Changeset 85718 in vbox for trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg

Timestamp:

Aug 12, 2020 4:09:12 PM (4 years ago)

Author:

vboxsync

Message:

Devices/EFI: Merge edk-stable202005 and make it build, bugref:4643

Location:

trunk/src/VBox/Devices/EFI/FirmwareNew

Files:

• . (modified) (1 prop)
• CryptoPkg/CryptoPkg.ci.yaml (added)
• CryptoPkg/CryptoPkg.dec (modified) (3 diffs)
• CryptoPkg/CryptoPkg.dsc (modified) (6 diffs)
• CryptoPkg/CryptoPkg.uni (modified) (2 diffs)
• CryptoPkg/Driver (added)
• CryptoPkg/Driver/Crypto.c (added)
• CryptoPkg/Driver/Crypto.uni (added)
• CryptoPkg/Driver/CryptoDxe.c (added)
• CryptoPkg/Driver/CryptoDxe.inf (added)
• CryptoPkg/Driver/CryptoPei.c (added)
• CryptoPkg/Driver/CryptoPei.inf (added)
• CryptoPkg/Driver/CryptoSmm.c (added)
• CryptoPkg/Driver/CryptoSmm.inf (added)
• CryptoPkg/Include/Library/BaseCryptLib.h (modified) (11 diffs)
• CryptoPkg/Include/Library/HashApiLib.h (added)
• CryptoPkg/Include/Library/TlsLib.h (modified) (1 diff)
• CryptoPkg/Include/Pcd (added)
• CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h (added)
• CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf (modified) (6 diffs)
• CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c (modified) (1 diff)
• CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c (modified) (1 diff)
• CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c (deleted)
• CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c (modified) (6 diffs)
• CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c (modified) (4 diffs)
• CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf (modified) (5 diffs)
• CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni (modified) (2 diffs)
• CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c (modified) (2 diffs)
• CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c (modified) (2 diffs)
• CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c (modified) (4 diffs)
• CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c (modified) (4 diffs)
• CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c (modified) (7 diffs)
• CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c (modified) (2 diffs)
• CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf (modified) (5 diffs)
• CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni (modified) (2 diffs)
• CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf (modified) (4 diffs)
• CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni (modified) (2 diffs)
• CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c (modified) (1 diff)
• CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c (added)
• CryptoPkg/Library/BaseCryptLibNull (added)
• CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf (added)
• CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.uni (added)
• CryptoPkg/Library/BaseCryptLibNull/Cipher (added)
• CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Hash (added)
• CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd5Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Hash/CryptSha1Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Hash/CryptSha256Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Hash/CryptSha512Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Hash/CryptSm3Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Hmac (added)
• CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/InternalCryptLib.h (added)
• CryptoPkg/Library/BaseCryptLibNull/Kdf (added)
• CryptoPkg/Library/BaseCryptLibNull/Kdf/CryptHkdfNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pem (added)
• CryptoPkg/Library/BaseCryptLibNull/Pem/CryptPemNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptAuthenticodeNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptDhNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs5Pbkdf2Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7SignNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7VerifyEkuNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7VerifyNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaBasicNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaExtNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptTsNull.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c (added)
• CryptoPkg/Library/BaseCryptLibNull/Rand (added)
• CryptoPkg/Library/BaseCryptLibNull/Rand/CryptRandNull.c (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.uni (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c (added)
• CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf (added)
• CryptoPkg/Library/BaseHashApiLib (added)
• CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c (added)
• CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf (added)
• CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.uni (added)
• CryptoPkg/Library/Include/CrtLibSupport.h (modified) (7 diffs)
• CryptoPkg/Library/Include/arpa (added)
• CryptoPkg/Library/Include/arpa/inet.h (added)
• CryptoPkg/Library/Include/arpa/nameser.h (added)
• CryptoPkg/Library/Include/internal/dso_conf.h (modified) (1 diff)
• CryptoPkg/Library/Include/netinet (added)
• CryptoPkg/Library/Include/netinet/in.h (added)
• CryptoPkg/Library/Include/openssl/opensslconf.h (modified) (4 diffs)
• CryptoPkg/Library/Include/sys/param.h (added)
• CryptoPkg/Library/Include/sys/shm.h (added)
• CryptoPkg/Library/Include/sys/socket.h (added)
• CryptoPkg/Library/Include/sys/utsname.h (added)
• CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c (modified) (2 diffs)
• CryptoPkg/Library/OpensslLib/OpensslLib.inf (modified) (26 diffs)
• CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf (modified) (24 diffs)
• CryptoPkg/Library/OpensslLib/process_files.pl (modified) (10 diffs)
• CryptoPkg/Library/OpensslLib/rand_pool.c (modified) (4 diffs)
• CryptoPkg/Library/OpensslLib/rand_pool_noise.c (modified) (1 diff)
• CryptoPkg/Library/TlsLib/TlsConfig.c (modified) (2 diffs)
• CryptoPkg/Library/TlsLib/TlsLib.inf (modified) (2 diffs)
• CryptoPkg/Library/TlsLibNull (added)
• CryptoPkg/Library/TlsLibNull/InternalTlsLib.h (added)
• CryptoPkg/Library/TlsLibNull/TlsConfigNull.c (added)
• CryptoPkg/Library/TlsLibNull/TlsInitNull.c (added)
• CryptoPkg/Library/TlsLibNull/TlsLibNull.inf (added)
• CryptoPkg/Library/TlsLibNull/TlsLibNull.uni (added)
• CryptoPkg/Library/TlsLibNull/TlsProcessNull.c (added)
• CryptoPkg/Private (added)
• CryptoPkg/Private/Ppi (added)
• CryptoPkg/Private/Ppi/Crypto.h (added)
• CryptoPkg/Private/Protocol (added)
• CryptoPkg/Private/Protocol/Crypto.h (added)
• CryptoPkg/Private/Protocol/SmmCrypto.h (added)

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/CryptoPkg.dec

@@ -5 +5 @@
 #  It also provides a test application to test libraries.
 #
-#  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -21 +21 @@
 
 [Includes.Common.Private]
+  Private
   Library/Include
   Library/OpensslLib/openssl/include
@@ -34 +35 @@
   TlsLib|Include/Library/TlsLib.h
 
+  ##  @libraryclass  Provides Unified API for different hash implementations.
+  #
+  HashApiLib|Include/Library/HashApiLib.h
+
+[Protocols]
+  ## EDK II Crypto DXE protocol
+  # 2C2275C9-3A7B-426F-BE54-2D22BD9D1092
+  gEdkiiCryptoProtocolGuid =  { 0x2C2275C9, 0x3A7B, 0x426F, { 0xBE, 0x54, 0x2D, 0x22, 0xBD, 0x9D, 0x10, 0x92 }}
+
+  ## EDK II Crypto SMM protocol
+  # F46B2EB2-E0D7-4C96-A3B1-CB7C572EB300
+  gEdkiiSmmCryptoProtocolGuid =  { 0xF46B2EB2, 0xE0D7, 0x4C96, { 0xA3, 0xB1, 0xc, 0x61, 0xbb, 0x24, 0x5c, 0x42 }}
+
+[Ppis]
+  ## EDK II Crypto PPI
+  # 7DCE671B-C223-446A-A705-ED637AAF6771
+  gEdkiiCryptoPpiGuid =  { 0x7DCE671B, 0xC223, 0x446A, { 0xA7, 0x05, 0xED, 0x63, 0x7A, 0xAF, 0x67, 0x71 }}
+
+[Guids]
+  ## Crypto package token space guid.
+  gEfiCryptoPkgTokenSpaceGuid      = { 0x6bd7de60, 0x9ef7, 0x4899, { 0x97, 0xd0, 0xab, 0xff, 0xfd, 0xe9, 0x70, 0xf2 } }
+
+[PcdsFixedAtBuild]
+  ## Enable/Disable the families and individual services produced by the
+  #  EDK II Crypto Protocols/PPIs.  The default is all services disabled.
+  #  This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENABLE
+  #  structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h.
+  # @Prompt Enable/Disable EDK II Crypto Protocol/PPI services
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable|{0x00}|PCD_CRYPTO_SERVICE_FAMILY_ENABLE|0x00000002 {
+    <Packages>
+      CryptoPkg/CryptoPkg.dec
+    <HeaderFiles>
+      Pcd/PcdCryptoServiceFamilyEnable.h
+  }
+
+  ## This PCD indicates the HASH algorithm to calculate hash of data
+  #  Based on the value set, the required algorithm is chosen to calculate
+  #  the hash of data.<BR>
+  #  The default hashing algorithm for BaseHashApiLib is set to SHA256.<BR>
+  #     0x00000001    - HASH_ALG_SHA1.<BR>
+  #     0x00000002    - HASH_ALG_SHA256.<BR>
+  #     0x00000004    - HASH_ALG_SHA384.<BR>
+  #     0x00000008    - HASH_ALG_SHA512.<BR>
+  #     0x00000010    - HASH_ALG_SM3_256.<BR>
+  # @Prompt Set policy for hashing unsigned image for Secure Boot.
+  # @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
+  gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001
+
 [UserExtensions.TianoCore."ExtraFiles"]
   CryptoPkgExtra.uni

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/CryptoPkg.dsc

@@ -1 +1 @@
 ## @file
 #  Cryptographic Library Package for UEFI Security Implementation.
-#
-#  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+#  PEIM, DXE Driver, and SMM Driver with all crypto services enabled.
+#
+#  Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -18 +20 @@
   DSC_SPECIFICATION              = 0x00010005
   OUTPUT_DIRECTORY               = Build/CryptoPkg
-  SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64
+  SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64|RISCV64
   BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
   SKUID_IDENTIFIER               = DEFAULT
+
+  #
+  # Flavor of PEI, DXE, SMM modules to build.
+  # Must be one of ALL, NONE, MIN_PEI, MIN_DXE_MIN_SMM.
+  # Default is ALL that is used for package build verification.
+  #   PACKAGE         - Package verification build of all components.  Null
+  #                     versions of libraries are used to minimize build times.
+  #   ALL             - Build PEIM, DXE, and SMM drivers.  Protocols and PPIs
+  #                     publish all services.
+  #   NONE            - Build PEIM, DXE, and SMM drivers.  Protocols and PPIs
+  #                     publish no services.  Used to verify compiler/linker
+  #                     optimizations are working correctly.
+  #   MIN_PEI         - Build PEIM with PPI that publishes minimum required
+  #                     services.
+  #   MIN_DXE_MIN_SMM - Build DXE and SMM drivers with Protocols that publish
+  #                     minimum required services.
+  #
+  DEFINE CRYPTO_SERVICES = PACKAGE
+!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI MIN_DXE_MIN_SMM"
+!else
+  !error CRYPTO_SERVICES must be set to one of PACKAGE ALL NONE MIN_PEI MIN_DXE_MIN_SMM.
+!endif
 
 ################################################################################
@@ -30 +54 @@
   BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
   BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
-  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
   DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
-  DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
-  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
-  UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
-  DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
   UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
-  UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
-  UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
   UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
-  UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
-
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
 
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
@@ -58 +74 @@
   NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
 
+[LibraryClasses.common.PEIM]
+  PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
+  MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
+  PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
+  PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
+  HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+  MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
+
+!if $(CRYPTO_SERVICES) IN "ALL NONE MIN_PEI MIN_DXE_MIN_SMM"
+[LibraryClasses]
+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
+  DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+  OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+  DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+  UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf  #???
+  IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf                                          #???
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+
 [LibraryClasses.ARM]
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
 
 [LibraryClasses.common.PEIM]
+  PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+
+[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]
+  PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
+
+[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM]
+  PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
 
 [LibraryClasses.common.DXE_DRIVER]
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-
-[LibraryClasses.common.DXE_RUNTIME_DRIVER]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
 
 [LibraryClasses.common.DXE_SMM_DRIVER]
+  ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
-
-[LibraryClasses.common.UEFI_DRIVER]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-
-[LibraryClasses.common.UEFI_APPLICATION]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+!endif
 
 ################################################################################
@@ -84 +132 @@
 #
 ################################################################################
-[PcdsFeatureFlag]
-  gEfiMdePkgTokenSpaceGuid.PcdComponentName2Disable|TRUE
-  gEfiMdePkgTokenSpaceGuid.PcdDriverDiagnostics2Disable|TRUE
-
 [PcdsFixedAtBuild]
   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0f
   gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000
   gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
+
+!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!endif
+
+!if $(CRYPTO_SERVICES) == MIN_PEI
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+!endif
+
+!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword          | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners            | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners           | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                      | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll                  | FALSE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
+!endif
 
 ###################################################################################################
@@ -111 +224 @@
 #
 ###################################################################################################
+!if $(CRYPTO_SERVICES) == PACKAGE
 [Components]
   CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+  CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+  CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   CryptoPkg/Library/TlsLib/TlsLib.inf
+  CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
   CryptoPkg/Library/OpensslLib/OpensslLib.inf
   CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+
+  CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+  CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+  CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+!endif
+
+!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI"
+[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+  CryptoPkg/Driver/CryptoPei.inf {
+    <Defines>
+      !if $(CRYPTO_SERVICES) == ALL
+        FILE_GUID = 8DF53C2E-3380-495F-A8B7-370CFE28E1C6
+      !elseif $(CRYPTO_SERVICES) == NONE
+        FILE_GUID = E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF
+      !elseif $(CRYPTO_SERVICES) == MIN_PEI
+        FILE_GUID = 0F5827A9-35FD-4F41-8D38-9BAFCE594D31
+      !endif
+  }
+!endif
+
+!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_DXE_MIN_SMM"
+[Components.IA32, Components.X64, Components.AARCH64]
+  CryptoPkg/Driver/CryptoDxe.inf {
+    <Defines>
+      !if $(CRYPTO_SERVICES) == ALL
+        FILE_GUID = D9444B06-060D-42C5-9344-F04707BE0169
+      !elseif $(CRYPTO_SERVICES) == NONE
+        FILE_GUID = C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A
+      !elseif $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
+        FILE_GUID = DDF5BE9E-159A-4B77-B6D7-82B84B5763A2
+      !endif
+  }
 
 [Components.IA32, Components.X64]
-  CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+  CryptoPkg/Driver/CryptoSmm.inf {
+    <Defines>
+      !if $(CRYPTO_SERVICES) == ALL
+        FILE_GUID = A3542CE8-77F7-49DC-A834-45D37D2EC1FA
+      !elseif $(CRYPTO_SERVICES) == NONE
+        FILE_GUID = 6DCB3127-01E7-4131-A487-DC77A965A541
+      !elseif $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
+        FILE_GUID = 85F7EA15-3A2B-474A-8875-180542CD6BF3
+      !endif
+  }
+!endif
 
 [BuildOptions]

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/CryptoPkg.uni

@@ -5 +5 @@
 // It also provides a test application to test libraries.
 //
-// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 //
 // SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -16 +16 @@
 #string STR_PACKAGE_DESCRIPTION         #language en-US "This Package provides cryptographic-related libraries for UEFI security modules."
 
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_PROMPT  #language en-US "HASH algorithm to calculate hash"
 
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdHashApiLibPolicy_HELP  #language en-US "This PCD indicates the HASH algorithm to calculate hash of data.<BR><BR>\n"
+                                                                                        "Based on the value set, the required algorithm is chosen to calculate\n"
+                                                                                        "the hash of data.<BR>\n"
+                                                                                        "The default hashing algorithm for BaseHashApiLib is set to SHA256.<BR>\n"
+                                                                                        "0x00000001  -  HASH_ALG_SHA1.<BR>\n"
+                                                                                        "0x00000002  -  HASH_ALG_SHA256.<BR>\n"
+                                                                                        "0x00000004  -  HASH_ALG_SHA384.<BR>\n"
+                                                                                        "0x00000008  -  HASH_ALG_SHA512.<BR>\n"
+                                                                                        "0x00000010  -  HASH_ALG_SM3.<BR>"
 
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_PROMPT  #language en-US "Enable/Disable EDK II Crypto Protocol/PPI services"
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_HELP  #language en-US "Enable/Disable the families and individual services produced by the EDK II Crypto Protocols/PPIs.  The default is all services disabled.  This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h."

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Include/Library/BaseCryptLib.h

@@ -5 +5 @@
   functionality enabling.
 
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -14 +14 @@
 
 #include <Uefi/UefiBaseType.h>
-
-///
-/// MD4 digest size in bytes
-///
-#define MD4_DIGEST_SIZE     16
 
 ///
@@ -79 +74 @@
 
 /**
-  Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for MD4 hash operations.
-  @retval  0   This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
-  VOID
-  );
-
-/**
-  Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
-  subsequent use.
-
-  If Md4Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[out]  Md4Context  Pointer to MD4 context being initialized.
-
-  @retval TRUE   MD4 context initialization succeeded.
-  @retval FALSE  MD4 context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
-  OUT  VOID  *Md4Context
-  );
-
-/**
-  Makes a copy of an existing MD4 context.
-
-  If Md4Context is NULL, then return FALSE.
-  If NewMd4Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]  Md4Context     Pointer to MD4 context being copied.
-  @param[out] NewMd4Context  Pointer to new MD4 context.
-
-  @retval TRUE   MD4 context copy succeeded.
-  @retval FALSE  MD4 context copy failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
-  IN   CONST VOID  *Md4Context,
-  OUT  VOID        *NewMd4Context
-  );
-
-/**
-  Digests the input data and updates MD4 context.
-
-  This function performs MD4 digest on a data buffer of the specified size.
-  It can be called multiple times to compute the digest of long or discontinuous data streams.
-  MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
-  by Md4Final(). Behavior with invalid context is undefined.
-
-  If Md4Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  Md4Context  Pointer to the MD4 context.
-  @param[in]       Data        Pointer to the buffer containing the data to be hashed.
-  @param[in]       DataSize    Size of Data buffer in bytes.
-
-  @retval TRUE   MD4 data digest succeeded.
-  @retval FALSE  MD4 data digest failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
-  IN OUT  VOID        *Md4Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  );
-
-/**
-  Completes computation of the MD4 digest value.
-
-  This function completes MD4 hash computation and retrieves the digest value into
-  the specified memory. After this function has been called, the MD4 context cannot
-  be used again.
-  MD4 context should be already correctly initialized by Md4Init(), and should not be
-  finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
-  If Md4Context is NULL, then return FALSE.
-  If HashValue is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  Md4Context  Pointer to the MD4 context.
-  @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest
-                               value (16 bytes).
-
-  @retval TRUE   MD4 digest computation succeeded.
-  @retval FALSE  MD4 digest computation failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
-  IN OUT  VOID   *Md4Context,
-  OUT     UINT8  *HashValue
-  );
-
-/**
-  Computes the MD4 message digest of a input data buffer.
-
-  This function performs the MD4 message digest of a given data buffer, and places
-  the digest value into the specified memory.
-
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   Data        Pointer to the buffer containing the data to be hashed.
-  @param[in]   DataSize    Size of Data buffer in bytes.
-  @param[out]  HashValue   Pointer to a buffer that receives the MD4 digest
-                           value (16 bytes).
-
-  @retval TRUE   MD4 digest computation succeeded.
-  @retval FALSE  MD4 digest computation failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
-  IN   CONST VOID  *Data,
-  IN   UINTN       DataSize,
-  OUT  UINT8       *HashValue
-  );
-
-/**
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
 
@@ -1027 +882 @@
 
 /**
-  Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
-  (NOTE: This API is deprecated.
-         Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for HMAC-MD5 operations.
-  @retval  0   This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-HmacMd5GetContextSize (
-  VOID
-  );
-
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
-  If this interface is not supported, then return NULL.
-
-  @return  Pointer to the HMAC_CTX context that has been initialized.
-           If the allocations fails, HmacMd5New() returns NULL.
-  @retval  NULL  This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
-  VOID
-  );
-
-/**
-  Release the specified HMAC_CTX context.
-
-  If this interface is not supported, then do nothing.
-
-  @param[in]  HmacMd5Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
-  IN  VOID  *HmacMd5Ctx
-  );
-
-/**
-  Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
-  subsequent use.
-
-  If HmacMd5Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.
-  @param[in]   Key             Pointer to the user-supplied key.
-  @param[in]   KeySize         Key size in bytes.
-
-  @retval TRUE   HMAC-MD5 context initialization succeeded.
-  @retval FALSE  HMAC-MD5 context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Init (
-  OUT  VOID         *HmacMd5Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  );
-
-/**
-  Makes a copy of an existing HMAC-MD5 context.
-
-  If HmacMd5Context is NULL, then return FALSE.
-  If NewHmacMd5Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.
-  @param[out] NewHmacMd5Context  Pointer to new HMAC-MD5 context.
-
-  @retval TRUE   HMAC-MD5 context copy succeeded.
-  @retval FALSE  HMAC-MD5 context copy failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
-  IN   CONST VOID  *HmacMd5Context,
-  OUT  VOID        *NewHmacMd5Context
-  );
-
-/**
-  Digests the input data and updates HMAC-MD5 context.
-
-  This function performs HMAC-MD5 digest on a data buffer of the specified size.
-  It can be called multiple times to compute the digest of long or discontinuous data streams.
-  HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be
-  finalized by HmacMd5Final(). Behavior with invalid context is undefined.
-
-  If HmacMd5Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
-  @param[in]       Data            Pointer to the buffer containing the data to be digested.
-  @param[in]       DataSize        Size of Data buffer in bytes.
-
-  @retval TRUE   HMAC-MD5 data digest succeeded.
-  @retval FALSE  HMAC-MD5 data digest failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
-  IN OUT  VOID        *HmacMd5Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  );
-
-/**
-  Completes computation of the HMAC-MD5 digest value.
-
-  This function completes HMAC-MD5 hash computation and retrieves the digest value into
-  the specified memory. After this function has been called, the HMAC-MD5 context cannot
-  be used again.
-  HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be
-  finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
-  If HmacMd5Context is NULL, then return FALSE.
-  If HmacValue is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
-  @param[out]      HmacValue       Pointer to a buffer that receives the HMAC-MD5 digest
-                                   value (16 bytes).
-
-  @retval TRUE   HMAC-MD5 digest computation succeeded.
-  @retval FALSE  HMAC-MD5 digest computation failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
-  IN OUT  VOID   *HmacMd5Context,
-  OUT     UINT8  *HmacValue
-  );
-
-/**
-  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
-  (NOTE: This API is deprecated.
-         Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
-  @retval  0   This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-HmacSha1GetContextSize (
-  VOID
-  );
-
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
-  If this interface is not supported, then return NULL.
-
-  @return  Pointer to the HMAC_CTX context that has been initialized.
-           If the allocations fails, HmacSha1New() returns NULL.
-  @return  NULL   This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
-  VOID
-  );
-
-/**
-  Release the specified HMAC_CTX context.
-
-  If this interface is not supported, then do nothing.
-
-  @param[in]  HmacSha1Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
-  IN  VOID  *HmacSha1Ctx
-  );
-
-/**
-  Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
-  subsequent use.
-
-  If HmacSha1Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.
-  @param[in]   Key              Pointer to the user-supplied key.
-  @param[in]   KeySize          Key size in bytes.
-
-  @retval TRUE   HMAC-SHA1 context initialization succeeded.
-  @retval FALSE  HMAC-SHA1 context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Init (
-  OUT  VOID         *HmacSha1Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  );
-
-/**
-  Makes a copy of an existing HMAC-SHA1 context.
-
-  If HmacSha1Context is NULL, then return FALSE.
-  If NewHmacSha1Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
-  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.
-
-  @retval TRUE   HMAC-SHA1 context copy succeeded.
-  @retval FALSE  HMAC-SHA1 context copy failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
-  IN   CONST VOID  *HmacSha1Context,
-  OUT  VOID        *NewHmacSha1Context
-  );
-
-/**
-  Digests the input data and updates HMAC-SHA1 context.
-
-  This function performs HMAC-SHA1 digest on a data buffer of the specified size.
-  It can be called multiple times to compute the digest of long or discontinuous data streams.
-  HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should not
-  be finalized by HmacSha1Final(). Behavior with invalid context is undefined.
-
-  If HmacSha1Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
-  @param[in]       Data            Pointer to the buffer containing the data to be digested.
-  @param[in]       DataSize        Size of Data buffer in bytes.
-
-  @retval TRUE   HMAC-SHA1 data digest succeeded.
-  @retval FALSE  HMAC-SHA1 data digest failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
-  IN OUT  VOID        *HmacSha1Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  );
-
-/**
-  Completes computation of the HMAC-SHA1 digest value.
-
-  This function completes HMAC-SHA1 hash computation and retrieves the digest value into
-  the specified memory. After this function has been called, the HMAC-SHA1 context cannot
-  be used again.
-  HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should
-  not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
-  If HmacSha1Context is NULL, then return FALSE.
-  If HmacValue is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
-  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest
-                                    value (20 bytes).
-
-  @retval TRUE   HMAC-SHA1 digest computation succeeded.
-  @retval FALSE  HMAC-SHA1 digest computation failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
-  IN OUT  VOID   *HmacSha1Context,
-  OUT     UINT8  *HmacValue
-  );
-
-/**
-  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
-  (NOTE: This API is deprecated.
-         Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
-  @retval  0   This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-HmacSha256GetContextSize (
-  VOID
-  );
-
-/**
   Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
 
@@ -1369 +907 @@
 
 /**
-  Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
-  subsequent use.
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
 
   If HmacSha256Context is NULL, then return FALSE.
   If this interface is not supported, then return FALSE.
 
-  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
   @param[in]   Key                Pointer to the user-supplied key.
   @param[in]   KeySize            Key size in bytes.
 
-  @retval TRUE   HMAC-SHA256 context initialization succeeded.
-  @retval FALSE  HMAC-SHA256 context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Init (
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
   OUT  VOID         *HmacSha256Context,
   IN   CONST UINT8  *Key,
@@ -1419 +957 @@
   This function performs HMAC-SHA256 digest on a data buffer of the specified size.
   It can be called multiple times to compute the digest of long or discontinuous data streams.
-  HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not
-  be finalized by HmacSha256Final(). Behavior with invalid context is undefined.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid context is undefined.
 
   If HmacSha256Context is NULL, then return FALSE.
@@ -1448 +986 @@
   the specified memory. After this function has been called, the HMAC-SHA256 context cannot
   be used again.
-  HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should
-  not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
 
   If HmacSha256Context is NULL, then return FALSE.
@@ -1474 +1012 @@
 //    Symmetric Cryptography Primitive
 //=====================================================================================
-
-/**
-  Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for TDES operations.
-  @retval  0   This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
-  VOID
-  );
-
-/**
-  Initializes user-supplied memory as TDES context for subsequent use.
-
-  This function initializes user-supplied memory pointed by TdesContext as TDES context.
-  In addition, it sets up all TDES key materials for subsequent encryption and decryption
-  operations.
-  There are 3 key options as follows:
-  KeyLength = 64,  Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
-  KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
-  KeyLength = 192  Keying option 3: K1 != K2 != K3 (Strongest)
-
-  If TdesContext is NULL, then return FALSE.
-  If Key is NULL, then return FALSE.
-  If KeyLength is not valid, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[out]  TdesContext  Pointer to TDES context being initialized.
-  @param[in]   Key          Pointer to the user-supplied TDES key.
-  @param[in]   KeyLength    Length of TDES key in bits.
-
-  @retval TRUE   TDES context initialization succeeded.
-  @retval FALSE  TDES context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
-  OUT  VOID         *TdesContext,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeyLength
-  );
-
-/**
-  Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs TDES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (8 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  TdesContext should be already correctly initialized by TdesInit(). Behavior with
-  invalid TDES context is undefined.
-
-  If TdesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (8 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   TdesContext  Pointer to the TDES context.
-  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize    Size of the Input buffer in bytes.
-  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
-
-  @retval TRUE   TDES encryption succeeded.
-  @retval FALSE  TDES encryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
-  IN   VOID         *TdesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  );
-
-/**
-  Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs TDES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (8 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  TdesContext should be already correctly initialized by TdesInit(). Behavior with
-  invalid TDES context is undefined.
-
-  If TdesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (8 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   TdesContext  Pointer to the TDES context.
-  @param[in]   Input        Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize    Size of the Input buffer in bytes.
-  @param[out]  Output       Pointer to a buffer that receives the TDES decryption output.
-
-  @retval TRUE   TDES decryption succeeded.
-  @retval FALSE  TDES decryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
-  IN   VOID         *TdesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  );
-
-/**
-  Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
-  This function performs TDES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in CBC mode.
-  InputSize must be multiple of block size (8 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  Initialization vector should be one block size (8 bytes).
-  TdesContext should be already correctly initialized by TdesInit(). Behavior with
-  invalid TDES context is undefined.
-
-  If TdesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (8 bytes), then return FALSE.
-  If Ivec is NULL, then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   TdesContext  Pointer to the TDES context.
-  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize    Size of the Input buffer in bytes.
-  @param[in]   Ivec         Pointer to initialization vector.
-  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
-
-  @retval TRUE   TDES encryption succeeded.
-  @retval FALSE  TDES encryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
-  IN   VOID         *TdesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  IN   CONST UINT8  *Ivec,
-  OUT  UINT8        *Output
-  );
-
-/**
-  Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
-  This function performs TDES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in CBC mode.
-  InputSize must be multiple of block size (8 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  Initialization vector should be one block size (8 bytes).
-  TdesContext should be already correctly initialized by TdesInit(). Behavior with
-  invalid TDES context is undefined.
-
-  If TdesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (8 bytes), then return FALSE.
-  If Ivec is NULL, then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   TdesContext  Pointer to the TDES context.
-  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize    Size of the Input buffer in bytes.
-  @param[in]   Ivec         Pointer to initialization vector.
-  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
-
-  @retval TRUE   TDES decryption succeeded.
-  @retval FALSE  TDES decryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
-  IN   VOID         *TdesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  IN   CONST UINT8  *Ivec,
-  OUT  UINT8        *Output
-  );
 
 /**
@@ -1714 +1056 @@
   IN   CONST UINT8  *Key,
   IN   UINTN        KeyLength
-  );
-
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval TRUE   AES encryption succeeded.
-  @retval FALSE  AES encryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  );
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval TRUE   AES decryption succeeded.
-  @retval FALSE  AES decryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
   );
 
@@ -1862 +1134 @@
   IN   CONST UINT8  *Ivec,
   OUT  UINT8        *Output
-  );
-
-/**
-  Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for ARC4 operations.
-  @retval  0   This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
-  VOID
-  );
-
-/**
-  Initializes user-supplied memory as ARC4 context for subsequent use.
-
-  This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
-  In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
-  operations.
-
-  If Arc4Context is NULL, then return FALSE.
-  If Key is NULL, then return FALSE.
-  If KeySize does not in the range of [5, 256] bytes, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
-  @param[in]   Key          Pointer to the user-supplied ARC4 key.
-  @param[in]   KeySize      Size of ARC4 key in bytes.
-
-  @retval TRUE   ARC4 context initialization succeeded.
-  @retval FALSE  ARC4 context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
-  OUT  VOID         *Arc4Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  );
-
-/**
-  Performs ARC4 encryption on a data buffer of the specified size.
-
-  This function performs ARC4 encryption on data buffer pointed by Input, of specified
-  size of InputSize.
-  Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
-  invalid ARC4 context is undefined.
-
-  If Arc4Context is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
-  @param[in]       Input        Pointer to the buffer containing the data to be encrypted.
-  @param[in]       InputSize    Size of the Input buffer in bytes.
-  @param[out]      Output       Pointer to a buffer that receives the ARC4 encryption output.
-
-  @retval TRUE   ARC4 encryption succeeded.
-  @retval FALSE  ARC4 encryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
-  IN OUT  VOID         *Arc4Context,
-  IN      CONST UINT8  *Input,
-  IN      UINTN        InputSize,
-  OUT     UINT8        *Output
-  );
-
-/**
-  Performs ARC4 decryption on a data buffer of the specified size.
-
-  This function performs ARC4 decryption on data buffer pointed by Input, of specified
-  size of InputSize.
-  Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
-  invalid ARC4 context is undefined.
-
-  If Arc4Context is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
-  @param[in]       Input        Pointer to the buffer containing the data to be decrypted.
-  @param[in]       InputSize    Size of the Input buffer in bytes.
-  @param[out]      Output       Pointer to a buffer that receives the ARC4 decryption output.
-
-  @retval TRUE   ARC4 decryption succeeded.
-  @retval FALSE  ARC4 decryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
-  IN OUT  VOID   *Arc4Context,
-  IN      UINT8  *Input,
-  IN      UINTN  InputSize,
-  OUT     UINT8  *Output
-  );
-
-/**
-  Resets the ARC4 context to the initial state.
-
-  The function resets the ARC4 context to the state it had immediately after the
-  ARC4Init() function call.
-  Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
-  should be already correctly initialized by ARC4Init().
-
-  If Arc4Context is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
-
-  @retval TRUE   ARC4 reset succeeded.
-  @retval FALSE  ARC4 reset failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
-  IN OUT  VOID  *Arc4Context
   );
 
@@ -2421 +1561 @@
   IN   UINTN        CertSize,
   OUT  UINT8        **SingleX509Cert
+  );
+
+/**
+  Construct a X509 stack object from a list of DER-encoded certificate data.
+
+  If X509Stack is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
+                              On output, pointer to the X509 stack object with new
+                              inserted X509 certificate.
+  @param[in]       Args       VA_LIST marker for the variable argument list.
+                              A list of DER-encoded single certificate data followed
+                              by certificate size. A NULL terminates the list. The
+                              pairs are the arguments to X509ConstructCertificate().
+
+  @retval     TRUE            The X509 stack construction succeeded.
+  @retval     FALSE           The construction operation failed.
+  @retval     FALSE           This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStackV (
+  IN OUT  UINT8    **X509Stack,
+  IN      VA_LIST  Args
   );
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Include/Library/TlsLib.h

@@ -398 +398 @@
 
 /**
+  Set the specified host name to be verified.
+
+  @param[in]  Tls           Pointer to the TLS object.
+  @param[in]  Flags         The setting flags during the validation.
+  @param[in]  HostName      The specified host name to be verified.
+
+  @retval  EFI_SUCCESS           The HostName setting was set successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_ABORTED           Invalid HostName setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVerifyHost (
+  IN     VOID                     *Tls,
+  IN     UINT32                   Flags,
+  IN     CHAR8                    *HostName
+  );
+
+/**
   Sets a TLS/SSL session ID to be used during TLS/SSL connect.
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf

@@ -7 +7 @@
 #  buffer overflow or integer overflow.
 #
-#  Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -24 +25 @@
 # The following information is for reference only and not required by the build tools.
 #
-#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64 RISCV64
 #
 
 [Sources]
   InternalCryptLib.h
-  Hash/CryptMd4.c
   Hash/CryptMd5.c
   Hash/CryptSha1.c
@@ -35 +35 @@
   Hash/CryptSha512.c
   Hash/CryptSm3.c
-  Hmac/CryptHmacMd5.c
-  Hmac/CryptHmacSha1.c
   Hmac/CryptHmacSha256.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
-  Cipher/CryptTdes.c
-  Cipher/CryptArc4.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExt.c
@@ -59 +55 @@
   SysCall/TimerWrapper.c
   SysCall/BaseMemAllocation.c
+  SysCall/inet_pton.c
 
 [Sources.Ia32]
@@ -70 +67 @@
 
 [Sources.AARCH64]
+  Rand/CryptRand.c
+
+[Sources.RISCV64]
   Rand/CryptRand.c
 
@@ -102 +102 @@
   GCC:*_CLANG35_*_CC_FLAGS = -std=c99
   GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
 
   XCODE:*_*_*_CC_FLAGS = -std=c99

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c

@@ -76 +76 @@
     return FALSE;
   }
-  return TRUE;
-}
-
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval TRUE   AES encryption succeeded.
-  @retval FALSE  AES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  AES_KEY  *AesKey;
-
-  //
-  // Check input parameters.
-  //
-  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
-    return FALSE;
-  }
-
-  AesKey = (AES_KEY *) AesContext;
-
-  //
-  // Perform AES data encryption with ECB mode (block-by-block)
-  //
-  while (InputSize > 0) {
-    AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
-    Input     += AES_BLOCK_SIZE;
-    Output    += AES_BLOCK_SIZE;
-    InputSize -= AES_BLOCK_SIZE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval TRUE   AES decryption succeeded.
-  @retval FALSE  AES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  AES_KEY  *AesKey;
-
-  //
-  // Check input parameters.
-  //
-  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
-    return FALSE;
-  }
-
-  AesKey = (AES_KEY *) AesContext;
-
-  //
-  // Perform AES data decryption with ECB mode (block-by-block)
-  //
-  while (InputSize > 0) {
-    AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
-    Input     += AES_BLOCK_SIZE;
-    Output    += AES_BLOCK_SIZE;
-    InputSize -= AES_BLOCK_SIZE;
-  }
-
   return TRUE;
 }

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c

@@ -45 +45 @@
   IN   CONST UINT8  *Key,
   IN   UINTN        KeyLength
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
   )
 {

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c

@@ -2 +2 @@
   HMAC-SHA256 Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -10 +10 @@
 #include <openssl/hmac.h>
 
-//
-// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
-//       #define HMAC_MAX_MD_CBLOCK_SIZE     144
-//
-#define HMAC_SHA256_CTX_SIZE    (sizeof(void *) * 4 + sizeof(unsigned int) + \
-                             sizeof(unsigned char) * 144)
-
-/**
-  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
-  (NOTE: This API is deprecated.
-         Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
-
-  @return  The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
-
-**/
-UINTN
-EFIAPI
-HmacSha256GetContextSize (
-  VOID
-  )
-{
-  //
-  // Retrieves the OpenSSL HMAC-SHA256 Context Size
-  // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the
-  //       fixed size as a workaround to make this API work for compatibility.
-  //       We should retire HmacSha256GetContextSize() in future, and use HmacSha256New()
-  //       and HmacSha256Free() for context allocation and release.
-  //
-  return (UINTN)HMAC_SHA256_CTX_SIZE;
-}
-
 /**
   Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
@@ -79 +48 @@
 
 /**
-  Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
-  subsequent use.
-
-  If HmacSha256Context is NULL, then return FALSE.
-
-  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
+
+  If HmacSha256Context is NULL, then return FALSE.
+
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
   @param[in]   Key                Pointer to the user-supplied key.
   @param[in]   KeySize            Key size in bytes.
 
-  @retval TRUE   HMAC-SHA256 context initialization succeeded.
-  @retval FALSE  HMAC-SHA256 context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha256Init (
+  @retval TRUE   The Key is set successfully.
+  @retval FALSE  The Key is set unsuccessfully.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha256SetKey (
   OUT  VOID         *HmacSha256Context,
   IN   CONST UINT8  *Key,
@@ -107 +76 @@
   }
 
-  //
-  // OpenSSL HMAC-SHA256 Context Initialization
-  //
-  memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE);
-  if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
-    return FALSE;
-  }
   if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {
     return FALSE;
@@ -160 +122 @@
   This function performs HMAC-SHA256 digest on a data buffer of the specified size.
   It can be called multiple times to compute the digest of long or discontinuous data streams.
-  HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not
-  be finalized by HmacSha256Final(). Behavior with invalid context is undefined.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid context is undefined.
 
   If HmacSha256Context is NULL, then return FALSE.
@@ -211 +173 @@
   the specified memory. After this function has been called, the HMAC-SHA256 context cannot
   be used again.
-  HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should
-  not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized
+  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
 
   If HmacSha256Context is NULL, then return FALSE.

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c

@@ -2 +2 @@
   HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -8 +8 @@
 
 #include "InternalCryptLib.h"
-
-/**
-  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
-  (NOTE: This API is deprecated.
-         Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
-
-  Return zero to indicate this interface is not supported.
-
-  @retval  0   This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-HmacSha256GetContextSize (
-  VOID
-  )
-{
-  ASSERT (FALSE);
-  return 0;
-}
 
 /**
@@ -66 +46 @@
 
 /**
-  Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
-  subsequent use.
+  Set user-supplied key for subsequent use. It must be done before any
+  calling to HmacSha256Update().
 
   Return FALSE to indicate this interface is not supported.
 
-  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.
+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.
   @param[in]   Key                Pointer to the user-supplied key.
   @param[in]   KeySize            Key size in bytes.
@@ -80 +60 @@
 BOOLEAN
 EFIAPI
-HmacSha256Init (
+HmacSha256SetKey (
   OUT  VOID         *HmacSha256Context,
   IN   CONST UINT8  *Key,

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf

@@ -7 +7 @@
 #  buffer overflow or integer overflow.
 #
-#  Note: MD4 Digest functions,
-#  HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
+#  Note:
+#  HMAC-SHA256 functions, AES functions, RSA external
 #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
 #  certificate handler functions, authenticode signature verification functions,
@@ -14 +14 @@
 #  supported in this instance.
 #
-#  Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -36 +36 @@
 [Sources]
   InternalCryptLib.h
-  Hash/CryptMd4Null.c
   Hash/CryptMd5.c
   Hash/CryptSha1.c
@@ -42 +41 @@
   Hash/CryptSm3.c
   Hash/CryptSha512.c
-  Hmac/CryptHmacMd5Null.c
-  Hmac/CryptHmacSha1Null.c
   Hmac/CryptHmacSha256Null.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAesNull.c
-  Cipher/CryptTdesNull.c
-  Cipher/CryptArc4Null.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
@@ -97 +92 @@
   GCC:*_CLANG35_*_CC_FLAGS = -std=c99
   GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
 
   XCODE:*_*_*_CC_FLAGS = -std=c99

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni

@@ -7 +7 @@
 // buffer overflow or integer overflow.
 //
-// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
 // Diffie-Hellman functions, X.509 certificate handler functions, authenticode
 // signature verification functions, PEM handler functions, and pseudorandom number
 // generator functions are not supported in this instance.
 //
-// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 //
 // SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -22 +22 @@
 #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for PEIM"
 
-#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c

@@ -2 +2 @@
   PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -83 +83 @@
   //
   // Add possible block-cipher descriptor for PEM data decryption.
-  // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
+  // NOTE: Only support most popular ciphers AES for the encrypted PEM.
   //
-  if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
-    return FALSE;
-  }
   if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
     return FALSE;

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c

@@ -13 +13 @@
 #include <openssl/x509v3.h>
 #include <openssl/pkcs7.h>
+
+/**
+  Check the contents of PKCS7 is not data.
+
+  It is copied from PKCS7_type_is_other() in pk7_doit.c.
+
+  @param[in] P7 Pointer to the location at which the PKCS7 is located.
+
+  @retval TRUE  If the type is others.
+  @retval FALSE If the type is expected.
+**/
+STATIC
+BOOLEAN
+Pkcs7TypeIsOther (
+  IN PKCS7 *P7
+  )
+{
+  BOOLEAN Others;
+  INTN    Nid = OBJ_obj2nid (P7->type);
+
+  switch (Nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_encrypted:
+      Others = FALSE;
+      break;
+    default:
+      Others = TRUE;
+  }
+
+  return Others;
+}
+
+/**
+  Get the ASN.1 string for the PKCS7.
+
+  It is copied from PKCS7_get_octet_string() in pk7_doit.c.
+
+  @param[in] P7 Pointer to the location at which the PKCS7 is located.
+
+  @return ASN1_OCTET_STRING ASN.1 string.
+**/
+STATIC
+ASN1_OCTET_STRING*
+Pkcs7GetOctetString (
+  IN PKCS7 *P7
+  )
+{
+  if (PKCS7_type_is_data (P7)) {
+    return P7->d.data;
+  }
+
+  if (Pkcs7TypeIsOther(P7) && (P7->d.other != NULL) &&
+      (P7->d.other->type == V_ASN1_OCTET_STRING)) {
+    return P7->d.other->value.octet_string;
+  }
+
+  return NULL;
+}
 
 /**
@@ -99 +160 @@
     // Retrieve the attached content in PKCS7 signedData
     //
-    OctStr = Pkcs7->d.sign->contents->d.data;
+    OctStr = Pkcs7GetOctetString (Pkcs7->d.sign->contents);
+    if (OctStr == NULL) {
+      goto _Exit;
+    }
+
     if ((OctStr->length > 0) && (OctStr->data != NULL)) {
       *ContentSize = OctStr->length;

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c

@@ -8 +8 @@
   4) RsaPkcs1Verify
 
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -251 +251 @@
   If MessageHash is NULL, then return FALSE.
   If Signature is NULL, then return FALSE.
-  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
 
   @param[in]  RsaContext   Pointer to RSA context for signature verification.
@@ -289 +289 @@
   //
   // Determine the message digest algorithm according to digest size.
-  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
+  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
   //
   switch (HashSize) {
@@ -302 +302 @@
   case SHA256_DIGEST_SIZE:
     DigestType = NID_sha256;
+    break;
+
+  case SHA384_DIGEST_SIZE:
+    DigestType = NID_sha384;
+    break;
+
+  case SHA512_DIGEST_SIZE:
+    DigestType = NID_sha512;
     break;
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c

@@ -8 +8 @@
   4) RsaPkcs1Sign
 
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -277 +277 @@
   If RsaContext is NULL, then return FALSE.
   If MessageHash is NULL, then return FALSE.
-  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
   If SigSize is large enough but Signature is NULL, then return FALSE.
 
@@ -327 +327 @@
   //
   // Determine the message digest algorithm according to digest size.
-  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
+  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
   //
   switch (HashSize) {
@@ -340 +340 @@
   case SHA256_DIGEST_SIZE:
     DigestType = NID_sha256;
+    break;
+
+  case SHA384_DIGEST_SIZE:
+    DigestType = NID_sha384;
+    break;
+
+  case SHA512_DIGEST_SIZE:
+    DigestType = NID_sha512;
     break;
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c

@@ -2 +2 @@
   X.509 Certificate Handler Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -61 +61 @@
 
   If X509Stack is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
 
   @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
                               On output, pointer to the X509 stack object with new
                               inserted X509 certificate.
-  @param           ...        A list of DER-encoded single certificate data followed
+  @param[in]       Args       VA_LIST marker for the variable argument list.
+                              A list of DER-encoded single certificate data followed
                               by certificate size. A NULL terminates the list. The
                               pairs are the arguments to X509ConstructCertificate().
@@ -71 +73 @@
   @retval     TRUE            The X509 stack construction succeeded.
   @retval     FALSE           The construction operation failed.
+  @retval     FALSE           This interface is not supported.
 
 **/
 BOOLEAN
 EFIAPI
-X509ConstructCertificateStack (
-  IN OUT  UINT8  **X509Stack,
-  ...
+X509ConstructCertificateStackV (
+  IN OUT  UINT8    **X509Stack,
+  IN      VA_LIST  Args
   )
 {
@@ -85 +88 @@
   STACK_OF(X509)  *CertStack;
   BOOLEAN         Status;
-  VA_LIST         Args;
   UINTN           Index;
 
@@ -107 +109 @@
     }
   }
-
-  VA_START (Args, X509Stack);
 
   for (Index = 0; ; Index++) {
@@ -146 +146 @@
   }
 
-  VA_END (Args);
-
   if (!Status) {
     sk_X509_pop_free (CertStack, X509_free);
@@ -155 +153 @@
 
   return Status;
+}
+
+/**
+  Construct a X509 stack object from a list of DER-encoded certificate data.
+
+  If X509Stack is NULL, then return FALSE.
+
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
+                              On output, pointer to the X509 stack object with new
+                              inserted X509 certificate.
+  @param           ...        A list of DER-encoded single certificate data followed
+                              by certificate size. A NULL terminates the list. The
+                              pairs are the arguments to X509ConstructCertificate().
+
+  @retval     TRUE            The X509 stack construction succeeded.
+  @retval     FALSE           The construction operation failed.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStack (
+  IN OUT  UINT8  **X509Stack,
+  ...
+  )
+{
+  VA_LIST  Args;
+  BOOLEAN  Result;
+
+  VA_START (Args, X509Stack);
+  Result = X509ConstructCertificateStackV (X509Stack, Args);
+  VA_END (Args);
+  return Result;
 }
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c

@@ -3 +3 @@
   real capabilities.
 
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -28 +28 @@
   IN   UINTN        CertSize,
   OUT  UINT8        **SingleX509Cert
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
+
+/**
+  Construct a X509 stack object from a list of DER-encoded certificate data.
+
+  If X509Stack is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
+                              On output, pointer to the X509 stack object with new
+                              inserted X509 certificate.
+  @param[in]       Args       VA_LIST marker for the variable argument list.
+                              A list of DER-encoded single certificate data followed
+                              by certificate size. A NULL terminates the list. The
+                              pairs are the arguments to X509ConstructCertificate().
+
+  @retval     TRUE            The X509 stack construction succeeded.
+  @retval     FALSE           The construction operation failed.
+  @retval     FALSE           This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStackV (
+  IN OUT  UINT8    **X509Stack,
+  IN      VA_LIST  Args
   )
 {

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf

@@ -7 +7 @@
 #  buffer overflow or integer overflow.
 #
-#  Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
-#  HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
+#  Note: SHA-384 Digest functions, SHA-512 Digest functions,
+#  HMAC-SHA256 functions, AES functions, RSA external
 #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
 #  authenticode signature verification functions are not supported in this instance.
 #
-#  Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -35 +36 @@
 [Sources]
   InternalCryptLib.h
-  Hash/CryptMd4Null.c
   Hash/CryptMd5.c
   Hash/CryptSha1.c
@@ -41 +41 @@
   Hash/CryptSm3.c
   Hash/CryptSha512Null.c
-  Hmac/CryptHmacMd5Null.c
-  Hmac/CryptHmacSha1Null.c
   Hmac/CryptHmacSha256Null.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAesNull.c
-  Cipher/CryptTdesNull.c
-  Cipher/CryptArc4Null.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
@@ -76 +72 @@
 
 [Sources.AARCH64]
+  Rand/CryptRand.c
+
+[Sources.RISCV64]
   Rand/CryptRand.c
 
@@ -108 +107 @@
   GCC:*_CLANG35_*_CC_FLAGS = -std=c99
   GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
 
   XCODE:*_*_*_CC_FLAGS = -std=c99

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni

@@ -7 +7 @@
 // buffer overflow or integer overflow.
 //
-// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
 // Diffie-Hellman functions, and authenticode signature verification functions are
 // not supported in this instance.
 //
-// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 //
 // SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -21 +21 @@
 #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
 
-#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf

@@ -7 +7 @@
 #  buffer overflow or integer overflow.
 #
-#  Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
-#  HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
-#  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+#  Note: SHA-384 Digest functions, SHA-512 Digest functions,
+#  RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
 #  authenticode signature verification functions are not supported in this instance.
 #
-#  Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -35 +34 @@
 [Sources]
   InternalCryptLib.h
-  Hash/CryptMd4Null.c
   Hash/CryptMd5.c
   Hash/CryptSha1.c
@@ -41 +39 @@
   Hash/CryptSm3.c
   Hash/CryptSha512Null.c
-  Hmac/CryptHmacMd5Null.c
-  Hmac/CryptHmacSha1Null.c
   Hmac/CryptHmacSha256.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAes.c
-  Cipher/CryptTdesNull.c
-  Cipher/CryptArc4Null.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
@@ -105 +99 @@
   GCC:*_CLANG35_*_CC_FLAGS = -std=c99
   GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni

@@ -7 +7 @@
 // buffer overflow or integer overflow.
 //
-// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
 // Diffie-Hellman functions, and authenticode signature verification functions are
 // not supported in this instance.
 //
-// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 //
 // SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -21 +21 @@
 #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for SMM driver"
 
-#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c

@@ -116 +116 @@
 //
 
+char *strchr(const char *str, int ch)
+{
+  return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
+}
+
 /* Scan a string for the last occurrence of a character */
 char *strrchr (const char *str, int c)

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/Include/CrtLibSupport.h

@@ -4 +4 @@
 
 Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -44 +45 @@
 #define CONFIG_HEADER_BN_H
 
-#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64)
+#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64) || defined(MDE_CPU_RISCV64)
 //
 // With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs
@@ -75 +76 @@
 //
 #define EINVAL       22               /* Invalid argument */
+#define EAFNOSUPPORT 47               /* Address family not supported by protocol family */
 #define INT_MAX      0x7FFFFFFF       /* Maximum (signed) int value */
 #define LONG_MAX     0X7FFFFFFFL      /* max value for a long */
@@ -82 +84 @@
 
 //
+// Address families.
+//
+#define AF_INET   2     /* internetwork: UDP, TCP, etc. */
+#define AF_INET6  24    /* IP version 6 */
+
+//
+// Define constants based on RFC0883, RFC1034, RFC 1035
+//
+#define NS_INT16SZ    2   /*%< #/bytes of data in a u_int16_t */
+#define NS_INADDRSZ   4   /*%< IPv4 T_A */
+#define NS_IN6ADDRSZ  16  /*%< IPv6 T_AAAA */
+
+//
 // Basic types mapping
 //
 typedef UINTN          size_t;
+typedef UINTN          u_int;
 typedef INTN           ssize_t;
 typedef INT32          time_t;
 typedef UINT8          __uint8_t;
 typedef UINT8          sa_family_t;
+typedef UINT8          u_char;
 typedef UINT32         uid_t;
 typedef UINT32         gid_t;
@@ -148 +165 @@
 int            strcmp      (const char *, const char *);
 int            strncasecmp (const char *, const char *, size_t);
+char           *strchr     (const char *, int);
 char           *strrchr    (const char *, int);
 unsigned long  strtoul     (const char *, char **, int);
@@ -176 +194 @@
 void           abort       (void);
 #endif
+int            inet_pton   (int, const char *, void *);
 
 //
@@ -189 +208 @@
 #define strncpy(strDest,strSource,count)  AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
 #define strcat(strDest,strSource)         AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
-#define strchr(str,ch)                    ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
 #define strncmp(string1,string2,count)    (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
 #define strcasecmp(str1,str2)             (int)AsciiStriCmp(str1,str2)

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/Include/internal/dso_conf.h

@@ +1 @@
+/* WARNING: do not edit! */
+/* Generated from crypto/include/internal/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+# define DSO_NONE
+# define DSO_EXTENSION ".so"
+#endif

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/Include/openssl/opensslconf.h

@@ -50 +50 @@
 # define OPENSSL_NO_CT
 #endif
+#ifndef OPENSSL_NO_DES
+# define OPENSSL_NO_DES
+#endif
 #ifndef OPENSSL_NO_DSA
 # define OPENSSL_NO_DSA
@@ -62 +65 @@
 # define OPENSSL_NO_MD2
 #endif
+#ifndef OPENSSL_NO_MD4
+# define OPENSSL_NO_MD4
+#endif
 #ifndef OPENSSL_NO_MDC2
 # define OPENSSL_NO_MDC2
@@ -71 +77 @@
 # define OPENSSL_NO_RC2
 #endif
+#ifndef OPENSSL_NO_RC4
+# define OPENSSL_NO_RC4
+#endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
@@ -109 +118 @@
 #ifndef OPENSSL_NO_ASYNC
 # define OPENSSL_NO_ASYNC
-#endif
-#ifndef OPENSSL_NO_AUTOALGINIT
-# define OPENSSL_NO_AUTOALGINIT
 #endif
 #ifndef OPENSSL_NO_AUTOERRINIT

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c

@@ -3 +3 @@
   Cryptographic Library.
 
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -14 +14 @@
 typedef UINTN  size_t;
 
+#if defined(__GNUC__) || defined(__clang__)
+  #define GLOBAL_USED __attribute__((used))
+#else
+  #define GLOBAL_USED
+#endif
+
 /* OpenSSL will use floating point support, and C compiler produces the _fltused
    symbol by default. Simply define this symbol here to satisfy the linker. */
-int _fltused = 1;
+int  GLOBAL_USED _fltused = 1;
 
 /* Sets buffers to a specified character */

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/OpensslLib/OpensslLib.inf

@@ -2 +2 @@
 #  This module provides OpenSSL Library implementation.
 #
-#  Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
+#  (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -23 +24 @@
 
 [Sources]
-  buildinf.h
-  rand_pool_noise.h
   $(OPENSSL_PATH)/e_os.h
+  $(OPENSSL_PATH)/ms/uplink.h
 # Autogenerated files list starts here
   $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
   $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
   $(OPENSSL_PATH)/crypto/aes/aes_core.c
-  $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
   $(OPENSSL_PATH)/crypto/aes/aes_ige.c
   $(OPENSSL_PATH)/crypto/aes/aes_misc.c
   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
   $(OPENSSL_PATH)/crypto/aria/aria.c
-  $(OPENSSL_PATH)/crypto/arm_arch.h
   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
@@ -102 +99 @@
   $(OPENSSL_PATH)/crypto/asn1/x_spki.c
   $(OPENSSL_PATH)/crypto/asn1/x_val.c
-  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
-  $(OPENSSL_PATH)/crypto/asn1/charmap.h
-  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
-  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
-  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
   $(OPENSSL_PATH)/crypto/async/arch/async_null.c
   $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
@@ -113 +105 @@
   $(OPENSSL_PATH)/crypto/async/async_err.c
   $(OPENSSL_PATH)/crypto/async/async_wait.c
-  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
-  $(OPENSSL_PATH)/crypto/async/async_locl.h
-  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
-  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
   $(OPENSSL_PATH)/crypto/bio/b_addr.c
   $(OPENSSL_PATH)/crypto/bio/b_dump.c
@@ -139 +127 @@
   $(OPENSSL_PATH)/crypto/bio/bss_null.c
   $(OPENSSL_PATH)/crypto/bio/bss_sock.c
-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
   $(OPENSSL_PATH)/crypto/bn/bn_add.c
   $(OPENSSL_PATH)/crypto/bn/bn_asm.c
@@ -171 +158 @@
   $(OPENSSL_PATH)/crypto/bn/bn_word.c
   $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
-  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
-  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
   $(OPENSSL_PATH)/crypto/buffer/buf_err.c
   $(OPENSSL_PATH)/crypto/buffer/buffer.c
@@ -182 +166 @@
   $(OPENSSL_PATH)/crypto/comp/comp_err.c
   $(OPENSSL_PATH)/crypto/comp/comp_lib.c
-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
   $(OPENSSL_PATH)/crypto/conf/conf_api.c
   $(OPENSSL_PATH)/crypto/conf/conf_def.c
@@ -191 +174 @@
   $(OPENSSL_PATH)/crypto/conf/conf_sap.c
   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
-  $(OPENSSL_PATH)/crypto/conf/conf_def.h
   $(OPENSSL_PATH)/crypto/cpt_err.c
   $(OPENSSL_PATH)/crypto/cryptlib.c
   $(OPENSSL_PATH)/crypto/ctype.c
   $(OPENSSL_PATH)/crypto/cversion.c
-  $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
-  $(OPENSSL_PATH)/crypto/des/cbc_enc.c
-  $(OPENSSL_PATH)/crypto/des/cfb64ede.c
-  $(OPENSSL_PATH)/crypto/des/cfb64enc.c
-  $(OPENSSL_PATH)/crypto/des/cfb_enc.c
-  $(OPENSSL_PATH)/crypto/des/des_enc.c
-  $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
-  $(OPENSSL_PATH)/crypto/des/ecb_enc.c
-  $(OPENSSL_PATH)/crypto/des/fcrypt.c
-  $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
-  $(OPENSSL_PATH)/crypto/des/ofb64ede.c
-  $(OPENSSL_PATH)/crypto/des/ofb64enc.c
-  $(OPENSSL_PATH)/crypto/des/ofb_enc.c
-  $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
-  $(OPENSSL_PATH)/crypto/des/qud_cksm.c
-  $(OPENSSL_PATH)/crypto/des/rand_key.c
-  $(OPENSSL_PATH)/crypto/des/set_key.c
-  $(OPENSSL_PATH)/crypto/des/str2key.c
-  $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
-  $(OPENSSL_PATH)/crypto/des/spr.h
-  $(OPENSSL_PATH)/crypto/des/des_locl.h
   $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
   $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
@@ -232 +192 @@
   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
   $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
   $(OPENSSL_PATH)/crypto/dso/dso_dl.c
   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
@@ -240 +199 @@
   $(OPENSSL_PATH)/crypto/dso/dso_vms.c
   $(OPENSSL_PATH)/crypto/dso/dso_win32.c
-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
   $(OPENSSL_PATH)/crypto/ebcdic.c
   $(OPENSSL_PATH)/crypto/err/err.c
@@ -305 +263 @@
   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
   $(OPENSSL_PATH)/crypto/ex_data.c
   $(OPENSSL_PATH)/crypto/getenv.c
@@ -311 +268 @@
   $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
   $(OPENSSL_PATH)/crypto/hmac/hmac.c
-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
   $(OPENSSL_PATH)/crypto/init.c
   $(OPENSSL_PATH)/crypto/kdf/hkdf.c
@@ -319 +275 @@
   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
   $(OPENSSL_PATH)/crypto/lhash/lhash.c
-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
-  $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
-  $(OPENSSL_PATH)/crypto/md4/md4_one.c
-  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
   $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
   $(OPENSSL_PATH)/crypto/md5/md5_one.c
-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
   $(OPENSSL_PATH)/crypto/mem.c
   $(OPENSSL_PATH)/crypto/mem_clr.c
@@ -340 +291 @@
   $(OPENSSL_PATH)/crypto/modes/wrap128.c
   $(OPENSSL_PATH)/crypto/modes/xts128.c
-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
   $(OPENSSL_PATH)/crypto/o_dir.c
   $(OPENSSL_PATH)/crypto/o_fips.c
@@ -352 +302 @@
   $(OPENSSL_PATH)/crypto/objects/obj_lib.c
   $(OPENSSL_PATH)/crypto/objects/obj_xref.c
-  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
-  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
@@ -365 +312 @@
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
   $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
   $(OPENSSL_PATH)/crypto/pem/pem_all.c
   $(OPENSSL_PATH)/crypto/pem/pem_err.c
@@ -393 +339 @@
   $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
   $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
   $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
@@ -402 +347 @@
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
-  $(OPENSSL_PATH)/crypto/ppc_arch.h
   $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
   $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
@@ -411 +355 @@
   $(OPENSSL_PATH)/crypto/rand/rand_vms.c
   $(OPENSSL_PATH)/crypto/rand/rand_win.c
-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
-  $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
-  $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
-  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
@@ -437 +377 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
-  $(OPENSSL_PATH)/crypto/s390x_arch.h
   $(OPENSSL_PATH)/crypto/sha/keccak1600.c
   $(OPENSSL_PATH)/crypto/sha/sha1_one.c
@@ -444 +382 @@
   $(OPENSSL_PATH)/crypto/sha/sha256.c
   $(OPENSSL_PATH)/crypto/sha/sha512.c
-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
   $(OPENSSL_PATH)/crypto/siphash/siphash.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
-  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
   $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
   $(OPENSSL_PATH)/crypto/sm3/sm3.c
-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
   $(OPENSSL_PATH)/crypto/sm4/sm4.c
   $(OPENSSL_PATH)/crypto/stack/stack.c
-  $(OPENSSL_PATH)/crypto/sparc_arch.h
   $(OPENSSL_PATH)/crypto/threads_none.c
   $(OPENSSL_PATH)/crypto/threads_pthread.c
@@ -464 +398 @@
   $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
   $(OPENSSL_PATH)/crypto/ui/ui_util.c
-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
-  $(OPENSSL_PATH)/crypto/vms_rms.h
   $(OPENSSL_PATH)/crypto/uid.c
   $(OPENSSL_PATH)/crypto/x509/by_dir.c
@@ -503 +435 @@
   $(OPENSSL_PATH)/crypto/x509/x_x509.c
   $(OPENSSL_PATH)/crypto/x509/x_x509a.c
-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
   $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
   $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
@@ -541 +472 @@
   $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
   $(OPENSSL_PATH)/crypto/x509v3/v3err.c
+  $(OPENSSL_PATH)/crypto/arm_arch.h
+  $(OPENSSL_PATH)/crypto/mips_arch.h
+  $(OPENSSL_PATH)/crypto/ppc_arch.h
+  $(OPENSSL_PATH)/crypto/s390x_arch.h
+  $(OPENSSL_PATH)/crypto/sparc_arch.h
+  $(OPENSSL_PATH)/crypto/vms_rms.h
+  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+  $(OPENSSL_PATH)/crypto/asn1/charmap.h
+  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+  $(OPENSSL_PATH)/crypto/async/async_locl.h
+  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
+  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
+  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
+  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+  $(OPENSSL_PATH)/crypto/conf/conf_def.h
+  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
+  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
+  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/store/store_locl.h
+  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
   $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+  $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
-  $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
-  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
-  $(OPENSSL_PATH)/ms/uplink.h
   $(OPENSSL_PATH)/ssl/bio_ssl.c
   $(OPENSSL_PATH)/ssl/d1_lib.c
@@ -590 +563 @@
   $(OPENSSL_PATH)/ssl/tls13_enc.c
   $(OPENSSL_PATH)/ssl/tls_srp.c
+  $(OPENSSL_PATH)/ssl/packet_locl.h
+  $(OPENSSL_PATH)/ssl/ssl_cert_table.h
+  $(OPENSSL_PATH)/ssl/ssl_locl.h
+  $(OPENSSL_PATH)/ssl/record/record.h
   $(OPENSSL_PATH)/ssl/record/record_locl.h
   $(OPENSSL_PATH)/ssl/statem/statem.h
   $(OPENSSL_PATH)/ssl/statem/statem_locl.h
-  $(OPENSSL_PATH)/ssl/ssl_locl.h
-  $(OPENSSL_PATH)/ssl/record/record.h
-  $(OPENSSL_PATH)/ssl/ssl_cert_table.h
-  $(OPENSSL_PATH)/ssl/packet_locl.h
 # Autogenerated files list ends here
-
+  buildinf.h
+  rand_pool_noise.h
   ossl_store.c
   rand_pool.c
@@ -661 +635 @@
   GCC:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
   GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+  GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=format -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
   GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
   GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-function-declaration -Wno-error=ignored-pragma-optimize
 
   # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

@@ -2 +2 @@
 #  This module provides OpenSSL Library implementation.
 #
-#  Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
+#  (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -29 +30 @@
   $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
   $(OPENSSL_PATH)/crypto/aes/aes_core.c
-  $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
   $(OPENSSL_PATH)/crypto/aes/aes_ige.c
   $(OPENSSL_PATH)/crypto/aes/aes_misc.c
   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
   $(OPENSSL_PATH)/crypto/aria/aria.c
-  $(OPENSSL_PATH)/crypto/arm_arch.h
   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
@@ -101 +99 @@
   $(OPENSSL_PATH)/crypto/asn1/x_spki.c
   $(OPENSSL_PATH)/crypto/asn1/x_val.c
-  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
-  $(OPENSSL_PATH)/crypto/asn1/charmap.h
-  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
-  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
-  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
   $(OPENSSL_PATH)/crypto/async/arch/async_null.c
   $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
   $(OPENSSL_PATH)/crypto/async/arch/async_win.c
-  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
-  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
-  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
   $(OPENSSL_PATH)/crypto/async/async.c
   $(OPENSSL_PATH)/crypto/async/async_err.c
   $(OPENSSL_PATH)/crypto/async/async_wait.c
-  $(OPENSSL_PATH)/crypto/async/async_locl.h
   $(OPENSSL_PATH)/crypto/bio/b_addr.c
   $(OPENSSL_PATH)/crypto/bio/b_dump.c
@@ -138 +127 @@
   $(OPENSSL_PATH)/crypto/bio/bss_null.c
   $(OPENSSL_PATH)/crypto/bio/bss_sock.c
-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
   $(OPENSSL_PATH)/crypto/bn/bn_add.c
   $(OPENSSL_PATH)/crypto/bn/bn_asm.c
@@ -170 +158 @@
   $(OPENSSL_PATH)/crypto/bn/bn_word.c
   $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
-  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
-  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
   $(OPENSSL_PATH)/crypto/buffer/buf_err.c
   $(OPENSSL_PATH)/crypto/buffer/buffer.c
@@ -181 +166 @@
   $(OPENSSL_PATH)/crypto/comp/comp_err.c
   $(OPENSSL_PATH)/crypto/comp/comp_lib.c
-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
   $(OPENSSL_PATH)/crypto/conf/conf_api.c
   $(OPENSSL_PATH)/crypto/conf/conf_def.c
@@ -190 +174 @@
   $(OPENSSL_PATH)/crypto/conf/conf_sap.c
   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
-  $(OPENSSL_PATH)/crypto/conf/conf_def.h
   $(OPENSSL_PATH)/crypto/cpt_err.c
   $(OPENSSL_PATH)/crypto/cryptlib.c
   $(OPENSSL_PATH)/crypto/ctype.c
   $(OPENSSL_PATH)/crypto/cversion.c
-  $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
-  $(OPENSSL_PATH)/crypto/des/cbc_enc.c
-  $(OPENSSL_PATH)/crypto/des/cfb64ede.c
-  $(OPENSSL_PATH)/crypto/des/cfb64enc.c
-  $(OPENSSL_PATH)/crypto/des/cfb_enc.c
-  $(OPENSSL_PATH)/crypto/des/des_enc.c
-  $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
-  $(OPENSSL_PATH)/crypto/des/ecb_enc.c
-  $(OPENSSL_PATH)/crypto/des/fcrypt.c
-  $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
-  $(OPENSSL_PATH)/crypto/des/ofb64ede.c
-  $(OPENSSL_PATH)/crypto/des/ofb64enc.c
-  $(OPENSSL_PATH)/crypto/des/ofb_enc.c
-  $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
-  $(OPENSSL_PATH)/crypto/des/qud_cksm.c
-  $(OPENSSL_PATH)/crypto/des/rand_key.c
-  $(OPENSSL_PATH)/crypto/des/set_key.c
-  $(OPENSSL_PATH)/crypto/des/str2key.c
-  $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
-  $(OPENSSL_PATH)/crypto/des/spr.h
-  $(OPENSSL_PATH)/crypto/des/des_locl.h
   $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
   $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
@@ -231 +192 @@
   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
   $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
   $(OPENSSL_PATH)/crypto/dso/dso_dl.c
   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
@@ -239 +199 @@
   $(OPENSSL_PATH)/crypto/dso/dso_vms.c
   $(OPENSSL_PATH)/crypto/dso/dso_win32.c
-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
   $(OPENSSL_PATH)/crypto/ebcdic.c
   $(OPENSSL_PATH)/crypto/err/err.c
@@ -281 +240 @@
   $(OPENSSL_PATH)/crypto/evp/m_md2.c
   $(OPENSSL_PATH)/crypto/evp/m_md4.c
-  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
   $(OPENSSL_PATH)/crypto/evp/m_md5.c
   $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
@@ -305 +263 @@
   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
   $(OPENSSL_PATH)/crypto/ex_data.c
   $(OPENSSL_PATH)/crypto/getenv.c
@@ -311 +268 @@
   $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
   $(OPENSSL_PATH)/crypto/hmac/hmac.c
-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
   $(OPENSSL_PATH)/crypto/init.c
   $(OPENSSL_PATH)/crypto/kdf/hkdf.c
@@ -319 +275 @@
   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
   $(OPENSSL_PATH)/crypto/lhash/lhash.c
-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
-  $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
-  $(OPENSSL_PATH)/crypto/md4/md4_one.c
   $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
   $(OPENSSL_PATH)/crypto/md5/md5_one.c
-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
   $(OPENSSL_PATH)/crypto/mem.c
   $(OPENSSL_PATH)/crypto/mem_clr.c
@@ -339 +291 @@
   $(OPENSSL_PATH)/crypto/modes/wrap128.c
   $(OPENSSL_PATH)/crypto/modes/xts128.c
-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
   $(OPENSSL_PATH)/crypto/o_dir.c
   $(OPENSSL_PATH)/crypto/o_fips.c
@@ -351 +302 @@
   $(OPENSSL_PATH)/crypto/objects/obj_lib.c
   $(OPENSSL_PATH)/crypto/objects/obj_xref.c
-  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
-  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
@@ -364 +312 @@
   $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
   $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
   $(OPENSSL_PATH)/crypto/pem/pem_all.c
   $(OPENSSL_PATH)/crypto/pem/pem_err.c
@@ -400 +347 @@
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
-  $(OPENSSL_PATH)/crypto/ppc_arch.h
   $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
   $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
@@ -410 +355 @@
   $(OPENSSL_PATH)/crypto/rand/rand_vms.c
   $(OPENSSL_PATH)/crypto/rand/rand_win.c
-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
-  $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
-  $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
-  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
@@ -436 +377 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
   $(OPENSSL_PATH)/crypto/sha/keccak1600.c
   $(OPENSSL_PATH)/crypto/sha/sha1_one.c
@@ -442 +382 @@
   $(OPENSSL_PATH)/crypto/sha/sha256.c
   $(OPENSSL_PATH)/crypto/sha/sha512.c
-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
   $(OPENSSL_PATH)/crypto/siphash/siphash.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
-  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
   $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
   $(OPENSSL_PATH)/crypto/sm3/sm3.c
-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
   $(OPENSSL_PATH)/crypto/sm4/sm4.c
   $(OPENSSL_PATH)/crypto/stack/stack.c
-  $(OPENSSL_PATH)/crypto/s390x_arch.h
-  $(OPENSSL_PATH)/crypto/sparc_arch.h
   $(OPENSSL_PATH)/crypto/threads_none.c
   $(OPENSSL_PATH)/crypto/threads_pthread.c
@@ -463 +398 @@
   $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
   $(OPENSSL_PATH)/crypto/ui/ui_util.c
-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
   $(OPENSSL_PATH)/crypto/uid.c
-  $(OPENSSL_PATH)/crypto/vms_rms.h
   $(OPENSSL_PATH)/crypto/x509/by_dir.c
   $(OPENSSL_PATH)/crypto/x509/by_file.c
@@ -502 +435 @@
   $(OPENSSL_PATH)/crypto/x509/x_x509.c
   $(OPENSSL_PATH)/crypto/x509/x_x509a.c
-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
   $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
   $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
@@ -540 +472 @@
   $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
   $(OPENSSL_PATH)/crypto/x509v3/v3err.c
+  $(OPENSSL_PATH)/crypto/arm_arch.h
+  $(OPENSSL_PATH)/crypto/mips_arch.h
+  $(OPENSSL_PATH)/crypto/ppc_arch.h
+  $(OPENSSL_PATH)/crypto/s390x_arch.h
+  $(OPENSSL_PATH)/crypto/sparc_arch.h
+  $(OPENSSL_PATH)/crypto/vms_rms.h
+  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+  $(OPENSSL_PATH)/crypto/asn1/charmap.h
+  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+  $(OPENSSL_PATH)/crypto/async/async_locl.h
+  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
+  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
+  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
+  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+  $(OPENSSL_PATH)/crypto/conf/conf_def.h
+  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
+  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
+  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/store/store_locl.h
+  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
   $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+  $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
-  $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
-  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
 # Autogenerated files list ends here
   buildinf.h
@@ -609 +584 @@
   GCC:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
   GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+  GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
   GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
   GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-function-declaration -Wno-error=ignored-pragma-optimize
 
   # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/OpensslLib/process_files.pl

@@ -3 +3 @@
 # This script runs the OpenSSL Configure script, then processes the
 # resulting file list into our local OpensslLib[Crypto].inf and also
-# takes a copy of opensslconf.h.
+# takes copies of opensslconf.h and dso_conf.h.
 #
 # This only needs to be done once by a developer when updating to a
@@ -52 +52 @@
                 "no-asm",
                 "no-async",
-                "no-autoalginit",
                 "no-autoerrinit",
                 "no-autoload-config",
@@ -64 +63 @@
                 "no-ct",
                 "no-deprecated",
+                "no-des",
                 "no-dgram",
                 "no-dsa",
@@ -75 +75 @@
                 "no-hw",
                 "no-idea",
+                "no-md4",
                 "no-mdc2",
                 "no-pic",
@@ -81 +82 @@
                 "no-posix-io",
                 "no-rc2",
+                "no-rc4",
                 "no-rfc3779",
                 "no-rmd160",
@@ -107 +109 @@
                     die "Failed to generate opensslconf.h!\n";
 
+            # Generate dso_conf.h per config data
+            system(
+                "perl -I. -Mconfigdata util/dofile.pl " .
+                "crypto/include/internal/dso_conf.h.in " .
+                "> include/internal/dso_conf.h"
+                ) == 0 ||
+                    die "Failed to generate dso_conf.h!\n";
+
             chdir($basedir) ||
                 die "Cannot change to base directory \"" . $basedir . "\"";
@@ -135 +145 @@
             next if $s =~ "crypto/store/";
             next if $s =~ "crypto/err/err_all.c";
+            next if $s =~ "crypto/aes/aes_ecb.c";
 
             if ($product =~ "libssl") {
@@ -144 +155 @@
     }
 }
+
+
+#
+# Update the perl script to generate the missing header files
+#
+my @dir_list = ();
+for (sort keys %{$unified_info{dirinfo}}){
+  push @dir_list,$_;
+}
+
+my $dir = getcwd();
+my @files = ();
+my @headers = ();
+chdir ("openssl");
+foreach(@dir_list){
+  @files = glob($_."/*.h");
+  push @headers, @files;
+}
+chdir ($dir);
+
+foreach (@headers){
+  if(/ssl/){
+    push @sslfilelist, '  $(OPENSSL_PATH)/' . $_ . "\r\n";
+    next;
+  }
+  push @cryptofilelist, '  $(OPENSSL_PATH)/' . $_ . "\r\n";
+}
+
 
 #
@@ -222 +261 @@
 
 #
-# Copy opensslconf.h generated from OpenSSL Configuration
+# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
 #
 print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
@@ -228 +267 @@
      $OPENSSL_PATH . "/../../Include/openssl/") ||
    die "Cannot copy opensslconf.h!";
+print "Done!";
+print "\n--> Duplicating dso_conf.h into Include/internal ... ";
+copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
+     $OPENSSL_PATH . "/../../Include/internal/") ||
+   die "Cannot copy dso_conf.h!";
 print "Done!\n";
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/OpensslLib/rand_pool.c

@@ -134 +134 @@
 
   //
-  // Chose an arbitary key and zero the feed_forward_value (FFV)
+  // Chose an arbitrary key and zero the feed_forward_value (FFV)
   //
   for (Index = 0; Index < 16; Index++) {
@@ -292 +292 @@
 
 /*
- * Dummy Implememtation for UEFI
+ * Dummy Implementation for UEFI
  *
  * This is OpenSSL required interface.
@@ -302 +302 @@
 
 /*
- * Dummy Implememtation for UEFI
+ * Dummy Implementation for UEFI
  *
  * This is OpenSSL required interface.
@@ -311 +311 @@
 
 /*
- * Dummy Implememtation for UEFI
+ * Dummy Implementation for UEFI
  *
  * This is OpenSSL required interface.

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/OpensslLib/rand_pool_noise.c

@@ -23 +23 @@
 {
   //
-  // Return FALSE will fallback to use PerformaceCounter to
+  // Return FALSE will fallback to use PerformanceCounter to
   // generate noise.
   //

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/TlsLib/TlsConfig.c

@@ -2 +2 @@
   SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -499 +499 @@
 
 /**
+  Set the specified host name to be verified.
+
+  @param[in]  Tls           Pointer to the TLS object.
+  @param[in]  Flags         The setting flags during the validation.
+  @param[in]  HostName      The specified host name to be verified.
+
+  @retval  EFI_SUCCESS           The HostName setting was set successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_ABORTED           Invalid HostName setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVerifyHost (
+  IN     VOID                     *Tls,
+  IN     UINT32                   Flags,
+  IN     CHAR8                    *HostName
+  )
+{
+  TLS_CONNECTION    *TlsConn;
+  X509_VERIFY_PARAM *VerifyParam;
+  UINTN             BinaryAddressSize;
+  UINT8             BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
+  INTN              ParamStatus;
+
+  TlsConn = (TLS_CONNECTION *) Tls;
+  if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
+     return EFI_INVALID_PARAMETER;
+  }
+
+  SSL_set_hostflags(TlsConn->Ssl, Flags);
+
+  VerifyParam = SSL_get0_param (TlsConn->Ssl);
+  ASSERT (VerifyParam != NULL);
+
+  BinaryAddressSize = 0;
+  if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {
+    BinaryAddressSize = NS_IN6ADDRSZ;
+  } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {
+    BinaryAddressSize = NS_INADDRSZ;
+  }
+
+  if (BinaryAddressSize > 0) {
+    DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
+      "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
+      (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
+    ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
+                    BinaryAddressSize);
+  } else {
+    ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
+  }
+
+  return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
+}
+
+/**
   Sets a TLS/SSL session ID to be used during TLS/SSL connect.
 

trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/TlsLib/TlsLib.inf

@@ -3 +3 @@
 #
 #  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
-#  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+#  (C) Copyright 2016-2020 Hewlett Packard Enterprise Development LP<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -20 +20 @@
 # The following information is for reference only and not required by the build tools.
 #
-#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64 RISCV64
 #