Duplicate (
+  IN   CONST VOID  *Sha512Context,
+  OUT  VOID        *NewSha512Context
+  );
+/**
+  Digests the input data and updates SHA-512 context.
+  This function performs SHA-512 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  SHA-512 context should be already correctly intialized by Sha512Init(), and should not be finalized
+  by Sha512Final(). Behavior with invalid context is undefined.
+  If Sha512Context is NULL, then return FALSE.
+  @param[in, out]  Sha512Context  Pointer to the SHA-512 context.
+  @param[in]       Data           Pointer to the buffer containing the data to be hashed.
+  @param[in]       DataSize       Size of Data buffer in bytes.
+  @retval TRUE   SHA-512 data digest succeeded.
+  @retval FALSE  SHA-512 data digest failed.
+**/
+BOOLEAN
+EFIAPI
+Sha512Update (
+  IN OUT  VOID        *Sha512Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  );
+/**
+  Completes computation of the SHA-512 digest value.
+  This function completes SHA-512 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the SHA-512 context cannot
+  be used again.
+  SHA-512 context should be already correctly intialized by Sha512Init(), and should not be
+  finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.
+  If Sha512Context is NULL, then return FALSE.
+  If HashValue is NULL, then return FALSE.
+  @param[in, out]  Sha512Context  Pointer to the SHA-512 context.
+  @param[out]      HashValue      Pointer to a buffer that receives the SHA-512 digest
+                                  value (64 bytes).
+  @retval TRUE   SHA-512 digest computation succeeded.
+  @retval FALSE  SHA-512 digest computation failed.
+**/
+BOOLEAN
+EFIAPI
+Sha512Final (
+  IN OUT  VOID   *Sha512Context,
+  OUT     UINT8  *HashValue
+  );
 //=====================================================================================
 …
   Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for HMAC-MD5 operations.
+  @retval  0   This interface is not supported.
 **/
 …
   If HmacMd5Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.
 …
   @retval TRUE   HMAC-MD5 context initialization succeeded.
   @retval FALSE  HMAC-MD5 context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If HmacMd5Context is NULL, then return FALSE.
   If NewHmacMd5Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.
 …
   @retval TRUE   HMAC-MD5 context copy succeeded.
   @retval FALSE  HMAC-MD5 context copy failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If HmacMd5Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
 …
   @retval TRUE   HMAC-MD5 data digest succeeded.
   @retval FALSE  HMAC-MD5 data digest failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If HmacMd5Context is NULL, then return FALSE.
   If HashValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
 …
   @retval TRUE   HMAC-MD5 digest computation succeeded.
   @retval FALSE  HMAC-MD5 digest computation failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+  @retval  0   This interface is not supported.
 **/
 …
   If HmacSha1Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.
 …
   @retval TRUE   HMAC-SHA1 context initialization succeeded.
   @retval FALSE  HMAC-SHA1 context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If HmacSha1Context is NULL, then return FALSE.
   If NewHmacSha1Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
 …
   @retval TRUE   HMAC-SHA1 context copy succeeded.
   @retval FALSE  HMAC-SHA1 context copy failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If HmacSha1Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
 …
   @retval TRUE   HMAC-SHA1 data digest succeeded.
   @retval FALSE  HMAC-SHA1 data digest failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If HmacSha1Context is NULL, then return FALSE.
   If HashValue is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
 …
   @retval TRUE   HMAC-SHA1 digest computation succeeded.
   @retval FALSE  HMAC-SHA1 digest computation failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   );
 //=====================================================================================
 //    Symmetric Cryptography Primitive
 …
   Retrieves the size, in bytes, of the context buffer required for TDES operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for TDES operations.
+  @retval  0   This interface is not supported.
 **/
 …
   This function initializes user-supplied memory pointed by TdesContext as TDES context.
   In addtion, it sets up all TDES key materials for subsequent encryption and decryption
+  In addition, it sets up all TDES key materials for subsequent encryption and decryption
   operations.
   There are 3 key options as follows:
 …
   If Key is NULL, then return FALSE.
   If KeyLength is not valid, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  TdesContext  Pointer to TDES context being initialized.
 …
   @retval TRUE   TDES context initialization succeeded.
   @retval FALSE  TDES context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If InputSize is not multiple of block size (8 bytes), then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   TdesContext  Pointer to the TDES context.
 …
   @retval TRUE   TDES encryption succeeded.
   @retval FALSE  TDES encryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If InputSize is not multiple of block size (8 bytes), then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   TdesContext  Pointer to the TDES context.
 …
   @retval TRUE   TDES decryption succeeded.
   @retval FALSE  TDES decryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Ivec is NULL, then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   TdesContext  Pointer to the TDES context.
 …
   @retval TRUE   TDES encryption succeeded.
   @retval FALSE  TDES encryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Ivec is NULL, then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   TdesContext  Pointer to the TDES context.
 …
   @retval TRUE   TDES decryption succeeded.
   @retval FALSE  TDES decryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   Retrieves the size, in bytes, of the context buffer required for AES operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for AES operations.
+  @retval  0   This interface is not supported.
 **/
 …
   This function initializes user-supplied memory pointed by AesContext as AES context.
   In addtion, it sets up all AES key materials for subsequent encryption and decryption
+  In addition, it sets up all AES key materials for subsequent encryption and decryption
   operations.
   There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
 …
   If Key is NULL, then return FALSE.
   If KeyLength is not valid, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  AesContext  Pointer to AES context being initialized.
 …
   @retval TRUE   AES context initialization succeeded.
   @retval FALSE  AES context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If InputSize is not multiple of block size (16 bytes), then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   AesContext  Pointer to the AES context.
 …
   @retval TRUE   AES encryption succeeded.
   @retval FALSE  AES encryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If InputSize is not multiple of block size (16 bytes), then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   AesContext  Pointer to the AES context.
 …
   @retval TRUE   AES decryption succeeded.
   @retval FALSE  AES decryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Ivec is NULL, then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   AesContext  Pointer to the AES context.
 …
   @retval TRUE   AES encryption succeeded.
   @retval FALSE  AES encryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Ivec is NULL, then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   AesContext  Pointer to the AES context.
 …
   @retval TRUE   AES decryption succeeded.
   @retval FALSE  AES decryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
+  If this interface is not supported, then return zero.
   @return  The size, in bytes, of the context buffer required for ARC4 operations.
+  @retval  0   This interface is not supported.
 **/
 …
   This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
   In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption
+  In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
   operations.
 …
   If Key is NULL, then return FALSE.
   If KeySize does not in the range of [5, 256] bytes, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
 …
   @retval TRUE   ARC4 context initialization succeeded.
   @retval FALSE  ARC4 context initialization failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Input is NULL, then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   Arc4Context  Pointer to the ARC4 context.
 …
   @retval TRUE   ARC4 encryption succeeded.
   @retval FALSE  ARC4 encryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Input is NULL, then return FALSE.
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]   Arc4Context  Pointer to the ARC4 context.
 …
   @retval TRUE   ARC4 decryption succeeded.
   @retval FALSE  ARC4 decryption failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Arc4Context is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  Arc4Context  Pointer to the ARC4 context.
 …
   @retval TRUE   ARC4 reset succeeded.
   @retval FALSE  ARC4 reset failed.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If BnSize is NULL, then return FALSE.
   If BnSize is large enough but BigNumber is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  RsaContext  Pointer to RSA context being set.
 …
   @retval  FALSE  Invalid RSA key component tag.
   @retval  FALSE  BnSize is too small.
+  @retval  FALSE  This interface is not supported.
 **/
 …
   If RsaContext is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  RsaContext           Pointer to RSA context being set.
   @param[in]       ModulusLength        Length of RSA modulus N in bits.
   @param[in]       PublicExponent       Pointer to RSA public exponent.
   @param[in]       PublicExponentSize   Size of RSA public exponent buffer in bytes.
+  @param[in]       PublicExponentSize   Size of RSA public exponent buffer in bytes.
   @retval  TRUE   RSA key component was generated successfully.
   @retval  FALSE  Invalid RSA key component tag.
+  @retval  FALSE  This interface is not supported.
 **/
 …
 /**
   Validates key components of RSA context.
+  NOTE: This function performs integrity checks on all the RSA key material, so
+        the RSA key structure must contain all the private key data.
   This function validates key compoents of RSA context in following aspects:
 …
   If RsaContext is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  RsaContext  Pointer to RSA context to check.
 …
   @retval  TRUE   RSA key components are valid.
   @retval  FALSE  RSA key components are not valid.
+  @retval  FALSE  This interface is not supported.
 **/
 …
   If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
   If SigSize is large enough but Signature is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]      RsaContext   Pointer to RSA context for signature generation.
 …
   @retval  FALSE  Signature generation failed.
   @retval  FALSE  SigSize is too small.
+  @retval  FALSE  This interface is not supported.
 **/
 …
   IN  CONST UINT8  *MessageHash,
   IN  UINTN        HashSize,
   IN  UINT8        *Signature,
+  IN  CONST UINT8  *Signature,
   IN  UINTN        SigSize
   );
 …
 /**
   Retrieve the RSA Private Key from the password-protected PEM key data.
+  If PemData is NULL, then return FALSE.
+  If RsaContext is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.
 …
                            resource.
-  If PemData is NULL, then return FALSE.
-  If RsaContext is NULL, then return FALSE.
   @retval  TRUE   RSA Private Key was retrieved successfully.
   @retval  FALSE  Invalid PEM key data or incorrect password.
+  @retval  FALSE  This interface is not supported.
 **/
 …
   Retrieve the RSA Public Key from one DER-encoded X509 certificate.
+  If Cert is NULL, then return FALSE.
+  If RsaContext is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  Cert         Pointer to the DER-encoded X509 certificate.
   @param[in]  CertSize     Size of the X509 certificate in bytes.
 …
                            resource.
-  If Cert is NULL, then return FALSE.
-  If RsaContext is NULL, then return FALSE.
   @retval  TRUE   RSA Public Key was retrieved successfully.
   @retval  FALSE  Fail to retrieve RSA public key from X509 certificate.
+  @retval  FALSE  This interface is not supported.
 **/
 …
 /**
   Retrieve the subject bytes from one X.509 certificate.
+  If Cert is NULL, then return FALSE.
+  If SubjectSize is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]      Cert         Pointer to the DER-encoded X509 certificate.
 …
                                and the size of buffer returned CertSubject on output.
-  If Cert is NULL, then return FALSE.
-  If SubjectSize is NULL, then return FALSE.
   @retval  TRUE   The certificate subject retrieved successfully.
   @retval  FALSE  Invalid certificate, or the SubjectSize is too small for the result.
                   The SubjectSize will be updated with the required size.
+  @retval  FALSE  This interface is not supported.
 **/
 …
   Verify one X509 certificate was issued by the trusted CA.
+  If Cert is NULL, then return FALSE.
+  If CACert is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.
   @param[in]      CertSize     Size of the X509 certificate in bytes.
 …
   @param[in]      CACertSize   Size of the CA Certificate in bytes.
-  If Cert is NULL, then return FALSE.
-  If CACert is NULL, then return FALSE.
   @retval  TRUE   The certificate was issued by the trusted CA.
   @retval  FALSE  Invalid certificate or the certificate was not issued by the given
                   trusted CA.
+  @retval  FALSE  This interface is not supported.
 **/
 …
   If Cert is NULL, then return FALSE.
   If SingleX509Cert is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  Cert            Pointer to the DER-encoded certificate data.
 …
   @retval     TRUE            The X509 object generation succeeded.
   @retval     FALSE           The operation failed.
+  @retval     FALSE           This interface is not supported.
 **/
 …
   If X509Stack is NULL, then return FALSE.
+  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
+  If this interface is not supported, then return FALSE.
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
                               On output, pointer to the X509 stack object with new
                               inserted X509 certificate.
 …
                               by certificate size. A NULL terminates the list. The
                               pairs are the arguments to X509ConstructCertificate().
   @retval     TRUE            The X509 stack construction succeeded.
   @retval     FALSE           The construction operation failed.
+  @retval     FALSE           This interface is not supported.
 **/
 …
 X509ConstructCertificateStack (
   IN OUT  UINT8  **X509Stack,
   ...
+  ...
   );
 …
   Release the specified X509 object.
   If X509Cert is NULL, then return FALSE.
+  If the interface is not supported, then ASSERT().
   @param[in]  X509Cert  Pointer to the X509 object to be released.
 …
   Release the specified X509 stack object.
   If X509Stack is NULL, then return FALSE.
+  If the interface is not supported, then ASSERT().
   @param[in]  X509Stack  Pointer to the X509 stack object to be released.
 …
 X509StackFree (
   IN  VOID  *X509Stack
+  );
+/**
+  Retrieve the TBSCertificate from one given X.509 certificate.
+  @param[in]      Cert         Pointer to the given DER-encoded X509 certificate.
+  @param[in]      CertSize     Size of the X509 certificate in bytes.
+  @param[out]     TBSCert      DER-Encoded To-Be-Signed certificate.
+  @param[out]     TBSCertSize  Size of the TBS certificate in bytes.
+  If Cert is NULL, then return FALSE.
+  If TBSCert is NULL, then return FALSE.
+  If TBSCertSize is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+  @retval  TRUE   The TBSCertificate was retrieved successfully.
+  @retval  FALSE  Invalid X.509 certificate.
+**/
+BOOLEAN
+EFIAPI
+X509GetTBSCert (
+  IN  CONST UINT8  *Cert,
+  IN  UINTN        CertSize,
+  OUT UINT8        **TBSCert,
+  OUT UINTN        *TBSCertSize
   );
 …
   If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
   return FALSE. If P7Length overflow, then return FAlSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
 …
   @retval  TRUE            The operation is finished successfully.
   @retval  FALSE           Error occurs during the operation.
+  @retval  FALSE           This interface is not supported.
 **/
 …
   Wrap function to use free() to free allocated memory for certificates.
+  If this interface is not supported, then ASSERT().
   @param[in]  Certs        Pointer to the certificates to be freed.
 …
   Syntax Standard, version 1.5". This interface is only intended to be used for
   application to perform PKCS#7 functionality validation.
+  If this interface is not supported, then return FALSE.
   @param[in]  PrivateKey       Pointer to the PEM-formatted private key data for
 …
   @retval     TRUE             PKCS#7 data signing succeeded.
   @retval     FALSE            PKCS#7 data signing failed.
+  @retval     FALSE            This interface is not supported.
 **/
 …
   If P7Data, TrustedCert or InData is NULL, then return FALSE.
   If P7Length, CertLength or DataLength overflow, then return FAlSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
 …
   @retval  TRUE  The specified PKCS#7 signed data is valid.
   @retval  FALSE Invalid PKCS#7 signed data.
+  @retval  FALSE This interface is not supported.
 **/
 …
 /**
+  Extracts the attached content from a PKCS#7 signed data if existed. The input signed
+  data could be wrapped in a ContentInfo structure.
+  If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,
+  then return FAlSE. If the P7Data is not correctly formatted, then return FALSE.
+  Caution: This function may receive untrusted input. So this function will do
+           basic check for PKCS#7 data structure.
+  @param[in]   P7Data       Pointer to the PKCS#7 signed data to process.
+  @param[in]   P7Length     Length of the PKCS#7 signed data in bytes.
+  @param[out]  Content      Pointer to the extracted content from the PKCS#7 signedData.
+                            It's caller's responsiblity to free the buffer.
+  @param[out]  ContentSize  The size of the extracted content in bytes.
+  @retval     TRUE          The P7Data was correctly formatted for processing.
+  @retval     FALSE         The P7Data was not correctly formatted for processing.
+*/
+BOOLEAN
+EFIAPI
+Pkcs7GetAttachedContent (
+  IN  CONST UINT8  *P7Data,
+  IN  UINTN        P7Length,
+  OUT VOID         **Content,
+  OUT UINTN        *ContentSize
+  );
+/**
   Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
   Authenticode Portable Executable Signature Format".
 …
   If AuthData is NULL, then return FALSE.
   If ImageHash is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
 …
   @retval  TRUE   The specified Authenticode Signature is valid.
   @retval  FALSE  Invalid Authenticode Signature.
+  @retval  FALSE  This interface is not supported.
 **/
 …
   );
+/**
+  Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode
+  signature.
+  If AuthData is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+  @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
+                           PE/COFF image to be verified.
+  @param[in]  DataSize     Size of the Authenticode Signature in bytes.
+  @param[in]  TsaCert      Pointer to a trusted/root TSA certificate encoded in DER, which
+                           is used for TSA certificate chain verification.
+  @param[in]  CertSize     Size of the trusted certificate in bytes.
+  @param[out] SigningTime  Return the time of timestamp generation time if the timestamp
+                           signature is valid.
+  @retval  TRUE   The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.
+  @retval  FALSE  No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.
+**/
+BOOLEAN
+EFIAPI
+ImageTimestampVerify (
+  IN  CONST UINT8  *AuthData,
+  IN  UINTN        DataSize,
+  IN  CONST UINT8  *TsaCert,
+  IN  UINTN        CertSize,
+  OUT EFI_TIME     *SigningTime
+  );
 //=====================================================================================
 //    DH Key Exchange Primitive
 …
   @return  Pointer to the Diffie-Hellman Context that has been initialized.
            If the allocations fails, DhNew() returns NULL.
+           If the interface is not supported, DhNew() returns NULL.
 **/
 …
   Release the specified DH context.
   If DhContext is NULL, then return FALSE.
+  If the interface is not supported, then ASSERT().
   @param[in]  DhContext  Pointer to the DH context to be released.
 …
   Given generator g, and length of prime number p in bits, this function generates p,
   and sets DH context according to value of g and p.
   Before this function can be invoked, pseudorandom number generator must be correctly
   initialized by RandomSeed().
 …
   If DhContext is NULL, then return FALSE.
   If Prime is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  DhContext    Pointer to the DH context.
 …
   @retval FALSE  Value of Generator is not supported.
   @retval FALSE  PRNG fails to generate random prime number with PrimeLength.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If DhContext is NULL, then return FALSE.
   If Prime is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  DhContext    Pointer to the DH context.
 …
   @retval FALSE  Value of Prime is not a prime number.
   @retval FALSE  Value of Prime is not a safe prime number.
+  @retval FALSE  This interface is not supported.
 **/
 …
   Generates DH public key.
   This function generates random secret exponent, and computes the public key, which is
+  This function generates random secret exponent, and computes the public key, which is
   returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.
   If the PublicKey buffer is too small to hold the public key, FALSE is returned and
 …
   If PublicKeySize is NULL, then return FALSE.
   If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  DhContext      Pointer to the DH context.
 …
   @retval FALSE  DH public key generation failed.
   @retval FALSE  PublicKeySize is not large enough.
+  @retval FALSE  This interface is not supported.
 **/
 …
   Given peer's public key, this function computes the exchanged common key, based on its own
   context including value of prime modulus and random secret exponent.
+  context including value of prime modulus and random secret exponent.
   If DhContext is NULL, then return FALSE.
   If PeerPublicKey is NULL, then return FALSE.
   If KeySize is NULL, then return FALSE.
+  If KeySize is large enough but Key is NULL, then return FALSE.
+  If Key is NULL, then return FALSE.
+  If KeySize is not large enough, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[in, out]  DhContext          Pointer to the DH context.
 …
   @retval FALSE  DH exchanged key generation failed.
   @retval FALSE  KeySize is not large enough.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Seed is not NULL, then the seed passed in is used.
   If Seed is NULL, then default seed is used.
+  If this interface is not supported, then return FALSE.
   @param[in]  Seed      Pointer to seed value.
 …
   @retval TRUE   Pseudorandom number generator has enough entropy for random generation.
   @retval FALSE  Pseudorandom number generator does not have enough entropy for random generation.
+  @retval FALSE  This interface is not supported.
 **/
 …
   If Output is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
   @param[out]  Output  Pointer to buffer to receive random value.
 …
   @retval TRUE   Pseudorandom byte stream generated successfully.
   @retval FALSE  Pseudorandom number generator fails to generate due to lack of entropy.
+  @retval FALSE  This interface is not supported.
 **/

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Include/OpenSslSupport.h

-              r48674
+              r58459
   Root include file to support building OpenSSL Crypto Library.
 Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
    For pre-Standard C compilers, here is a version that usually works
    (but watch out!): */
 #define offsetof(type, member) ( (int) & ((type*)0) -> member )
+#define offsetof(type, member) OFFSET_OF (type, member)
 //
 …
   char  *tm_zone;   /* timezone abbreviation */
 };
+struct timeval {
+  long tv_sec;      /* time value, in seconds */
+  long tv_usec;     /* time value, in microseconds */
+} timeval;
 struct dirent {
 …
 #define localtime(timer)                  NULL
 #define gmtime_r(timer,result)            (result = NULL)
+#define atoi(nptr)                        AsciiStrDecimalToUintn(nptr)
 #endif

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Include/Protocol/RuntimeCrypt.h

r48674	r58459
182	182	IN CONST UINT8 *MessageHash,
183	183	IN UINTN HashLength,
184		IN ~~UINT8~~ *Signature,
	184	IN CONST UINT8 *Signature,
185	185	IN UINTN SigLength
186	186	);

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf

-              r48674
+              r58459
 #  Cryptographic Library Instance for DXE_DRIVER.
+#
+#  Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
 #  http://opensource.org/licenses/bsd-license.php
+#
+#
 #  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
 ##
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = BaseCryptLib
+  MODULE_UNI_FILE                = BaseCryptLib.uni
   FILE_GUID                      = be3bb803-91b6-4da0-bd91-a8b21c18ca5d
   MODULE_TYPE                    = BASE
+  MODULE_TYPE                    = DXE_DRIVER
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = BaseCryptLib
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
+#
 # The following information is for reference only and not required by the build tools.
+#
 #  VALID_ARCHITECTURES           = IA32 X64 IPF ARM
+#  VALID_ARCHITECTURES           = IA32 X64 IPF ARM AARCH64
+#
 …
   Hash/CryptSha1.c
   Hash/CryptSha256.c
+  Hash/CryptSha512.c
   Hmac/CryptHmacMd5.c
   Hmac/CryptHmacSha1.c
 …
   Cipher/CryptTdes.c
   Cipher/CryptArc4.c
+  Pk/CryptRsa.c
+  Pk/CryptPkcs7.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExt.c
+  Pk/CryptPkcs7Sign.c
+  Pk/CryptPkcs7Verify.c
   Pk/CryptDh.c
   Pk/CryptX509.c
   Pk/CryptAuthenticode.c
+  Pk/CryptTs.c
   Pem/CryptPem.c
 …
 [Sources.Ia32]
-  SysCall/Ia32/MathMultS64x64.c     | MSFT
-  SysCall/Ia32/MathDivU64x64.c      | MSFT
-  SysCall/Ia32/MathReminderU64x64.c | MSFT
-  SysCall/Ia32/MathLShiftS64.c      | MSFT
-  SysCall/Ia32/MathRShiftU64.c      | MSFT
-  SysCall/Ia32/MathMultS64x64.c     | INTEL
-  SysCall/Ia32/MathDivU64x64.c      | INTEL
-  SysCall/Ia32/MathReminderU64x64.c | INTEL
-  SysCall/Ia32/MathLShiftS64.c      | INTEL
-  SysCall/Ia32/MathRShiftU64.c      | INTEL
-  SysCall/Ia32/MathMultS64x64.S     | GCC
-  SysCall/Ia32/MathDivU64x64.S      | GCC
-  SysCall/Ia32/MathReminderU64x64.S | GCC
-  SysCall/Ia32/MathLShiftS64.S      | GCC
-  SysCall/Ia32/MathRShiftU64.S      | GCC
   Rand/CryptRandTsc.c
 …
   Rand/CryptRand.c
+[Sources.AARCH64]
+  Rand/CryptRand.c
 [Packages]
   MdePkg/MdePkg.dec
 …
   BaseMemoryLib
   MemoryAllocationLib
+  UefiRuntimeServicesTableLib
   DebugLib
   OpensslLib
 …
+#
 [BuildOptions]
+  # suppress the following warnings so we do not break the build with warnings-as-errors:
+  #   C4305: truncation from type1 to type2 (Introduced by RFC3161 Timestamp ASN.1 declarations)
+  MSFT:*_*_*_CC_FLAGS = /wd4305
   GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c

-              r48674
+              r58459
   This function initializes user-supplied memory pointed by AesContext as AES context.
   In addtion, it sets up all AES key materials for subsequent encryption and decryption
+  In addition, it sets up all AES key materials for subsequent encryption and decryption
   operations.
   There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
 …
   // Check input parameters.
   //
+  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
+  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
+    return FALSE;
+  }
+  if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
     return FALSE;
+  }
 …
   // Check input parameters.
   //
+  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
+  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
+    return FALSE;
+  }
+  if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
     return FALSE;
+  }

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c

-              r48674
+              r58459
   // the working copy to the initial state.
   //
   return (UINTN) (2 * sizeof(RC4_KEY));
+  return (UINTN) (2 * sizeof (RC4_KEY));
+}
 …
   This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
   In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption
+  In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
   operations.
 …
   RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
   CopyMem (Rc4Key +  1, Rc4Key, sizeof(RC4_KEY));
+  CopyMem (Rc4Key +  1, Rc4Key, sizeof (RC4_KEY));
   return TRUE;
 …
   // Check input parameters.
   //
   if (Arc4Context == NULL || Input == NULL || Output == NULL) {
+  if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
     return FALSE;
+  }
 …
   // Check input parameters.
   //
   if (Arc4Context == NULL || Input == NULL || Output == NULL) {
+  if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
     return FALSE;
+  }
 …
   Rc4Key = (RC4_KEY *) Arc4Context;
   CopyMem (Rc4Key, Rc4Key + 1, sizeof(RC4_KEY));
   return TRUE;
+}
+  CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
+  return TRUE;
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c

-              r48674
+              r58459
   This function initializes user-supplied memory pointed by TdesContext as TDES context.
   In addtion, it sets up all TDES key materials for subsequent encryption and decryption
+  In addition, it sets up all TDES key materials for subsequent encryption and decryption
   operations.
   There are 3 key options as follows:
 …
   //
   //
   //
   if (DES_is_weak_key ((const_DES_cblock *) Key)) {
+  // If input Key is a weak key, return error.
+  //
+  if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
     return FALSE;
+  }
 …
+  }
   if (DES_is_weak_key ((const_DES_cblock *) Key + 8)) {
+  if (DES_is_weak_key ((const_DES_cblock *) Key + 8) == 1) {
     return FALSE;
+  }
 …
+  }
   if (DES_is_weak_key ((const_DES_cblock *) Key + 16)) {
+  if (DES_is_weak_key ((const_DES_cblock *) Key + 16) == 1) {
     return FALSE;
+  }
 …
   // Check input parameters.
   //
+  if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
+  if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
+    return FALSE;
+  }
+  if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
     return FALSE;
+  }
 …
   // Check input parameters.
   //
+  if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
+  if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
+    return FALSE;
+  }
+  if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
     return FALSE;
+  }

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c

-              r48674
+              r58459
   // Retrieves the OpenSSL MD4 Context Size
   //
   return (UINTN)(sizeof (MD4_CTX));
+  return (UINTN) (sizeof (MD4_CTX));
+}
 …
   // OpenSSL MD4 Context Initialization
   //
   return (BOOLEAN) (MD4_Init ((MD4_CTX *)Md4Context));
+  return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context));
+}
 …
   // OpenSSL MD4 Hash Update
   //
   return (BOOLEAN) (MD4_Update ((MD4_CTX *)Md4Context, Data, DataSize));
+  return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize));
+}
 …
   // OpenSSL MD4 Hash Finalization
   //
   return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *)Md4Context));
+  return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context));
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c

-              r48674
+              r58459
   // Retrieves the OpenSSL MD5 Context Size
   //
   return (UINTN)(sizeof (MD5_CTX));
+  return (UINTN) (sizeof (MD5_CTX));
+}
 …
   // Check input parameters.
   //
   if ((Md5Context == NULL)) {
+  if (Md5Context == NULL) {
     return FALSE;
+  }
 …
   // OpenSSL MD5 Context Initialization
   //
   return (BOOLEAN) (MD5_Init ((MD5_CTX *)Md5Context));
+  return (BOOLEAN) (MD5_Init ((MD5_CTX *) Md5Context));
+}
 …
   // OpenSSL MD5 Hash Update
   //
   return (BOOLEAN) (MD5_Update ((MD5_CTX *)Md5Context, Data, DataSize));
+  return (BOOLEAN) (MD5_Update ((MD5_CTX *) Md5Context, Data, DataSize));
+}
 …
   // OpenSSL MD5 Hash Finalization
   //
   return (BOOLEAN) (MD5_Final (HashValue, (MD5_CTX *)Md5Context));
+  return (BOOLEAN) (MD5_Final (HashValue, (MD5_CTX *) Md5Context));
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c

-              r48674
+              r58459
   // Retrieves OpenSSL SHA Context Size
   //
   return (UINTN)(sizeof (SHA_CTX));
+  return (UINTN) (sizeof (SHA_CTX));
+}
 …
   // OpenSSL SHA-1 Context Initialization
   //
   return (BOOLEAN) (SHA1_Init ((SHA_CTX *)Sha1Context));
+  return (BOOLEAN) (SHA1_Init ((SHA_CTX *) Sha1Context));
+}
 …
   // OpenSSL SHA-1 Hash Update
   //
   return (BOOLEAN) (SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataSize));
+  return (BOOLEAN) (SHA1_Update ((SHA_CTX *) Sha1Context, Data, DataSize));
+}
 …
   // OpenSSL SHA-1 Hash Finalization
   //
   return (BOOLEAN) (SHA1_Final (HashValue, (SHA_CTX *)Sha1Context));
+  return (BOOLEAN) (SHA1_Final (HashValue, (SHA_CTX *) Sha1Context));
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c

-              r48674
+              r58459
   // Retrieves OpenSSL SHA-256 Context Size
   //
   return (UINTN)(sizeof (SHA256_CTX));
+  return (UINTN) (sizeof (SHA256_CTX));
+}
 …
   // OpenSSL SHA-256 Context Initialization
   //
   return (BOOLEAN) (SHA256_Init ((SHA256_CTX *)Sha256Context));
+  return (BOOLEAN) (SHA256_Init ((SHA256_CTX *) Sha256Context));
+}
 …
   // OpenSSL SHA-256 Hash Update
   //
   return (BOOLEAN) (SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataSize));
+  return (BOOLEAN) (SHA256_Update ((SHA256_CTX *) Sha256Context, Data, DataSize));
+}
 …
   // OpenSSL SHA-256 Hash Finalization
   //
   return (BOOLEAN) (SHA256_Final (HashValue, (SHA256_CTX *)Sha256Context));
+  return (BOOLEAN) (SHA256_Final (HashValue, (SHA256_CTX *) Sha256Context));
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c

-              r48674
+              r58459
   // Retrieves the OpenSSL HMAC-MD5 Context Size
   //
   return (UINTN)(sizeof (HMAC_CTX));
+  return (UINTN) (sizeof (HMAC_CTX));
+}
 …
   // Check input parameters.
   //
   if (HmacMd5Context == NULL) {
+  if (HmacMd5Context == NULL || KeySize > INT_MAX) {
     return FALSE;
+  }

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c

-              r48674
+              r58459
   // Retrieves the OpenSSL HMAC-SHA1 Context Size
   //
   return (UINTN)(sizeof (HMAC_CTX));
+  return (UINTN) (sizeof (HMAC_CTX));
+}
 …
   // Check input parameters.
   //
   if (HmacSha1Context == NULL) {
+  if (HmacSha1Context == NULL || KeySize > INT_MAX) {
     return FALSE;
+  }

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h

-              r48674
+              r58459
 #include <Library/BaseCryptLib.h>
+#include "OpenSslSupport.h"
 //
 // Environment Setting for OpenSSL-based UEFI Crypto Library.
 …
 #endif
-/**
-  Pop single certificate from STACK_OF(X509).
-  If X509Stack, Cert, or CertSize is NULL, then return FALSE.
-  @param[in]  X509Stack       Pointer to a X509 stack object.
-  @param[out] Cert            Pointer to a X509 certificate.
-  @param[out] CertSize        Length of output X509 certificate in bytes.
-  @retval     TRUE            The X509 stack pop succeeded.
-  @retval     FALSE           The pop operation failed.
-**/
-BOOLEAN
-X509PopCertificate (
-  IN  VOID  *X509Stack,
-  OUT UINT8 **Cert,
-  OUT UINTN *CertSize
-  );
 #endif

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf

-              r48674
+              r58459
 #  Cryptographic Library Instance for PEIM.
+#
+#  Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
+#  HMAC-MD5 functions, HMAC-SHA1 functions, AES/TDES/ARC4 functions, RSA external
+#  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
+#  certificate handler functions, authenticode signature verification functions,
+#  PEM handler functions, and pseudorandom number generator functions are not
+#  supported in this instance.
+#
+#  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
 #  http://opensource.org/licenses/bsd-license.php
+#
+#
 #  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
 ##
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = PeiCryptLib
+  MODULE_UNI_FILE                = PeiCryptLib.uni
   FILE_GUID                      = 9a2a4375-194c-4e97-9f67-547ec98d96ca
   MODULE_TYPE                    = PEIM
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = BaseCryptLib|PEIM PEI_CORE SEC
+  LIBRARY_CLASS                  = BaseCryptLib|PEIM PEI_CORE
+#
 …
 [Sources]
+  Hash/CryptMd4Null.c
   Hash/CryptMd5.c
   Hash/CryptSha1.c
   Hash/CryptSha256.c
+  Pk/CryptRsa.c
+  Hash/CryptSha512Null.c
+  Hmac/CryptHmacMd5Null.c
+  Hmac/CryptHmacSha1Null.c
+  Cipher/CryptAesNull.c
+  Cipher/CryptTdesNull.c
+  Cipher/CryptArc4Null.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExtNull.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7Verify.c
+  Pk/CryptDhNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
+  Pem/CryptPemNull.c
+  Rand/CryptRandNull.c
   SysCall/CrtWrapper.c
+  SysCall/ConstantTimeClock.c
   SysCall/BaseMemAllocation.c
-[Sources.Ia32]
-  SysCall/Ia32/MathMultS64x64.c     | MSFT
-  SysCall/Ia32/MathDivU64x64.c      | MSFT
-  SysCall/Ia32/MathReminderU64x64.c | MSFT
-  SysCall/Ia32/MathLShiftS64.c      | MSFT
-  SysCall/Ia32/MathRShiftU64.c      | MSFT
-  SysCall/Ia32/MathMultS64x64.c     | INTEL
-  SysCall/Ia32/MathDivU64x64.c      | INTEL
-  SysCall/Ia32/MathReminderU64x64.c | INTEL
-  SysCall/Ia32/MathLShiftS64.c      | INTEL
-  SysCall/Ia32/MathRShiftU64.c      | INTEL
-  SysCall/Ia32/MathMultS64x64.S     | GCC
-  SysCall/Ia32/MathDivU64x64.S      | GCC
-  SysCall/Ia32/MathReminderU64x64.S | GCC
-  SysCall/Ia32/MathLShiftS64.S      | GCC
-  SysCall/Ia32/MathRShiftU64.S      | GCC
 [Packages]
 …
 [BuildOptions]
   GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c

-              r48674
+              r58459
   PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
   INTN  KeyLength;
   ZeroMem ((VOID *)Buf, (UINTN)Size);
+  ZeroMem ((VOID *) Buf, (UINTN) Size);
   if (Key != NULL) {
     //
 …
+  }
-  Status = FALSE;
-  PemBio = NULL;
   //
   // Add possible block-cipher descriptor for PEM data decryption.
   // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
   //
+  EVP_add_cipher (EVP_des_ede3_cbc());
+  EVP_add_cipher (EVP_aes_128_cbc());
+  EVP_add_cipher (EVP_aes_192_cbc());
+  EVP_add_cipher (EVP_aes_256_cbc());
+  if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
+    return FALSE;
+  }
+  if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
+    return FALSE;
+  }
+  if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
+    return FALSE;
+  }
+  if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
+    return FALSE;
+  }
+  Status = FALSE;
   //
 …
   //
   PemBio = BIO_new (BIO_s_mem ());
-  BIO_write (PemBio, PemData, (int)PemSize);
   if (PemBio == NULL) {
+    goto _Exit;
+  }
+  if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {
     goto _Exit;
+  }
 …
   // Retrieve RSA Private Key from encrypted PEM data.
   //
   *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
+  *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password);
   if (*RsaContext != NULL) {
     Status = TRUE;

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c

-              r48674
+              r58459
   Authenticode Portable Executable Signature Verification over OpenSSL.
+Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+  Caution: This module requires additional review when modified.
+  This library will have external input - signature (e.g. PE/COFF Authenticode).
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+  AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for
+  data structure.
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include <openssl/pkcs7.h>
+//
+// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
+//
+UINT8 mSpcIndirectOidValue[] = {
+x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
+  };
 /**
 …
   If AuthData is NULL, then return FALSE.
   If ImageHash is NULL, then return FALSE.
+  Caution: This function may receive untrusted input.
+  PE/COFF Authenticode is external input, so this function will do basic check for
+  Authenticode data structure.
   @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
 …
   BOOLEAN      Status;
   PKCS7        *Pkcs7;
+  CONST UINT8  *Temp;
   CONST UINT8  *OrigAuthData;
   UINT8        *SpcIndirectDataContent;
   UINT8        Asn1Byte;
   UINTN        ContentSize;
+  UINT8        *SpcIndirectDataOid;
   //
 …
   // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
   //
+  Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
+  Temp  = AuthData;
+  Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize);
   if (Pkcs7 == NULL) {
     goto _Exit;
 …
   //       PKCS#7 ContentInfo here.
   //
+  SpcIndirectDataOid = (UINT8 *)(Pkcs7->d.sign->contents->type->data);
+  if (CompareMem (
+        SpcIndirectDataOid,
+        mSpcIndirectOidValue,
+        sizeof (mSpcIndirectOidValue)
+        ) != 0) {
+    //
+    // Un-matched SPC_INDIRECT_DATA_OBJID.
+    //
+    goto _Exit;
+  }
   SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
 …
   if ((Asn1Byte & 0x80) == 0) {
     //
     // Short Form of Length Encoding
+    // Short Form of Length Encoding (Length < 128)
     //
     ContentSize = (UINTN) (Asn1Byte & 0x7F);
 …
     //
     SpcIndirectDataContent += 2;
+  } else if ((Asn1Byte & 0x81) == 0x81) {
+    //
+    // Long Form of Length Encoding (128 <= Length < 255, Single Octet)
+    //
+    ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+    //
+    // Skip the SEQUENCE Tag;
+    //
+    SpcIndirectDataContent += 3;
   } else if ((Asn1Byte & 0x82) == 0x82) {
     //
     // Long Form of Length Encoding, only support two bytes.
+    // Long Form of Length Encoding (Length > 255, Two Octet)
     //
     ContentSize  = (UINTN) (*(SpcIndirectDataContent + 2));
     ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
+    ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+    ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3));
     //
     // Skip the SEQUENCE Tag;
     //
     SpcIndirectDataContent += 4;
   } else {
     goto _Exit;

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c

-              r48674
+              r58459
   // Allocates & Initializes DH Context by OpenSSL DH_new()
   //
   return (VOID *)DH_new ();
+  return (VOID *) DH_new ();
+}
 …
   // Free OpenSSL DH Context
   //
   DH_free ((DH *)DhContext);
+  DH_free ((DH *) DhContext);
+}
 …
   // Check input parameters.
   //
   if (DhContext == NULL || Prime == NULL) {
+  if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
     return FALSE;
+  }
 …
+  )
+{
+  DH  *Dh;
+  DH      *Dh;
+  BIGNUM  *Bn;
   //
   // Check input parameters.
   //
   if (DhContext == NULL || Prime == NULL) {
+  if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
     return FALSE;
+  }
 …
+  }
+  Bn = NULL;
   Dh = (DH *) DhContext;
+  Dh->p = BN_new();
+  Dh->g = BN_new();
+  BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
+  BN_set_word (Dh->g, (UINT32) Generator);
+  Dh->g = NULL;
+  Dh->p = BN_new ();
+  if (Dh->p == NULL) {
+    goto Error;
+  }
+  Dh->g = BN_new ();
+  if (Dh->g == NULL) {
+    goto Error;
+  }
+  Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
+  if (Bn == NULL) {
+    goto Error;
+  }
+  if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {
+    goto Error;
+  }
   return TRUE;
+Error:
+  if (Dh->p != NULL) {
+    BN_free (Dh->p);
+  }
+  if (Dh->g != NULL) {
+    BN_free (Dh->g);
+  }
+  if (Bn != NULL) {
+    BN_free (Bn);
+  }
+  return FALSE;
+}
 …
   BOOLEAN RetVal;
   DH      *Dh;
+  INTN    Size;
   //
 …
   Dh = (DH *) DhContext;
-  *PublicKeySize = 0;
   RetVal = (BOOLEAN) DH_generate_key (DhContext);
   if (RetVal) {
+    Size = BN_num_bytes (Dh->pub_key);
+    if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
+      *PublicKeySize = Size;
+      return FALSE;
+    }
     BN_bn2bin (Dh->pub_key, PublicKey);
     *PublicKeySize  = BN_num_bytes (Dh->pub_key);
+    *PublicKeySize = Size;
+  }
 …
   If PeerPublicKey is NULL, then return FALSE.
   If KeySize is NULL, then return FALSE.
+  If KeySize is large enough but Key is NULL, then return FALSE.
+  If Key is NULL, then return FALSE.
+  If KeySize is not large enough, then return FALSE.
   @param[in, out]  DhContext          Pointer to the DH context.
 …
+{
   BIGNUM  *Bn;
+  INTN    Size;
   //
   // Check input parameters.
   //
   if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) {
     return FALSE;
+  }
   if (Key == NULL && *KeySize != 0) {
+  if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
+    return FALSE;
+  }
+  if (PeerPublicKeySize > INT_MAX) {
     return FALSE;
+  }
   Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
+  *KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);
+  if (Bn == NULL) {
+    return FALSE;
+  }
+  Size = DH_compute_key (Key, Bn, DhContext);
+  if (Size < 0) {
+    BN_free (Bn);
+    return FALSE;
+  }
+  if (*KeySize < (UINTN) Size) {
+    *KeySize = Size;
+    BN_free (Bn);
+    return FALSE;
+  }
+  *KeySize = Size;
   BN_free (Bn);
   return TRUE;
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c

-              r48674
+              r58459
   X.509 Certificate Handler Wrapper Implementation over OpenSSL.
 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
+  )
+{
+  BIO      *CertBio;
+  X509     *X509Cert;
+  BOOLEAN  Status;
+  X509         *X509Cert;
+  CONST UINT8  *Temp;
   //
 …
+  }
-  Status = FALSE;
   //
   // Read DER-encoded X509 Certificate and Construct X509 object.
   //
+  CertBio = BIO_new (BIO_s_mem ());
+  BIO_write (CertBio, Cert, (int) CertSize);
+  if (CertBio == NULL) {
+    goto _Exit;
+  }
+  X509Cert = d2i_X509_bio (CertBio, NULL);
+  Temp     = Cert;
+  X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
   if (X509Cert == NULL) {
     goto _Exit;
+    return FALSE;
+  }
   *SingleX509Cert = (UINT8 *) X509Cert;
+  Status = TRUE;
+_Exit:
+  //
+  // Release Resources.
+  //
+  BIO_free (CertBio);
+  return Status;
+  return TRUE;
+}
 …
   If X509Stack is NULL, then return FALSE.
   @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
                               On output, pointer to the X509 stack object with new
                               inserted X509 certificate.
 …
     CertSize = VA_ARG (Args, UINTN);
+    if (CertSize == 0) {
+      break;
+    }
     //
     // Construct X509 Object from the given DER-encoded certificate data.
     //
+    X509Cert = NULL;
     Status = X509ConstructCertificate (
                (CONST UINT8 *) Cert,
 …
                );
     if (!Status) {
+      X509_free (X509Cert);
+      if (X509Cert != NULL) {
+        X509_free (X509Cert);
+      }
       break;
+    }
 …
   //
   sk_X509_pop_free ((STACK_OF(X509) *) X509Stack, X509_free);
+}
-/**
-  Pop single certificate from STACK_OF(X509).
-  If X509Stack, Cert, or CertSize is NULL, then return FALSE.
-  @param[in]  X509Stack       Pointer to a X509 stack object.
-  @param[out] Cert            Pointer to a X509 certificate.
-  @param[out] CertSize        Length of output X509 certificate in bytes.
-  @retval     TRUE            The X509 stack pop succeeded.
-  @retval     FALSE           The pop operation failed.
-**/
-BOOLEAN
-X509PopCertificate (
-  IN  VOID  *X509Stack,
-  OUT UINT8 **Cert,
-  OUT UINTN *CertSize
+  )
+{
-  BIO             *CertBio;
-  X509            *X509Cert;
-  STACK_OF(X509)  *CertStack;
-  BOOLEAN         Status;
-  int             Result;
-  int             Length;
-  VOID            *Buffer;
-  Status = FALSE;
-  if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) {
-    return Status;
+  }
-  CertStack = (STACK_OF(X509) *) X509Stack;
-  X509Cert = sk_X509_pop (CertStack);
-  if (X509Cert == NULL) {
-    return Status;
+  }
-  Buffer = NULL;
-  CertBio = BIO_new (BIO_s_mem ());
-  if (CertBio == NULL) {
-    return Status;
+  }
-  Result = i2d_X509_bio (CertBio, X509Cert);
-  if (Result == 0) {
-    goto _Exit;
+  }
-  Length = ((BUF_MEM *) CertBio->ptr)->length;
-  if (Length <= 0) {
-    goto _Exit;
+  }
-  Buffer = malloc (Length);
-  if (Buffer == NULL) {
-    goto _Exit;
+  }
-  Result = BIO_read (CertBio, Buffer, Length);
-  if (Result != Length) {
-    goto _Exit;
+  }
-  *Cert     = Buffer;
-  *CertSize = Length;
-  Status = TRUE;
-_Exit:
-  BIO_free (CertBio);
-  if (!Status && (Buffer != NULL)) {
-    free (Buffer);
+  }
-  return Status;
+}
 …
+  }
-  Status   = FALSE;
   X509Cert = NULL;
 …
   Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
   if ((X509Cert == NULL) || (!Status)) {
+    goto _Exit;
+  }
+    Status = FALSE;
+    goto _Exit;
+  }
+  Status = FALSE;
   //
 …
   //
   X509Name = X509_get_subject_name (X509Cert);
+  if (X509Name == NULL) {
+    goto _Exit;
+  }
   if (*SubjectSize < (UINTN) X509Name->bytes->length) {
     *SubjectSize = (UINTN) X509Name->bytes->length;
 …
   *SubjectSize = (UINTN) X509Name->bytes->length;
   if (CertSubject != NULL) {
     CopyMem (CertSubject, (UINT8 *)X509Name->bytes->data, *SubjectSize);
+    CopyMem (CertSubject, (UINT8 *) X509Name->bytes->data, *SubjectSize);
     Status = TRUE;
+  }
 …
   // Release Resources.
   //
+  X509_free (X509Cert);
+  if (X509Cert != NULL) {
+    X509_free (X509Cert);
+  }
   return Status;
 …
+  }
-  Status   = FALSE;
   Pkey     = NULL;
   X509Cert = NULL;
 …
   Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
   if ((X509Cert == NULL) || (!Status)) {
+    goto _Exit;
+  }
+    Status = FALSE;
+    goto _Exit;
+  }
+  Status = FALSE;
   //
 …
   // Release Resources.
   //
+  X509_free (X509Cert);
+  EVP_PKEY_free (Pkey);
+  if (X509Cert != NULL) {
+    X509_free (X509Cert);
+  }
+  if (Pkey != NULL) {
+    EVP_PKEY_free (Pkey);
+  }
   return Status;
 …
   // Register & Initialize necessary digest algorithms for certificate verification.
   //
+  EVP_add_digest (EVP_md5());
+  EVP_add_digest (EVP_sha1());
+  EVP_add_digest (EVP_sha256());
+  if (EVP_add_digest (EVP_md5 ()) == 0) {
+    goto _Exit;
+  }
+  if (EVP_add_digest (EVP_sha1 ()) == 0) {
+    goto _Exit;
+  }
+  if (EVP_add_digest (EVP_sha256 ()) == 0) {
+    goto _Exit;
+  }
   //
 …
   Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
   if ((X509Cert == NULL) || (!Status)) {
+    Status = FALSE;
     goto _Exit;
+  }
 …
   Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);
   if ((X509CACert == NULL) || (!Status)) {
+    goto _Exit;
+  }
+    Status = FALSE;
+    goto _Exit;
+  }
+  Status = FALSE;
   //
 …
   // Release Resources.
   //
+  X509_free (X509Cert);
+  X509_free (X509CACert);
+  X509_STORE_free (CertStore);
+  if (X509Cert != NULL) {
+    X509_free (X509Cert);
+  }
+  if (X509CACert != NULL) {
+    X509_free (X509CACert);
+  }
+  if (CertStore != NULL) {
+    X509_STORE_free (CertStore);
+  }
   return Status;
+}
+/**
+  Retrieve the TBSCertificate from one given X.509 certificate.
+  @param[in]      Cert         Pointer to the given DER-encoded X509 certificate.
+  @param[in]      CertSize     Size of the X509 certificate in bytes.
+  @param[out]     TBSCert      DER-Encoded To-Be-Signed certificate.
+  @param[out]     TBSCertSize  Size of the TBS certificate in bytes.
+  If Cert is NULL, then return FALSE.
+  If TBSCert is NULL, then return FALSE.
+  If TBSCertSize is NULL, then return FALSE.
+  @retval  TRUE   The TBSCertificate was retrieved successfully.
+  @retval  FALSE  Invalid X.509 certificate.
+**/
+BOOLEAN
+EFIAPI
+X509GetTBSCert (
+  IN  CONST UINT8  *Cert,
+  IN  UINTN        CertSize,
+  OUT UINT8        **TBSCert,
+  OUT UINTN        *TBSCertSize
+  )
+{
+  CONST UINT8  *Temp;
+  INTN         Asn1Tag;
+  INTN         ObjClass;
+  UINTN        Length;
+  //
+  // Check input parameters.
+  //
+  if ((Cert == NULL) || (TBSCert == NULL) ||
+      (TBSCertSize == NULL) || (CertSize > INT_MAX)) {
+    return FALSE;
+  }
+  //
+  // An X.509 Certificate is: (defined in RFC3280)
+  //   Certificate  ::=  SEQUENCE  {
+  //     tbsCertificate       TBSCertificate,
+  //     signatureAlgorithm   AlgorithmIdentifier,
+  //     signature            BIT STRING }
+  //
+  // and
+  //
+  //  TBSCertificate  ::=  SEQUENCE  {
+  //    version         [0]  Version DEFAULT v1,
+  //    ...
+  //    }
+  //
+  // So we can just ASN1-parse the x.509 DER-encoded data. If we strip
+  // the first SEQUENCE, the second SEQUENCE is the TBSCertificate.
+  //
+  Temp = Cert;
+  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize);
+  if (Asn1Tag != V_ASN1_SEQUENCE) {
+    return FALSE;
+  }
+  *TBSCert = (UINT8 *)Temp;
+  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);
+  //
+  // Verify the parsed TBSCertificate is one correct SEQUENCE data.
+  //
+  if (Asn1Tag != V_ASN1_SEQUENCE) {
+    return FALSE;
+  }
+  *TBSCertSize = Length + (Temp - *TBSCert);
+  return TRUE;
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c

-              r48674
+              r58459
   Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include "InternalCryptLib.h"
 #include <openssl/rand.h>
+#include <openssl/evp.h>
 //
 …
+  )
+{
+  if (SeedSize > INT_MAX) {
+    return FALSE;
+  }
+  //
+  // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
+  // Make sure SHA-1 digest algorithm is available here.
+  //
+  if (EVP_add_digest (EVP_sha1 ()) == 0) {
+    return FALSE;
+  }
   //
   // Seed the pseudorandom number generator with user-supplied value.
 …
+  }
+  return TRUE;
+  if (RAND_status () == 1) {
+    return TRUE;
+  }
+  return FALSE;
+}
 …
   // Check input parameters.
   //
   if (Output == NULL) {
+  if (Output == NULL || Size > INT_MAX) {
     return FALSE;
+  }

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c

-              r48674
+              r58459
   Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include "InternalCryptLib.h"
 #include <openssl/rand.h>
+#include <openssl/evp.h>
 #include <Library/PrintLib.h>
 …
   CHAR8  DefaultSeed[128];
+  if (SeedSize > INT_MAX) {
+    return FALSE;
+  }
+  //
+  // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
+  // Make sure SHA-1 digest algorithm is available here.
+  //
+  if (EVP_add_digest (EVP_sha1 ()) == 0) {
+    return FALSE;
+  }
   //
   // Seed the pseudorandom number generator with user-supplied value.
 …
+  }
+  return TRUE;
+  if (RAND_status () == 1) {
+    return TRUE;
+  }
+  return FALSE;
+}
 …
   // Check input parameters.
   //
   if (Output == NULL) {
+  if (Output == NULL || Size > INT_MAX) {
     return FALSE;
+  }

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c

-              r48674
+              r58459
   Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include "InternalCryptLib.h"
 #include <openssl/rand.h>
+#include <openssl/evp.h>
 #include <Library/PrintLib.h>
 …
   CHAR8  DefaultSeed[128];
+  if (SeedSize > INT_MAX) {
+    return FALSE;
+  }
+  //
+  // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
+  // Make sure SHA-1 digest algorithm is available here.
+  //
+  if (EVP_add_digest (EVP_sha1 ()) == 0) {
+    return FALSE;
+  }
   //
   // Seed the pseudorandom number generator with user-supplied value.
 …
+  }
+  return TRUE;
+  if (RAND_status () == 1) {
+    return TRUE;
+  }
+  return FALSE;
+}
 …
   // Check input parameters.
   //
   if (Output == NULL) {
+  if (Output == NULL || Size > INT_MAX) {
     return FALSE;
+  }

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf

-              r48674
+              r58459
 ## @file
 #  Cryptographic Library Instance for DXE_RUNTIME_DRIVER
+#  Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
+#
+#  Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
+#  HMAC-MD5 functions, HMAC-SHA1 functions, AES/TDES/ARC4 functions, RSA external
+#  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+#  authenticode signature verification functions are not supported in this instance.
+#
+#  Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
 #  http://opensource.org/licenses/bsd-license.php
+#
+#
 #  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
 ##
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = RuntimeCryptLib
+  MODULE_UNI_FILE                = RuntimeCryptLib.uni
   FILE_GUID                      = 78189cc0-727d-46a4-84ea-f7dd860de64a
   MODULE_TYPE                    = DXE_RUNTIME_DRIVER
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = BaseCryptLib
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_RUNTIME_DRIVER
   CONSTRUCTOR                    = RuntimeCryptLibConstructor
 …
 # The following information is for reference only and not required by the build tools.
+#
 #  VALID_ARCHITECTURES           = IA32 X64 IPF ARM
+#  VALID_ARCHITECTURES           = IA32 X64 IPF ARM AARCH64
+#
 [Sources]
+  Hash/CryptMd4Null.c
   Hash/CryptMd5.c
   Hash/CryptSha1.c
   Hash/CryptSha256.c
+  Pk/CryptRsa.c
+  Pk/CryptPkcs7.c
+  Hash/CryptSha512Null.c
+  Hmac/CryptHmacMd5Null.c
+  Hmac/CryptHmacSha1Null.c
+  Cipher/CryptAesNull.c
+  Cipher/CryptTdesNull.c
+  Cipher/CryptArc4Null.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExtNull.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7Verify.c
+  Pk/CryptDhNull.c
   Pk/CryptX509.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
   Pem/CryptPem.c
 …
 [Sources.Ia32]
-  SysCall/Ia32/MathMultS64x64.c     | MSFT
-  SysCall/Ia32/MathDivU64x64.c      | MSFT
-  SysCall/Ia32/MathReminderU64x64.c | MSFT
-  SysCall/Ia32/MathLShiftS64.c      | MSFT
-  SysCall/Ia32/MathRShiftU64.c      | MSFT
-  SysCall/Ia32/MathMultS64x64.c     | INTEL
-  SysCall/Ia32/MathDivU64x64.c      | INTEL
-  SysCall/Ia32/MathReminderU64x64.c | INTEL
-  SysCall/Ia32/MathLShiftS64.c      | INTEL
-  SysCall/Ia32/MathRShiftU64.c      | INTEL
-  SysCall/Ia32/MathMultS64x64.S     | GCC
-  SysCall/Ia32/MathDivU64x64.S      | GCC
-  SysCall/Ia32/MathReminderU64x64.S | GCC
-  SysCall/Ia32/MathLShiftS64.S      | GCC
-  SysCall/Ia32/MathRShiftU64.S      | GCC
   Rand/CryptRandTsc.c
 …
 [Sources.ARM]
+  Rand/CryptRand.c
+[Sources.AARCH64]
   Rand/CryptRand.c
 …
 [BuildOptions]
   GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf

-              r48674
+              r58459
 #  Cryptographic Library Instance for SMM driver.
+#
+#  Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
+#  HMAC-MD5 functions, HMAC-SHA1 functions, AES/TDES/ARC4 functions, RSA external
+#  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+#  authenticode signature verification functions are not supported in this instance.
+#
+#  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
 #  http://opensource.org/licenses/bsd-license.php
+#
+#
 #  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
 ##
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = SmmCryptLib
+  MODULE_UNI_FILE                = SmmCryptLib.uni
   FILE_GUID                      = 028080a3-8958-4a62-a1a8-0fa1da162007
   MODULE_TYPE                    = DXE_SMM_DRIVER
 …
 # The following information is for reference only and not required by the build tools.
+#
 #  VALID_ARCHITECTURES           = IA32 X64
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
 [Sources]
+  Hash/CryptMd4Null.c
   Hash/CryptMd5.c
   Hash/CryptSha1.c
   Hash/CryptSha256.c
+  Pk/CryptRsa.c
+  Pk/CryptPkcs7.c
+  Hash/CryptSha512Null.c
+  Hmac/CryptHmacMd5Null.c
+  Hmac/CryptHmacSha1Null.c
+  Cipher/CryptAesNull.c
+  Cipher/CryptTdesNull.c
+  Cipher/CryptArc4Null.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExtNull.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7Verify.c
+  Pk/CryptDhNull.c
   Pk/CryptX509.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
   Pem/CryptPem.c
   SysCall/CrtWrapper.c
   SysCall/RealTimeClock.c
+  SysCall/ConstantTimeClock.c
   SysCall/BaseMemAllocation.c
 [Sources.Ia32]
-  SysCall/Ia32/MathMultS64x64.c     | MSFT
-  SysCall/Ia32/MathDivU64x64.c      | MSFT
-  SysCall/Ia32/MathReminderU64x64.c | MSFT
-  SysCall/Ia32/MathLShiftS64.c      | MSFT
-  SysCall/Ia32/MathRShiftU64.c      | MSFT
-  SysCall/Ia32/MathMultS64x64.c     | INTEL
-  SysCall/Ia32/MathDivU64x64.c      | INTEL
-  SysCall/Ia32/MathReminderU64x64.c | INTEL
-  SysCall/Ia32/MathLShiftS64.c      | INTEL
-  SysCall/Ia32/MathRShiftU64.c      | INTEL
-  SysCall/Ia32/MathMultS64x64.S     | GCC
-  SysCall/Ia32/MathDivU64x64.S      | GCC
-  SysCall/Ia32/MathReminderU64x64.S | GCC
-  SysCall/Ia32/MathLShiftS64.S      | GCC
-  SysCall/Ia32/MathRShiftU64.S      | GCC
   Rand/CryptRandTsc.c
 …
 [Sources.ARM]
+  Rand/CryptRand.c
+[Sources.AARCH64]
   Rand/CryptRand.c
 …
 [BuildOptions]
   GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
+  XCODE:*_*_*_CC_FLAGS = -mmmx -msse

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c

-              r48674
+              r58459
   during PEI & DXE phases.
 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 void *malloc (size_t size)
+{
   return AllocatePool ((UINTN)size);
+  return AllocatePool ((UINTN) size);
+}
 …
   // memory size of original pointer ptr.
   //
   return ReallocatePool ((UINTN)size, (UINTN)size, ptr);
+  return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c

-              r48674
+              r58459
   Library at Runtime Phase.
 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 void *malloc (size_t size)
+{
   return RuntimeAllocateMem ((UINTN)size);
+  return RuntimeAllocateMem ((UINTN) size);
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c

-              r48674
+              r58459
   for (MonthNo = 12; MonthNo > 1; MonthNo--) {
     if (DayNo > CumulativeDays[IsLeap(Year)][MonthNo]) {
+    if (DayNo >= CumulativeDays[IsLeap(Year)][MonthNo]) {
       DayNo = (UINT16) (DayNo - (UINT16) (CumulativeDays[IsLeap(Year)][MonthNo]));
       break;
 …
+  }
   GmTime->tm_mon  = (int) MonthNo;
   GmTime->tm_mday = (int) DayNo;
+  GmTime->tm_mon  = (int) MonthNo - 1;
+  GmTime->tm_mday = (int) DayNo + 1;
   GmTime->tm_isdst  = 0;

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf

-              r48674
+              r58459
 #  This instance will be only used by the Authenticated Variable driver for IPF.
+#
+#  Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+#  Note: MD4/MD5/SHA1 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions,
+#  AES/TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign/verify
+#  functions, Diffie-Hellman functions, X.509 certificate handler functions,
+#  authenticode signature verification functions, PEM handler functions,
+#  pseudorandom number generator functions, and Sha256Duplicate() are not supported
+#  in this instance.
+#
+#  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = BaseCryptLibRuntimeCryptProtocol
+  MODULE_UNI_FILE                = BaseCryptLibRuntimeCryptProtocol.uni
   FILE_GUID                      = BBB31581-855A-44D7-A550-8A585D9B2DE9
   MODULE_TYPE                    = DXE_RUNTIME_DRIVER
 …
 [Sources]
   RuntimeDxeIpfCryptLib.c
+  InternalCryptLib.h
+  Hash/CryptMd4Null.c
+  Hash/CryptMd5Null.c
+  Hash/CryptSha1Null.c
+  Hmac/CryptHmacMd5Null.c
+  Hmac/CryptHmacSha1Null.c
+  Cipher/CryptAesNull.c
+  Cipher/CryptTdesNull.c
+  Cipher/CryptArc4Null.c
+  Pk/CryptRsaExtNull.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7VerifyNull.c
+  Pk/CryptDhNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pem/CryptPemNull.c
+  Rand/CryptRandNull.c
 [Packages]
 …
   BaseLib
   DebugLib
+  UefiBootServicesTableLib
+  UefiRuntimeLib
 [Guids]

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c

-              r48674
+              r58459
 /**
+  Makes a copy of an existing SHA-256 context.
+  Return FALSE to indicate this interface is not supported.
+  @param[in]  Sha256Context     Pointer to SHA-256 context being copied.
+  @param[out] NewSha256Context  Pointer to new SHA-256 context.
+  @retval FALSE  This interface is not supported.
+**/
+BOOLEAN
+EFIAPI
+Sha256Duplicate (
+  IN   CONST VOID  *Sha256Context,
+  OUT  VOID        *NewSha256Context
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+/**
   Performs SHA-256 digest on a data buffer of the specified length. This function can
   be called multiple times to compute the digest of long or discontinuous data streams.
 …
 /**
   Allocates and Initializes one RSA Context for subsequent use.
   @return  Pointer to the RSA Context that has been initialized.
+  Allocates and initializes one RSA context for subsequent use.
+  @return  Pointer to the RSA context that has been initialized.
            If the allocations fails, RsaNew() returns NULL.
 …
 /**
   Release the specified RSA Context.
+  Release the specified RSA context.
   @param[in]  RsaContext  Pointer to the RSA context to be released.
 …
 /**
+  Sets the tag-designated RSA key component into the established RSA context from
+  the user-specified nonnegative integer (octet string format represented in RSA
+  PKCS#1).
+  Sets the tag-designated key component into the established RSA context.
+  This function sets the tag-designated RSA key component into the established
+  RSA context from the user-specified non-negative integer (octet string format
+  represented in RSA PKCS#1).
+  If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
   If RsaContext is NULL, then return FALSE.
 …
   @param[in]       KeyTag      Tag of RSA key component being set.
   @param[in]       BigNumber   Pointer to octet integer buffer.
+  @param[in]       BnLength    Length of big number buffer in bytes.
+  @return  TRUE   RSA key component was set successfully.
+  @return  FALSE  Invalid RSA key component tag.
+                               If NULL, then the specified key componenet in RSA
+                               context is cleared.
+  @param[in]       BnSize      Size of big number buffer in bytes.
+                               If BigNumber is NULL, then it is ignored.
+  @retval  TRUE   RSA key component was set successfully.
+  @retval  FALSE  Invalid RSA key component tag.
 **/
 …
 EFIAPI
 RsaSetKey (
   IN OUT VOID         *RsaContext,
   IN     RSA_KEY_TAG  KeyTag,
   IN     CONST UINT8  *BigNumber,
   IN     UINTN        BnLength
+  )
+{
   if (!InternalIsCryptServiveAvailable ()) {
     return FALSE;
+  }
   return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnLength);
+  IN OUT  VOID         *RsaContext,
+  IN      RSA_KEY_TAG  KeyTag,
+  IN      CONST UINT8  *BigNumber,
+  IN      UINTN        BnSize
+  )
+{
+  if (!InternalIsCryptServiveAvailable ()) {
+    return FALSE;
+  }
+  return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnSize);
+}
 …
   If MessageHash is NULL, then return FALSE.
   If Signature is NULL, then return FALSE.
   If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
   @param[in]  RsaContext   Pointer to RSA context for signature verification.
   @param[in]  MessageHash  Pointer to octet message hash to be checked.
   @param[in]  HashLength   Length of the message hash in bytes.
+  @param[in]  HashSize     Size of the message hash in bytes.
   @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.
   @param[in]  SigLength    Length of signature in bytes.
   @return  TRUE   Valid signature encoded in PKCS1-v1_5.
   @return  FALSE  Invalid signature or invalid RSA context.
+  @param[in]  SigSize      Size of signature in bytes.
+  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.
+  @retval  FALSE  Invalid signature or invalid RSA context.
 **/
 …
   IN  VOID         *RsaContext,
   IN  CONST UINT8  *MessageHash,
   IN  UINTN        HashLength,
   IN  UINT8        *Signature,
   IN  UINTN        SigLength
+  IN  UINTN        HashSize,
+  IN  CONST UINT8  *Signature,
+  IN  UINTN        SigSize
+  )
+{
 …
                            RsaContext,
                            MessageHash,
                            HashLength,
+                           HashSize,
                            Signature,
                            SigLength
+                           SigSize
                            );
+}

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf

-              r48674
+              r58459
 #  Intrinsic Routines Wrapper Library Instance.
+#
 #  Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
 #  http://opensource.org/licenses/bsd-license.php
+#
+#
 #  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
 ##
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = BaseIntrinsicLib
+  MODULE_UNI_FILE                = BaseIntrinsicLib.uni
   FILE_GUID                      = 63850097-3E97-4c4f-A52D-C811A0106105
   MODULE_TYPE                    = BASE
 …
 [Sources.IA32]
   CopyMem.c
+  Ia32/MathLShiftS64.c      | MSFT
+  Ia32/MathRShiftU64.c      | MSFT
+  Ia32/MathLShiftS64.c      | INTEL
+  Ia32/MathRShiftU64.c      | INTEL
+  Ia32/MathLShiftS64.S      | GCC
+  Ia32/MathRShiftU64.S      | GCC
 [Sources.X64]

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c

-              r48674
+              r58459
   Cryptographic Library.
 Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
+{
   //
+  // NOTE: Here we use one base implementation for memset, instead of the direct
+  //       optimized SetMem() wrapper. Because the IntrinsicLib has to be built
+  //       without whole program optimization option, and there will be some
+  //       potential register usage errors when calling other optimized codes.
+  //
+  //
   // Declare the local variables that actually move the data elements as
   // volatile to prevent the optimizer from replacing this function with

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/OpensslLib/Install.cmd

-              r48674
+              r58459
+cd openssl-0.9.8w
+copy e_os2.h              ..\..\..\Include\openssl
+copy crypto\crypto.h  ..\..\..\Include\openssl
+copy crypto\tmdiff.h  ..\..\..\Include\openssl
+copy crypto\opensslv.h ..\..\..\Include\openssl
+copy crypto\opensslconf.h ..\..\..\Include\openssl
+copy crypto\ebcdic.h ..\..\..\Include\openssl
+copy crypto\symhacks.h ..\..\..\Include\openssl
+copy crypto\ossl_typ.h ..\..\..\Include\openssl
+copy crypto\md2\md2.h ..\..\..\Include\openssl
+copy crypto\md4\md4.h ..\..\..\Include\openssl
+copy crypto\md5\md5.h ..\..\..\Include\openssl
+copy crypto\sha\sha.h ..\..\..\Include\openssl
+copy crypto\hmac\hmac.h ..\..\..\Include\openssl
+copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl
+copy crypto\des\des.h ..\..\..\Include\openssl
+copy crypto\des\des_old.h ..\..\..\Include\openssl
+copy crypto\rc2\rc2.h ..\..\..\Include\openssl
+copy crypto\rc4\rc4.h ..\..\..\Include\openssl
+copy crypto\idea\idea.h ..\..\..\Include\openssl
+copy crypto\bf\blowfish.h ..\..\..\Include\openssl
+copy crypto\cast\cast.h ..\..\..\Include\openssl
+copy crypto\aes\aes.h ..\..\..\Include\openssl
+copy crypto\bn\bn.h ..\..\..\Include\openssl
+copy crypto\rsa\rsa.h ..\..\..\Include\openssl
+copy crypto\dsa\dsa.h ..\..\..\Include\openssl
+copy crypto\dso\dso.h ..\..\..\Include\openssl
+copy crypto\dh\dh.h ..\..\..\Include\openssl
+copy crypto\ec\ec.h ..\..\..\Include\openssl
+copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl
+copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl
+copy crypto\buffer\buffer.h ..\..\..\Include\openssl
+copy crypto\bio\bio.h ..\..\..\Include\openssl
+copy crypto\stack\stack.h ..\..\..\Include\openssl
+copy crypto\stack\safestack.h ..\..\..\Include\openssl
+copy crypto\lhash\lhash.h ..\..\..\Include\openssl
+copy crypto\rand\rand.h ..\..\..\Include\openssl
+copy crypto\err\err.h ..\..\..\Include\openssl
+copy crypto\objects\objects.h ..\..\..\Include\openssl
+copy crypto\objects\obj_mac.h ..\..\..\Include\openssl
+copy crypto\evp\evp.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1t.h ..\..\..\Include\openssl
+copy crypto\pem\pem.h ..\..\..\Include\openssl
+copy crypto\pem\pem2.h ..\..\..\Include\openssl
+copy crypto\x509\x509.h ..\..\..\Include\openssl
+copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl
+copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl
+copy crypto\conf\conf.h ..\..\..\Include\openssl
+copy crypto\conf\conf_api.h ..\..\..\Include\openssl
+copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl
+copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl
+copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl
+copy crypto\comp\comp.h ..\..\..\Include\openssl
+copy crypto\engine\engine.h ..\..\..\Include\openssl
+copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl
+copy crypto\ui\ui.h ..\..\..\Include\openssl
+copy crypto\ui\ui_compat.h ..\..\..\Include\openssl
+copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl
+copy crypto\store\store.h ..\..\..\Include\openssl
+copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl
+copy crypto\pqueue\pq_compat.h ..\..\..\Include\openssl
+copy ssl\ssl.h ..\..\..\Include\openssl
+copy ssl\ssl2.h ..\..\..\Include\openssl
+copy ssl\ssl3.h ..\..\..\Include\openssl
+copy ssl\ssl23.h ..\..\..\Include\openssl
+copy ssl\tls1.h ..\..\..\Include\openssl
+copy ssl\dtls1.h ..\..\..\Include\openssl
+copy ssl\kssl.h ..\..\..\Include\openssl
+cd openssl-1.0.2d
+copy e_os2.h                    ..\..\..\Include\openssl
+copy crypto\crypto.h            ..\..\..\Include\openssl
+copy crypto\opensslv.h          ..\..\..\Include\openssl
+copy crypto\opensslconf.h       ..\..\..\Include\openssl
+copy crypto\ebcdic.h            ..\..\..\Include\openssl
+copy crypto\symhacks.h          ..\..\..\Include\openssl
+copy crypto\ossl_typ.h          ..\..\..\Include\openssl
+copy crypto\objects\objects.h   ..\..\..\Include\openssl
+copy crypto\objects\obj_mac.h   ..\..\..\Include\openssl
+copy crypto\md4\md4.h           ..\..\..\Include\openssl
+copy crypto\md5\md5.h           ..\..\..\Include\openssl
+copy crypto\sha\sha.h           ..\..\..\Include\openssl
+copy crypto\mdc2\mdc2.h         ..\..\..\Include\openssl
+copy crypto\hmac\hmac.h         ..\..\..\Include\openssl
+copy crypto\ripemd\ripemd.h     ..\..\..\Include\openssl
+copy crypto\whrlpool\whrlpool.h ..\..\..\Include\openssl
+copy crypto\des\des.h           ..\..\..\Include\openssl
+copy crypto\des\des_old.h       ..\..\..\Include\openssl
+copy crypto\aes\aes.h           ..\..\..\Include\openssl
+copy crypto\rc2\rc2.h           ..\..\..\Include\openssl
+copy crypto\rc4\rc4.h           ..\..\..\Include\openssl
+copy crypto\idea\idea.h         ..\..\..\Include\openssl
+copy crypto\bf\blowfish.h       ..\..\..\Include\openssl
+copy crypto\cast\cast.h         ..\..\..\Include\openssl
+copy crypto\camellia\camellia.h ..\..\..\Include\openssl
+copy crypto\seed\seed.h         ..\..\..\Include\openssl
+copy crypto\modes\modes.h       ..\..\..\Include\openssl
+copy crypto\bn\bn.h             ..\..\..\Include\openssl
+copy crypto\ec\ec.h             ..\..\..\Include\openssl
+copy crypto\rsa\rsa.h           ..\..\..\Include\openssl
+copy crypto\dsa\dsa.h           ..\..\..\Include\openssl
+copy crypto\ecdsa\ecdsa.h       ..\..\..\Include\openssl
+copy crypto\dh\dh.h             ..\..\..\Include\openssl
+copy crypto\ecdh\ecdh.h         ..\..\..\Include\openssl
+copy crypto\dso\dso.h           ..\..\..\Include\openssl
+copy crypto\engine\engine.h     ..\..\..\Include\openssl
+copy crypto\buffer\buffer.h     ..\..\..\Include\openssl
+copy crypto\bio\bio.h           ..\..\..\Include\openssl
+copy crypto\stack\stack.h       ..\..\..\Include\openssl
+copy crypto\stack\safestack.h   ..\..\..\Include\openssl
+copy crypto\lhash\lhash.h       ..\..\..\Include\openssl
+copy crypto\rand\rand.h         ..\..\..\Include\openssl
+copy crypto\err\err.h           ..\..\..\Include\openssl
+copy crypto\evp\evp.h           ..\..\..\Include\openssl
+copy crypto\asn1\asn1.h         ..\..\..\Include\openssl
+copy crypto\asn1\asn1_mac.h     ..\..\..\Include\openssl
+copy crypto\asn1\asn1t.h        ..\..\..\Include\openssl
+copy crypto\pem\pem.h           ..\..\..\Include\openssl
+copy crypto\pem\pem2.h          ..\..\..\Include\openssl
+copy crypto\x509\x509.h         ..\..\..\Include\openssl
+copy crypto\x509\x509_vfy.h     ..\..\..\Include\openssl
+copy crypto\x509v3\x509v3.h     ..\..\..\Include\openssl
+copy crypto\conf\conf.h         ..\..\..\Include\openssl
+copy crypto\conf\conf_api.h     ..\..\..\Include\openssl
+copy crypto\txt_db\txt_db.h     ..\..\..\Include\openssl
+copy crypto\pkcs7\pkcs7.h       ..\..\..\Include\openssl
+copy crypto\pkcs12\pkcs12.h     ..\..\..\Include\openssl
+copy crypto\comp\comp.h         ..\..\..\Include\openssl
+copy crypto\ocsp\ocsp.h         ..\..\..\Include\openssl
+copy crypto\ui\ui.h             ..\..\..\Include\openssl
+copy crypto\ui\ui_compat.h      ..\..\..\Include\openssl
+copy crypto\krb5\krb5_asn.h     ..\..\..\Include\openssl
+copy crypto\cms\cms.h           ..\..\..\Include\openssl
+copy crypto\pqueue\pqueue.h     ..\..\..\Include\openssl
+copy crypto\ts\ts.h             ..\..\..\Include\openssl
+copy crypto\srp\srp.h           ..\..\..\Include\openssl
+copy crypto\cmac\cmac.h         ..\..\..\Include\openssl
+copy ssl\ssl.h                  ..\..\..\Include\openssl
+copy ssl\ssl2.h                 ..\..\..\Include\openssl
+copy ssl\ssl3.h                 ..\..\..\Include\openssl
+copy ssl\ssl23.h                ..\..\..\Include\openssl
+copy ssl\tls1.h                 ..\..\..\Include\openssl
+copy ssl\dtls1.h                ..\..\..\Include\openssl
+copy ssl\kssl.h                 ..\..\..\Include\openssl
+copy ssl\srtp.h                 ..\..\..\Include\openssl
 cd ..

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/OpensslLib/Install.sh

-              r48674
+              r58459
 #!/bin/sh
+cd openssl-0.9.8w
+cp e_os2.h ../../../Include/openssl
+cp crypto/crypto.h ../../../Include/openssl
+cp crypto/tmdiff.h ../../../Include/openssl
+cp crypto/opensslv.h ../../../Include/openssl
+cp crypto/opensslconf.h ../../../Include/openssl
+cp crypto/ebcdic.h ../../../Include/openssl
+cp crypto/symhacks.h ../../../Include/openssl
+cp crypto/ossl_typ.h ../../../Include/openssl
+cp crypto/md2/md2.h ../../../Include/openssl
+cp crypto/md4/md4.h ../../../Include/openssl
+cp crypto/md5/md5.h ../../../Include/openssl
+cp crypto/sha/sha.h ../../../Include/openssl
+cp crypto/hmac/hmac.h ../../../Include/openssl
+cp crypto/ripemd/ripemd.h ../../../Include/openssl
+cp crypto/des/des.h ../../../Include/openssl
+cp crypto/des/des_old.h ../../../Include/openssl
+cp crypto/rc2/rc2.h ../../../Include/openssl
+cp crypto/rc4/rc4.h ../../../Include/openssl
+cp crypto/idea/idea.h ../../../Include/openssl
+cp crypto/bf/blowfish.h ../../../Include/openssl
+cp crypto/cast/cast.h ../../../Include/openssl
+cp crypto/aes/aes.h ../../../Include/openssl
+cp crypto/bn/bn.h ../../../Include/openssl
+cp crypto/rsa/rsa.h ../../../Include/openssl
+cp crypto/dsa/dsa.h ../../../Include/openssl
+cp crypto/dso/dso.h ../../../Include/openssl
+cp crypto/dh/dh.h ../../../Include/openssl
+cp crypto/ec/ec.h ../../../Include/openssl
+cp crypto/ecdh/ecdh.h ../../../Include/openssl
+cp crypto/ecdsa/ecdsa.h ../../../Include/openssl
+cp crypto/buffer/buffer.h ../../../Include/openssl
+cp crypto/bio/bio.h ../../../Include/openssl
+cp crypto/stack/stack.h ../../../Include/openssl
+cp crypto/stack/safestack.h ../../../Include/openssl
+cp crypto/lhash/lhash.h ../../../Include/openssl
+cp crypto/rand/rand.h ../../../Include/openssl
+cp crypto/err/err.h ../../../Include/openssl
+cp crypto/objects/objects.h ../../../Include/openssl
+cp crypto/objects/obj_mac.h ../../../Include/openssl
+cp crypto/evp/evp.h ../../../Include/openssl
+cp crypto/asn1/asn1.h ../../../Include/openssl
+cp crypto/asn1/asn1_mac.h ../../../Include/openssl
+cp crypto/asn1/asn1t.h ../../../Include/openssl
+cp crypto/pem/pem.h ../../../Include/openssl
+cp crypto/pem/pem2.h ../../../Include/openssl
+cp crypto/x509/x509.h ../../../Include/openssl
+cp crypto/x509/x509_vfy.h ../../../Include/openssl
+cp crypto/x509v3/x509v3.h ../../../Include/openssl
+cp crypto/conf/conf.h ../../../Include/openssl
+cp crypto/conf/conf_api.h ../../../Include/openssl
+cp crypto/txt_db/txt_db.h ../../../Include/openssl
+cp crypto/pkcs7/pkcs7.h ../../../Include/openssl
+cp crypto/pkcs12/pkcs12.h ../../../Include/openssl
+cp crypto/comp/comp.h ../../../Include/openssl
+cp crypto/engine/engine.h ../../../Include/openssl
+cp crypto/ocsp/ocsp.h ../../../Include/openssl
+cp crypto/ui/ui.h ../../../Include/openssl
+cp crypto/ui/ui_compat.h ../../../Include/openssl
+cp crypto/krb5/krb5_asn.h ../../../Include/openssl
+cp crypto/store/store.h ../../../Include/openssl
+cp crypto/pqueue/pqueue.h ../../../Include/openssl
+cp crypto/pqueue/pq_compat.h ../../../Include/openssl
+cp ssl/ssl.h ../../../Include/openssl
+cp ssl/ssl2.h ../../../Include/openssl
+cp ssl/ssl3.h ../../../Include/openssl
+cp ssl/ssl23.h ../../../Include/openssl
+cp ssl/tls1.h ../../../Include/openssl
+cp ssl/dtls1.h ../../../Include/openssl
+cp ssl/kssl.h ../../../Include/openssl
+cd openssl-1.0.2d
+cp e_os2.h                    ../../../Include/openssl
+cp crypto/crypto.h            ../../../Include/openssl
+cp crypto/opensslv.h          ../../../Include/openssl
+cp crypto/opensslconf.h       ../../../Include/openssl
+cp crypto/ebcdic.h            ../../../Include/openssl
+cp crypto/symhacks.h          ../../../Include/openssl
+cp crypto/ossl_typ.h          ../../../Include/openssl
+cp crypto/objects/objects.h   ../../../Include/openssl
+cp crypto/objects/obj_mac.h   ../../../Include/openssl
+cp crypto/md4/md4.h           ../../../Include/openssl
+cp crypto/md5/md5.h           ../../../Include/openssl
+cp crypto/sha/sha.h           ../../../Include/openssl
+cp crypto/mdc2/mdc2.h         ../../../Include/openssl
+cp crypto/hmac/hmac.h         ../../../Include/openssl
+cp crypto/ripemd/ripemd.h     ../../../Include/openssl
+cp crypto/whrlpool/whrlpool.h ../../../Include/openssl
+cp crypto/des/des.h           ../../../Include/openssl
+cp crypto/des/des_old.h       ../../../Include/openssl
+cp crypto/aes/aes.h           ../../../Include/openssl
+cp crypto/rc2/rc2.h           ../../../Include/openssl
+cp crypto/rc4/rc4.h           ../../../Include/openssl
+cp crypto/idea/idea.h         ../../../Include/openssl
+cp crypto/bf/blowfish.h       ../../../Include/openssl
+cp crypto/cast/cast.h         ../../../Include/openssl
+cp crypto/camellia/camellia.h ../../../Include/openssl
+cp crypto/seed/seed.h         ../../../Include/openssl
+cp crypto/modes/modes.h       ../../../Include/openssl
+cp crypto/bn/bn.h             ../../../Include/openssl
+cp crypto/ec/ec.h             ../../../Include/openssl
+cp crypto/rsa/rsa.h           ../../../Include/openssl
+cp crypto/dsa/dsa.h           ../../../Include/openssl
+cp crypto/ecdsa/ecdsa.h       ../../../Include/openssl
+cp crypto/dh/dh.h             ../../../Include/openssl
+cp crypto/ecdh/ecdh.h         ../../../Include/openssl
+cp crypto/dso/dso.h           ../../../Include/openssl
+cp crypto/engine/engine.h     ../../../Include/openssl
+cp crypto/buffer/buffer.h     ../../../Include/openssl
+cp crypto/bio/bio.h           ../../../Include/openssl
+cp crypto/stack/stack.h       ../../../Include/openssl
+cp crypto/stack/safestack.h   ../../../Include/openssl
+cp crypto/lhash/lhash.h       ../../../Include/openssl
+cp crypto/rand/rand.h         ../../../Include/openssl
+cp crypto/err/err.h           ../../../Include/openssl
+cp crypto/evp/evp.h           ../../../Include/openssl
+cp crypto/asn1/asn1.h         ../../../Include/openssl
+cp crypto/asn1/asn1_mac.h     ../../../Include/openssl
+cp crypto/asn1/asn1t.h        ../../../Include/openssl
+cp crypto/pem/pem.h           ../../../Include/openssl
+cp crypto/pem/pem2.h          ../../../Include/openssl
+cp crypto/x509/x509.h         ../../../Include/openssl
+cp crypto/x509/x509_vfy.h     ../../../Include/openssl
+cp crypto/x509v3/x509v3.h     ../../../Include/openssl
+cp crypto/conf/conf.h         ../../../Include/openssl
+cp crypto/conf/conf_api.h     ../../../Include/openssl
+cp crypto/txt_db/txt_db.h     ../../../Include/openssl
+cp crypto/pkcs7/pkcs7.h       ../../../Include/openssl
+cp crypto/pkcs12/pkcs12.h     ../../../Include/openssl
+cp crypto/comp/comp.h         ../../../Include/openssl
+cp crypto/ocsp/ocsp.h         ../../../Include/openssl
+cp crypto/ui/ui.h             ../../../Include/openssl
+cp crypto/ui/ui_compat.h      ../../../Include/openssl
+cp crypto/krb5/krb5_asn.h     ../../../Include/openssl
+cp crypto/cms/cms.h           ../../../Include/openssl
+cp crypto/pqueue/pqueue.h     ../../../Include/openssl
+cp crypto/ts/ts.h             ../../../Include/openssl
+cp crypto/srp/srp.h           ../../../Include/openssl
+cp crypto/cmac/cmac.h         ../../../Include/openssl
+cp ssl/ssl.h                  ../../../Include/openssl
+cp ssl/ssl2.h                 ../../../Include/openssl
+cp ssl/ssl3.h                 ../../../Include/openssl
+cp ssl/ssl23.h                ../../../Include/openssl
+cp ssl/tls1.h                 ../../../Include/openssl
+cp ssl/dtls1.h                ../../../Include/openssl
+cp ssl/kssl.h                 ../../../Include/openssl
+cp ssl/srtp.h                 ../../../Include/openssl
 cd ..

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/OpensslLib/OpensslLib.inf

-              r48674
+              r58459
 ## @file
 # OpenSSL Library implementation.
+#
 #  Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+#  This module provides openSSL Library implementation.
+#
+#  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
 #  http://opensource.org/licenses/bsd-license.php
+#
+#
 #  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
 ##
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = OpensslLib
+  MODULE_UNI_FILE                = OpensslLib.uni
   FILE_GUID                      = C873A7D0-9824-409f-9B42-2C158B992E69
   MODULE_TYPE                    = BASE
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
   DEFINE OPENSSL_PATH            = openssl-0.9.8w
   DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
   DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED
+  DEFINE OPENSSL_PATH            = openssl-1.0.2d
+  DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
+  DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE
+#
 # OPENSSL_FLAGS is set to define the following flags to be compatible with
 # EDK II build system and UEFI executiuon environment
+# OPENSSL_FLAGS is set to define the following flags to be compatible with
+# EDK II build system and UEFI executiuon environment
+#
 #   OPENSSL_SYSNAME_UWIN
+#   OPENSSL_SYS_UEFI
+#   L_ENDIAN
+#   _CRT_SECURE_NO_DEPRECATE
+#   _CRT_NONSTDC_NO_DEPRECATE
+#   OPENSSL_NO_CAMELLIA
+#   OPENSSL_NO_SEED
+#   OPENSSL_NO_RC5
+#   OPENSSL_NO_MDC2
+#   OPENSSL_NO_SOCK
+#   OPENSSL_NO_CMS
+#   OPENSSL_NO_JPAKE
+#   OPENSSL_NO_CAPIENG
+#   OPENSSL_NO_ERR
+#   OPENSSL_NO_KRB5
+#   OPENSSL_NO_DYNAMIC_ENGINE
+#   GETPID_IS_MEANINGLESS
+#   OPENSSL_NO_STDIO
+#   OPENSSL_NO_FP_API
+#   OPENSSL_NO_DGRAM
+#   OPENSSL_SYS_UEFI
+#   L_ENDIAN
+#   _CRT_SECURE_NO_DEPRECATE
+#   _CRT_NONSTDC_NO_DEPRECATE
+#   OPENSSL_NO_CAMELLIA
+#   OPENSSL_NO_SEED
+#   OPENSSL_NO_RC5
+#   OPENSSL_NO_MDC2
+#   OPENSSL_NO_SOCK
+#   OPENSSL_NO_CMS
+#   OPENSSL_NO_JPAKE
+#   OPENSSL_NO_CAPIENG
+#   OPENSSL_NO_ERR
+#   OPENSSL_NO_KRB5
+#   OPENSSL_NO_DYNAMIC_ENGINE
+#   GETPID_IS_MEANINGLESS
+#   OPENSSL_NO_STDIO
+#   OPENSSL_NO_POSIX_IO
+#   OPENSSL_NO_FP_API
+#   OPENSSL_NO_DGRAM
 #   OPENSSL_NO_ASM
+#
+#
 #  VALID_ARCHITECTURES           = IA32 X64 IPF ARM
+#  VALID_ARCHITECTURES           = IA32 X64 IPF ARM AARCH64
+#
 …
   $(OPENSSL_PATH)/e_os.h
   $(OPENSSL_PATH)/crypto/cryptlib.c
-  $(OPENSSL_PATH)/crypto/dyn_lck.c
   $(OPENSSL_PATH)/crypto/mem.c
   $(OPENSSL_PATH)/crypto/mem_clr.c
 …
   $(OPENSSL_PATH)/crypto/cversion.c
   $(OPENSSL_PATH)/crypto/ex_data.c
+  #
-  # Not required for UEFI.
+  #
-  # $(OPENSSL_PATH)/crypto/tmdiff.c
   $(OPENSSL_PATH)/crypto/cpt_err.c
   $(OPENSSL_PATH)/crypto/ebcdic.c
 …
   $(OPENSSL_PATH)/crypto/o_str.c
   $(OPENSSL_PATH)/crypto/o_dir.c
+  $(OPENSSL_PATH)/crypto/o_fips.c
   $(OPENSSL_PATH)/crypto/o_init.c
+  $(OPENSSL_PATH)/crypto/fips_err.c
+  $(OPENSSL_PATH)/crypto/md2/md2_dgst.c
+  $(OPENSSL_PATH)/crypto/md2/md2_one.c
+  $(OPENSSL_PATH)/crypto/fips_ers.c
+  #
+  # OBJECTS
+  #
+  $(OPENSSL_PATH)/crypto/objects/o_names.c
+  $(OPENSSL_PATH)/crypto/objects/obj_dat.c
+  $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+  $(OPENSSL_PATH)/crypto/objects/obj_err.c
+  $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+  #
+  # MD4
+  #
   $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
   $(OPENSSL_PATH)/crypto/md4/md4_one.c
+  #
+  # MD5
+  #
   $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
   $(OPENSSL_PATH)/crypto/md5/md5_one.c
+  #
+  # SHA
+  #
   $(OPENSSL_PATH)/crypto/sha/sha_dgst.c
   $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
 …
   $(OPENSSL_PATH)/crypto/sha/sha256.c
   $(OPENSSL_PATH)/crypto/sha/sha512.c
+  #
+  # MDC2 - Disabled by OPENSSL_NO_MDC2
+  #
+  # $(OPENSSL_PATH)/crypto/mdc2/mdc2dgst.c
+  # $(OPENSSL_PATH)/crypto/mdc2/mdc2_one.c
+  #
+  # HMAC
+  #
   $(OPENSSL_PATH)/crypto/hmac/hmac.c
+  $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c
+  $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c
+  $(OPENSSL_PATH)/crypto/des/des_lib.c
+  $(OPENSSL_PATH)/crypto/des/set_key.c
+  $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+  $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
+  #
+  # RIPEMD - Disabled by OPENSSL_NO_RIPEMD
+  #
+  # $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c
+  # $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c
+  #
+  # WHIRLPOOL - Disabled by OPENSSL_NO_WHIRLPOOL
+  #
+  # $(OPENSSL_PATH)/crypto/whrlpool/wp_dgst.c
+  # $(OPENSSL_PATH)/crypto/whrlpool/wp_block.c
+  #
+  # DES
+  #
+  $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
+  $(OPENSSL_PATH)/crypto/des/cbc_enc.c
+  $(OPENSSL_PATH)/crypto/des/cfb64enc.c
+  $(OPENSSL_PATH)/crypto/des/cfb_enc.c
+  $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
   $(OPENSSL_PATH)/crypto/des/ecb_enc.c
-  $(OPENSSL_PATH)/crypto/des/cbc_enc.c
-  $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
-  $(OPENSSL_PATH)/crypto/des/cfb64enc.c
-  $(OPENSSL_PATH)/crypto/des/cfb64ede.c
-  $(OPENSSL_PATH)/crypto/des/cfb_enc.c
-  $(OPENSSL_PATH)/crypto/des/ofb64ede.c
   $(OPENSSL_PATH)/crypto/des/enc_read.c
   $(OPENSSL_PATH)/crypto/des/enc_writ.c
+  $(OPENSSL_PATH)/crypto/des/fcrypt.c
   $(OPENSSL_PATH)/crypto/des/ofb64enc.c
   $(OPENSSL_PATH)/crypto/des/ofb_enc.c
-  $(OPENSSL_PATH)/crypto/des/str2key.c
   $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
   $(OPENSSL_PATH)/crypto/des/qud_cksm.c
   $(OPENSSL_PATH)/crypto/des/rand_key.c
+  $(OPENSSL_PATH)/crypto/des/rpc_enc.c
+  $(OPENSSL_PATH)/crypto/des/set_key.c
   $(OPENSSL_PATH)/crypto/des/des_enc.c
   $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
-  $(OPENSSL_PATH)/crypto/des/fcrypt.c
   $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
+  $(OPENSSL_PATH)/crypto/des/rpc_enc.c
+  $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
+  $(OPENSSL_PATH)/crypto/des/str2key.c
+  $(OPENSSL_PATH)/crypto/des/cfb64ede.c
+  $(OPENSSL_PATH)/crypto/des/ofb64ede.c
   $(OPENSSL_PATH)/crypto/des/ede_cbcm_enc.c
   $(OPENSSL_PATH)/crypto/des/des_old.c
   $(OPENSSL_PATH)/crypto/des/des_old2.c
   $(OPENSSL_PATH)/crypto/des/read2pwd.c
+  $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c
+  $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c
+  $(OPENSSL_PATH)/crypto/rc2/rc2_cbc.c
+  $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c
+  $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c
+  $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+  $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
+  $(OPENSSL_PATH)/crypto/rc4/rc4_fblk.c
+  $(OPENSSL_PATH)/crypto/idea/i_cbc.c
+  $(OPENSSL_PATH)/crypto/idea/i_cfb64.c
+  $(OPENSSL_PATH)/crypto/idea/i_ofb64.c
+  $(OPENSSL_PATH)/crypto/idea/i_ecb.c
+  $(OPENSSL_PATH)/crypto/idea/i_skey.c
+  $(OPENSSL_PATH)/crypto/bf/bf_skey.c
+  $(OPENSSL_PATH)/crypto/bf/bf_ecb.c
+  $(OPENSSL_PATH)/crypto/bf/bf_enc.c
+  $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c
+  $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c
+  $(OPENSSL_PATH)/crypto/cast/c_skey.c
+  $(OPENSSL_PATH)/crypto/cast/c_ecb.c
+  $(OPENSSL_PATH)/crypto/cast/c_enc.c
+  $(OPENSSL_PATH)/crypto/cast/c_cfb64.c
+  $(OPENSSL_PATH)/crypto/cast/c_ofb64.c
+  #
+  # AES
+  #
+  $(OPENSSL_PATH)/crypto/aes/aes_core.c
   $(OPENSSL_PATH)/crypto/aes/aes_misc.c
   $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
+  $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
   $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
 …
   $(OPENSSL_PATH)/crypto/aes/aes_ige.c
   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+  $(OPENSSL_PATH)/crypto/aes/aes_core.c
+  $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+  #
+  # RC2 - Disabled by OPENSSL_NO_RC2
+  #
+  # $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c
+  # $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c
+  # $(OPENSSL_PATH)/crypto/rc2/rc2_cbc.c
+  # $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c
+  # $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c
+  #
+  # RC4
+  #
+  $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
+  $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+  $(OPENSSL_PATH)/crypto/rc4/rc4_utl.c
+  #
+  # RC5 - Disabled by OPENSSL_NO_RC5
+  #
+  # $(OPENSSL_PATH)/crypto/rc5/rc5_skey.c
+  # $(OPENSSL_PATH)/crypto/rc5/rc5_ecb.c
+  # $(OPENSSL_PATH)/crypto/rc5/rc5_enc.c
+  # $(OPENSSL_PATH)/crypto/rc5/rc5cfb64.c
+  # $(OPENSSL_PATH)/crypto/rc5/rc5ofb64.c
+  #
+  # IDEA - Disabled by OPENSSL_NO_IDEA
+  #
+  # $(OPENSSL_PATH)/crypto/idea/i_cbc.c
+  # $(OPENSSL_PATH)/crypto/idea/i_cfb64.c
+  # $(OPENSSL_PATH)/crypto/idea/i_ofb64.c
+  # $(OPENSSL_PATH)/crypto/idea/i_ecb.c
+  # $(OPENSSL_PATH)/crypto/idea/i_skey.c
+  #
+  # BLOWFISH - Disabled by OPENSSL_NO_BF
+  #
+  # $(OPENSSL_PATH)/crypto/bf/bf_skey.c
+  # $(OPENSSL_PATH)/crypto/bf/bf_ecb.c
+  # $(OPENSSL_PATH)/crypto/bf/bf_enc.c
+  # $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c
+  # $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c
+  #
+  # CAST - Disabled by OPENSSL_NO_CAST
+  #
+  # $(OPENSSL_PATH)/crypto/cast/c_skey.c
+  # $(OPENSSL_PATH)/crypto/cast/c_ecb.c
+  # $(OPENSSL_PATH)/crypto/cast/c_enc.c
+  # $(OPENSSL_PATH)/crypto/cast/c_cfb64.c
+  # $(OPENSSL_PATH)/crypto/cast/c_ofb64.c
+  #
+  # CAMELLIA - Disabled by OPENSSL_NO_CAMELLIA
+  #
+  # $(OPENSSL_PATH)/crypto/camellia/camellia.c
+  # $(OPENSSL_PATH)/crypto/camellia/cmll_misc.c
+  # $(OPENSSL_PATH)/crypto/camellia/cmll_ecb.c
+  # $(OPENSSL_PATH)/crypto/camellia/cmll_cbc.c
+  # $(OPENSSL_PATH)/crypto/camellia/cmll_ofb.c
+  # $(OPENSSL_PATH)/crypto/camellia/cmll_cfb.c
+  # $(OPENSSL_PATH)/crypto/camellia/cmll_ctr.c
+  # $(OPENSSL_PATH)/crypto/camellia/cmll_utl.c
+  #
+  # SEED - Disabled by OPENSSL_NO_SEED
+  #
+  # $(OPENSSL_PATH)/crypto/seed/seed.c
+  # $(OPENSSL_PATH)/crypto/seed/seed_ecb.c
+  # $(OPENSSL_PATH)/crypto/seed/seed_cbc.c
+  # $(OPENSSL_PATH)/crypto/seed/seed_cfb.c
+  # $(OPENSSL_PATH)/crypto/seed/seed_ofb.c
+  #
+  # MODES
+  #
+  $(OPENSSL_PATH)/crypto/modes/cbc128.c
+  $(OPENSSL_PATH)/crypto/modes/ctr128.c
+  $(OPENSSL_PATH)/crypto/modes/cts128.c
+  $(OPENSSL_PATH)/crypto/modes/cfb128.c
+  $(OPENSSL_PATH)/crypto/modes/ofb128.c
+  $(OPENSSL_PATH)/crypto/modes/gcm128.c
+  $(OPENSSL_PATH)/crypto/modes/ccm128.c
+  $(OPENSSL_PATH)/crypto/modes/xts128.c
+  $(OPENSSL_PATH)/crypto/modes/wrap128.c
+  #
+  # BIGNUM
+  #
   $(OPENSSL_PATH)/crypto/bn/bn_add.c
   $(OPENSSL_PATH)/crypto/bn/bn_div.c
 …
   $(OPENSSL_PATH)/crypto/bn/bn_nist.c
   $(OPENSSL_PATH)/crypto/bn/bn_depr.c
+  $(OPENSSL_PATH)/crypto/bn/bn_const.c
   $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+  $(OPENSSL_PATH)/crypto/bn/bn_const.c
+  $(OPENSSL_PATH)/crypto/bn/bn_opt.c
+  #
+  # ELLIPTIC CURVE - Disabled by OPENSSL_NO_EC
+  #
+  # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_err.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_check.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_print.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_key.c
+  # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+  # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+  # $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+  # $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+  # $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+  # $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+  #
+  # RSA
+  #
   $(OPENSSL_PATH)/crypto/rsa/rsa_eay.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
 …
   $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
-  $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
+  $(OPENSSL_PATH)/crypto/rsa/rsa_eng.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_key.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_lib.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_asn1.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_vrf.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_sign.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_err.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c
+  $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c
+  $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+  $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
+  $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
+  $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
+  #
+  # DSA - Disabled by OPENSSL_NO_DSA
+  #
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_key.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_lib.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_asn1.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_vrf.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_sign.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_err.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_ameth.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_pmeth.c
+  # $(OPENSSL_PATH)/crypto/dsa/dsa_prn.c
+  #
+  # ECDSA - Disabled by OPENSSL_NO_ECDSA
+  #
+  # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
+  # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
+  # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
+  # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
+  # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
+  # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+  #
+  # DIFFIE-HELLMAN
+  #
+  $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
+  $(OPENSSL_PATH)/crypto/dh/dh_gen.c
+  $(OPENSSL_PATH)/crypto/dh/dh_key.c
+  $(OPENSSL_PATH)/crypto/dh/dh_lib.c
+  $(OPENSSL_PATH)/crypto/dh/dh_check.c
+  $(OPENSSL_PATH)/crypto/dh/dh_err.c
+  $(OPENSSL_PATH)/crypto/dh/dh_depr.c
+  $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+  $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
+  $(OPENSSL_PATH)/crypto/dh/dh_prn.c
+  $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+  # $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
+  #
+  # ECDH - Disabled by OPENSSL_NO_ECDH
+  #
+  # $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c
+  # $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c
+  # $(OPENSSL_PATH)/crypto/ecdh/ech_key.c
+  # $(OPENSSL_PATH)/crypto/ecdh/ech_err.c
+  # $(OPENSSL_PATH)/crypto/ecdh/ech_kdf.c
+  #
+  # DSO
+  #
   $(OPENSSL_PATH)/crypto/dso/dso_dl.c
   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
 …
   $(OPENSSL_PATH)/crypto/dso/dso_win32.c
   $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+  $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
+  $(OPENSSL_PATH)/crypto/dh/dh_gen.c
+  $(OPENSSL_PATH)/crypto/dh/dh_key.c
+  $(OPENSSL_PATH)/crypto/dh/dh_lib.c
+  $(OPENSSL_PATH)/crypto/dh/dh_check.c
+  $(OPENSSL_PATH)/crypto/dh/dh_err.c
+  $(OPENSSL_PATH)/crypto/dh/dh_depr.c
+  $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+  $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+  $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+  $(OPENSSL_PATH)/crypto/ec/ec_err.c
+  $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+  $(OPENSSL_PATH)/crypto/ec/ec_check.c
+  $(OPENSSL_PATH)/crypto/ec/ec_print.c
+  $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+  $(OPENSSL_PATH)/crypto/ec/ec_key.c
+  $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+  $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
+  $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c
+  $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c
+  $(OPENSSL_PATH)/crypto/ecdh/ech_key.c
+  $(OPENSSL_PATH)/crypto/ecdh/ech_err.c
+  $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
+  $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
+  $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
+  $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
+  $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
+  $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+  $(OPENSSL_PATH)/crypto/dso/dso_beos.c
+  #
+  # ENGINE - Disabled by OPENSSL_NO_ENGINE
+  #
+  # $(OPENSSL_PATH)/crypto/engine/eng_err.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_list.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_init.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_table.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_all.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_store.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_pkmeth.c
+  # $(OPENSSL_PATH)/crypto/engine/tb_asnmth.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
+  # $(OPENSSL_PATH)/crypto/engine/eng_rdrand.c
+  #
+  # BUFFER
+  #
   $(OPENSSL_PATH)/crypto/buffer/buffer.c
   $(OPENSSL_PATH)/crypto/buffer/buf_str.c
   $(OPENSSL_PATH)/crypto/buffer/buf_err.c
+  #
+  # BIO
+  #
   $(OPENSSL_PATH)/crypto/bio/bio_lib.c
   $(OPENSSL_PATH)/crypto/bio/bio_cb.c
 …
   $(OPENSSL_PATH)/crypto/bio/bss_fd.c
   $(OPENSSL_PATH)/crypto/bio/bss_file.c
+  $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+  $(OPENSSL_PATH)/crypto/bio/bss_conn.c
   $(OPENSSL_PATH)/crypto/bio/bf_null.c
   $(OPENSSL_PATH)/crypto/bio/bf_buff.c
+  #
+  # Not required for UEFI.
+  #
+  # Not Required by UEFI.
+  #
   # $(OPENSSL_PATH)/crypto/bio/b_print.c
   $(OPENSSL_PATH)/crypto/bio/b_dump.c
+  $(OPENSSL_PATH)/crypto/bio/b_sock.c
+  $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
   $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
   $(OPENSSL_PATH)/crypto/bio/bss_log.c
   $(OPENSSL_PATH)/crypto/bio/bss_bio.c
   $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
+  #
+  # STACK
+  #
   $(OPENSSL_PATH)/crypto/stack/stack.c
+  #
+  # LHASH
+  #
   $(OPENSSL_PATH)/crypto/lhash/lhash.c
   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+  #
+  # RAND
+  #
   $(OPENSSL_PATH)/crypto/rand/md_rand.c
   $(OPENSSL_PATH)/crypto/rand/randfile.c
   $(OPENSSL_PATH)/crypto/rand/rand_lib.c
-  $(OPENSSL_PATH)/crypto/rand/rand_eng.c
   $(OPENSSL_PATH)/crypto/rand/rand_err.c
   $(OPENSSL_PATH)/crypto/rand/rand_egd.c
   $(OPENSSL_PATH)/crypto/rand/rand_win.c
+  # $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+  # $(OPENSSL_PATH)/crypto/rand/rand_win.c
   $(OPENSSL_PATH)/crypto/rand/rand_unix.c
+  $(OPENSSL_PATH)/crypto/rand/rand_os2.c
+  $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+  # $(OPENSSL_PATH)/crypto/rand/rand_os2.c
+  # $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+  #
+  # ERR
+  #
   $(OPENSSL_PATH)/crypto/err/err.c
-  $(OPENSSL_PATH)/crypto/err/err_def.c
   $(OPENSSL_PATH)/crypto/err/err_all.c
   $(OPENSSL_PATH)/crypto/err/err_prn.c
+  $(OPENSSL_PATH)/crypto/err/err_str.c
+  $(OPENSSL_PATH)/crypto/err/err_bio.c
+  $(OPENSSL_PATH)/crypto/objects/o_names.c
+  $(OPENSSL_PATH)/crypto/objects/obj_dat.c
+  $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+  $(OPENSSL_PATH)/crypto/objects/obj_err.c
+  #
+  # EVP
+  #
   $(OPENSSL_PATH)/crypto/evp/encode.c
   $(OPENSSL_PATH)/crypto/evp/digest.c
-  $(OPENSSL_PATH)/crypto/evp/dig_eng.c
   $(OPENSSL_PATH)/crypto/evp/evp_enc.c
   $(OPENSSL_PATH)/crypto/evp/evp_key.c
 …
   $(OPENSSL_PATH)/crypto/evp/e_idea.c
   $(OPENSSL_PATH)/crypto/evp/e_des3.c
+  $(OPENSSL_PATH)/crypto/evp/e_camellia.c
   $(OPENSSL_PATH)/crypto/evp/e_rc4.c
   $(OPENSSL_PATH)/crypto/evp/e_aes.c
   $(OPENSSL_PATH)/crypto/evp/names.c
+  $(OPENSSL_PATH)/crypto/evp/e_seed.c
   $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
   $(OPENSSL_PATH)/crypto/evp/e_rc2.c
   $(OPENSSL_PATH)/crypto/evp/e_cast.c
   $(OPENSSL_PATH)/crypto/evp/e_rc5.c
-  $(OPENSSL_PATH)/crypto/evp/enc_min.c
   $(OPENSSL_PATH)/crypto/evp/m_null.c
   $(OPENSSL_PATH)/crypto/evp/m_md2.c
 …
   $(OPENSSL_PATH)/crypto/evp/m_sha.c
   $(OPENSSL_PATH)/crypto/evp/m_sha1.c
+  $(OPENSSL_PATH)/crypto/evp/m_wp.c
   $(OPENSSL_PATH)/crypto/evp/m_dss.c
   $(OPENSSL_PATH)/crypto/evp/m_dss1.c
+  $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
   $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
   $(OPENSSL_PATH)/crypto/evp/m_ecdsa.c
 …
   $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
   $(OPENSSL_PATH)/crypto/evp/e_old.c
+  $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+  $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
+  $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
+  $(OPENSSL_PATH)/crypto/evp/m_sigver.c
+  $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
+  $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
+  $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
+  #
+  # ASN1
+  #
   $(OPENSSL_PATH)/crypto/asn1/a_object.c
   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
 …
   $(OPENSSL_PATH)/crypto/asn1/x_spki.c
   $(OPENSSL_PATH)/crypto/asn1/nsseq.c
+  $(OPENSSL_PATH)/crypto/asn1/x_nx509.c
   $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
   $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
 …
   $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
   $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
+  $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
+  $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
   $(OPENSSL_PATH)/crypto/asn1/f_int.c
   $(OPENSSL_PATH)/crypto/asn1/f_string.c
   $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
   $(OPENSSL_PATH)/crypto/asn1/f_enum.c
-  $(OPENSSL_PATH)/crypto/asn1/a_hdr.c
   $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
   $(OPENSSL_PATH)/crypto/asn1/a_bool.c
   $(OPENSSL_PATH)/crypto/asn1/x_exten.c
+  $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
+  $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
   $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
 …
   $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
-  $(OPENSSL_PATH)/crypto/asn1/a_meth.c
   $(OPENSSL_PATH)/crypto/asn1/a_bytes.c
   $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
 …
   $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
   $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
+  #
+  # PEM
+  #
   $(OPENSSL_PATH)/crypto/pem/pem_sign.c
   $(OPENSSL_PATH)/crypto/pem/pem_seal.c
 …
   $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
   $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
+  $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
+  #
+  # X509
+  #
   $(OPENSSL_PATH)/crypto/x509/x509_def.c
   $(OPENSSL_PATH)/crypto/x509/x509_d2.c
 …
   $(OPENSSL_PATH)/crypto/x509/x509_txt.c
   $(OPENSSL_PATH)/crypto/x509/x509_trs.c
+  $(OPENSSL_PATH)/crypto/x509/by_file.c
+  $(OPENSSL_PATH)/crypto/x509/by_dir.c
+  #
+  #  Not Required by UEFI.
+  #
+  # $(OPENSSL_PATH)/crypto/x509/by_file.c
+  # $(OPENSSL_PATH)/crypto/x509/by_dir.c
   $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
+  #
+  # X509v3
+  #
   $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
 …
   $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+  #
+  #  Not Required by UEFI.
+  #
+  # $(OPENSSL_PATH)/crypto/x509v3/v3_scts.c
+  #
+  # CONF
+  #
   $(OPENSSL_PATH)/crypto/conf/conf_err.c
   $(OPENSSL_PATH)/crypto/conf/conf_lib.c
 …
   $(OPENSSL_PATH)/crypto/conf/conf_mall.c
   $(OPENSSL_PATH)/crypto/conf/conf_sap.c
+  #
+  # TXT_DB
+  #
   $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+  #
+  # PKCS7
+  #
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
 …
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+  $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
+  #
+  # PKCS12
+  #
   $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
   $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
 …
   $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
   $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
+  #
+  # COMP
+  #
   $(OPENSSL_PATH)/crypto/comp/comp_lib.c
   $(OPENSSL_PATH)/crypto/comp/comp_err.c
   $(OPENSSL_PATH)/crypto/comp/c_rle.c
   $(OPENSSL_PATH)/crypto/comp/c_zlib.c
+  $(OPENSSL_PATH)/crypto/engine/eng_err.c
+  $(OPENSSL_PATH)/crypto/engine/eng_lib.c
+  $(OPENSSL_PATH)/crypto/engine/eng_list.c
+  $(OPENSSL_PATH)/crypto/engine/eng_init.c
+  $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
+  $(OPENSSL_PATH)/crypto/engine/eng_table.c
+  $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
+  $(OPENSSL_PATH)/crypto/engine/eng_fat.c
+  $(OPENSSL_PATH)/crypto/engine/eng_all.c
+  $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
+  $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
+  $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
+  $(OPENSSL_PATH)/crypto/engine/tb_dh.c
+  $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
+  $(OPENSSL_PATH)/crypto/engine/tb_rand.c
+  $(OPENSSL_PATH)/crypto/engine/tb_store.c
+  $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
+  $(OPENSSL_PATH)/crypto/engine/tb_digest.c
+  $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
+  $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
+  $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
+  $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
+  $(OPENSSL_PATH)/crypto/engine/eng_padlock.c
+  #
+  # OCSP - Disabled by OPENSSL_NO_OCSP
+  #
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
 …
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
+  $(OPENSSL_PATH)/crypto/ui/ui_err.c
+  #
+  # UI
+  #
   $(OPENSSL_PATH)/crypto/ui/ui_lib.c
+  #
   # Not required when OPENSSL_NO_STDIO is set, which is is for UEFI.
+  #
+  #
+  #  Not Required by UEFI.
+  #
+  # $(OPENSSL_PATH)/crypto/ui/ui_err.c
   # $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
   $(OPENSSL_PATH)/crypto/ui/ui_util.c
   $(OPENSSL_PATH)/crypto/ui/ui_compat.c
+  #
+  # KRB5
+  #
   $(OPENSSL_PATH)/crypto/krb5/krb5_asn.c
+  $(OPENSSL_PATH)/crypto/store/str_err.c
+  $(OPENSSL_PATH)/crypto/store/str_lib.c
+  $(OPENSSL_PATH)/crypto/store/str_meth.c
+  $(OPENSSL_PATH)/crypto/store/str_mem.c
+  #
+  # CMS - Disabled by OPENSSL_NO_CMS
+  #
+  # $(OPENSSL_PATH)/crypto/cms/cms_lib.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_asn1.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_att.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_io.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_smime.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_err.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_sd.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_dd.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_cd.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_env.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_enc.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_ess.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_pwri.c
+  # $(OPENSSL_PATH)/crypto/cms/cms_kari.c
+  #
+  # PQUEUE
+  #
   $(OPENSSL_PATH)/crypto/pqueue/pqueue.c
+  #
+  # TS
+  #
+  $(OPENSSL_PATH)/crypto/ts/ts_err.c
+  $(OPENSSL_PATH)/crypto/ts/ts_req_utils.c
+  $(OPENSSL_PATH)/crypto/ts/ts_req_print.c
+  $(OPENSSL_PATH)/crypto/ts/ts_rsp_utils.c
+  $(OPENSSL_PATH)/crypto/ts/ts_rsp_print.c
+  $(OPENSSL_PATH)/crypto/ts/ts_rsp_sign.c
+  $(OPENSSL_PATH)/crypto/ts/ts_rsp_verify.c
+  $(OPENSSL_PATH)/crypto/ts/ts_verify_ctx.c
+  $(OPENSSL_PATH)/crypto/ts/ts_lib.c
+  $(OPENSSL_PATH)/crypto/ts/ts_conf.c
+  $(OPENSSL_PATH)/crypto/ts/ts_asn1.c
+  #
+  # SRP - Disabled by OPENSSL_NO_SRP
+  #
+  # $(OPENSSL_PATH)/crypto/srp/srp_lib.c
+  # $(OPENSSL_PATH)/crypto/srp/srp_vfy.c
+  #
+  # CMAS
+  #
+  $(OPENSSL_PATH)/crypto/cmac/cmac.c
+  $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+  $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
 [Packages]
 …
 [BuildOptions]
+   #
+   # Override MSFT build option to remove /W4 (to silence warning messages when building OpenSSL).
+   #
+   MSFT:DEBUG_VS2003_IA32_CC_FLAGS        == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:RELEASE_VS2003_IA32_CC_FLAGS      == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w  -DTHIRTY_TWO_BIT
+   MSFT:DEBUG_VS2003xASL_IA32_CC_FLAGS    == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:RELEASE_VS2003xASL_IA32_CC_FLAGS  == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:DEBUG_DDK3790_IA32_CC_FLAGS       == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:RELEASE_DDK3790_IA32_CC_FLAGS     == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:DEBUG_DDK3790xASL_IA32_CC_FLAGS   == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:RELEASE_DDK3790xASL_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:DEBUG_*_IA32_CC_FLAGS             == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:RELEASE_*_IA32_CC_FLAGS           == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:NOOPT_*_IA32_CC_FLAGS             == /nologo /c /WX /GS- /Gs32768 /D UNICODE /Od /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   MSFT:DEBUG_*_X64_CC_FLAGS              == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   MSFT:RELEASE_*_X64_CC_FLAGS            == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   MSFT:NOOPT_*_X64_CC_FLAGS              == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /Od /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   MSFT:DEBUG_*_IPF_CC_FLAGS              == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   MSFT:RELEASE_*_IPF_CC_FLAGS            == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   MSFT:NOOPT_*_IPF_CC_FLAGS              == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Od /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   INTEL:*_*_IA32_CC_FLAGS                = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+   INTEL:*_*_X64_CC_FLAGS                 = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   INTEL:*_*_IPF_CC_FLAGS                 = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+   GCC:*_*_IA32_CC_FLAGS                  = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+   GCC:*_*_X64_CC_FLAGS                   = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT
+   GCC:*_*_IPF_CC_FLAGS                   = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT
+   RVCT:*_*_IA32_CC_FLAGS                 = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT
+   RVCT:*_*_X64_CC_FLAGS                  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DSIXTY_FOUR_BIT
+   RVCT:*_*_IPF_CC_FLAGS                  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DSIXTY_FOUR_BIT
+  #
+  # Disables the following Visual Studio compiler warnings brought by openssl source, so we do not break the build with /WX option:
+  # C4244: conversion from type1 to type2, possible loss of data
+  # C4702: unreachable code
+  # C4706: assignment within conditional expression
+  # C4133: incompatible types - from type1 to type2
+  # C4245: conversion from type1 to type2, signed/unsigned mismatch
+  # C4267: conversion from size_t to type, possible loss of data
+  # C4305: truncation from type1 to type2 of smaller size
+  # C4306: conversion from type1 to type2 of greater size
+  # C4702: Potentially uninitialized local variable name used
+  #
+  MSFT:*_*_IA32_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706
+  MSFT:*_*_X64_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+  MSFT:*_*_IPF_CC_FLAGS     = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+  INTEL:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+  INTEL:*_*_X64_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+  INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+  GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+  GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+  GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+  GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+  # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
+  # 1295: Deprecated declaration <entity> - give arg types
+  #  550: <entity> was set but never used
+  # 1293: assignment in condition
+  #  111: statement is unreachable (invariably "break;" after "return X;" in case statement)
+  #   68: integer conversion resulted in a change of sign ("if (Status == -1)")
+  #  177: <entity> was declared but never referenced
+  #  223: function <entity> declared implicitly
+  #  144: a value of type <type> cannot be used to initialize an entity of type <type>
+  #  513: a value of type <type> cannot be assigned to an entity of type <type>
+  #  188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
+  # 1296: Extended constant initialiser used
+  RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
+  XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+  XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG

trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt

-              r48674
+              r58459
   OpenSSL is a well-known open source implementation of SSL and TLS protocols.
 The core library implements the basic cryptographic functions and provides various
 utility functions. The OpenSSL library is widely used in variety of security
 products development as base crypto provider. (See http://www.openssl.org for more
+utility functions. The OpenSSL library is widely used in variety of security
+products development as base crypto provider. (See http://www.openssl.org for more
 information for OpenSSL).
   UEFI (Unified Extensible Firmware Interface) is a specification detailing the
 interfaces between OS and platform firmware. Several security features were
 introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
 .2 (http://www.uefi.org). These security features highly depends on the
+  UEFI (Unified Extensible Firmware Interface) is a specification detailing the
+interfaces between OS and platform firmware. Several security features were
+introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
+.2 (http://www.uefi.org). These security features highly depends on the
 cryptography. This patch will enable openssl building under UEFI environment.
 …
                                 OpenSSL-Version
 ================================================================================
   Current supported OpenSSL version for UEFI Crypto Library is 0.9.8w.
     http://www.openssl.org/source/openssl-0.9.8w.tar.gz
+  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.
+    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
 …
                       HOW to Install Openssl for UEFI Building
 ================================================================================
 .  Download OpenSSL 0.9.8w from official website:
         http://www.openssl.org/source/openssl-0.9.8w.tar.gz
+.  Download OpenSSL 1.0.2d from official website:
+    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
     NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8w.tar.tar.
           When you do the download, rename the "openssl-0.9.8w.tar.tar" to
           "openssl-0.9.8w.tar.gz" or rename the local downloaded file with ".tar.tar"
+    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2d.tar.tar.
+          When you do the download, rename the "openssl-1.0.2d.tar.tar" to
+          "openssl-1.0.2d.tar.gz" or rename the local downloaded file with ".tar.tar"
           extension to ".tar.gz".
 .  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8w
+.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d
     NOTE: If you use WinZip to unpack the openssl source in Windows, please
           uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
+    NOTE: If you use WinZip to unpack the openssl source in Windows, please
+          uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
           Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
 .  Apply this patch: EDKII_openssl-0.9.8w.patch, and make installation
+.  Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation
     For Windows Environment:
     ------------------------
 ) Make sure the patch utility has been installed in your machine.
        Install Cygwin or get the patch utility binary from
+       Install Cygwin or get the patch utility binary from
           http://gnuwin32.sourceforge.net/packages/patch.htm
 ) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8w
 ) patch -p0 -i ..\EDKII_openssl-0.9.8w.patch
+) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d
+) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch
 ) cd ..
 ) Install.cmd
 …
 ) Make sure the patch utility has been installed in your machine.
        Patch utility is available from http://directory.fsf.org/project/patch/
 ) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8w
 ) patch -p0 -i ../EDKII_openssl-0.9.8w.patch
+) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d
+) patch -p0 -i ../EDKII_openssl-1.0.2d.patch
 ) cd ..
 ) ./Install.sh

Changeset 58459 in vbox for trunk/src/VBox/Devices/EFI/Firmware/CryptoPkg

Legend:

Download in other formats: