From: "Alexey Kardashevskiy via groups.io" <aik=amd.com@groups.io>
To: devel@edk2.groups.io, wenxing.hou@intel.com
Cc: Jiewen Yao <jiewen.yao@intel.com>, Yi Li <yi1.li@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 06/11] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
Date: Tue, 12 Dec 2023 14:52:02 +1100 [thread overview]
Message-ID: <1849bef7-bbb4-487d-b374-f09a7afc9e7f@amd.com> (raw)
In-Reply-To: <20230928153416.537-7-wenxing.hou@intel.com>
Hi,
This broke build:
nice build -q --cmd-len=64436 -n 20 -t GCC5 -a X64 -p OvmfPkg/OvmfPkgX64.dsc
build.py...
/home/aik/p/o-snp/CryptoPkg/CryptoPkg.dec(32): error 000E:
File/directory not found in workspace
/home/aik/p/o-snp/CryptoPkg/Library/MbedTlsLib/mbedtls/include
What am I missing? Thanks,
On 29/9/23 01:34, Wenxing Hou via groups.io wrote:
> Add .inf files and other support files.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Yi Li <yi1.li@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
> ---
> CryptoPkg/CryptoPkg.dec | 4 +
> CryptoPkg/CryptoPkgMbedTls.dsc | 280 +++++++++++
> .../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 +++
> .../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 ++++
> .../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 +
> .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 ++++
> .../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 +
> .../BaseCryptLibMbedTls/SecCryptLib.inf | 84 ++++
> .../BaseCryptLibMbedTls/SecCryptLib.uni | 17 +
> .../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 ++++
> .../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 +
> .../SysCall/ConstantTimeClock.c | 75 +++
> .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 +++
> .../SysCall/RuntimeMemAllocation.c | 462 ++++++++++++++++++
> .../SysCall/TimerWrapper.c | 198 ++++++++
> .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 76 +++
> CryptoPkg/Library/Include/stdint.h | 19 +
> CryptoPkg/Library/Include/stubs-32.h | 9 +
> CryptoPkg/Library/MbedTlsLib/EcSm2Null.c | 2 +-
> 19 files changed, 1718 insertions(+), 1 deletion(-)
> create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
> create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
> create mode 100644 CryptoPkg/Library/Include/stdint.h
> create mode 100644 CryptoPkg/Library/Include/stubs-32.h
>
> diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
> index 0c7d16109b..a5fa81a338 100644
> --- a/CryptoPkg/CryptoPkg.dec
> +++ b/CryptoPkg/CryptoPkg.dec
> @@ -27,6 +27,10 @@
> Library/OpensslLib/openssl/providers/implementations/include
> Library/OpensslLib/OpensslGen/include
> Library/OpensslLib/OpensslGen/providers/common/include
> + Library/MbedTlsLib/Include
> + Library/MbedTlsLib/mbedtls
> + Library/MbedTlsLib/mbedtls/include
> + Library/MbedTlsLib/mbedtls/include/mbedtls
>
> [LibraryClasses]
> ## @libraryclass Provides basic library functions for cryptographic primitives.
> diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc
> new file mode 100644
> index 0000000000..5d0ae6ff3f
> --- /dev/null
> +++ b/CryptoPkg/CryptoPkgMbedTls.dsc
> @@ -0,0 +1,280 @@
> +## @file
> +# Cryptographic Library Package for UEFI Security Implementation.
> +# PEIM, DXE Driver, and SMM Driver with all crypto services enabled.
> +#
> +# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +################################################################################
> +#
> +# Defines Section - statements that will be processed to create a Makefile.
> +#
> +################################################################################
> +[Defines]
> + PLATFORM_NAME = CryptoPkg
> + PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
> + PLATFORM_VERSION = 0.98
> + DSC_SPECIFICATION = 0x00010005
> + OUTPUT_DIRECTORY = Build/CryptoPkgMbed
> + SUPPORTED_ARCHITECTURES = IA32|X64|ARM|AARCH64|RISCV64
> + BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> + SKUID_IDENTIFIER = DEFAULT
> +
> +!ifndef CRYPTO_IMG_TYPE
> + DEFINE CRYPTO_IMG_TYPE = DXE_SMM
> +!endif
> +
> +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM DXE_SMM"
> +!else
> + !error CRYPTO_IMG_TYPE must be set to one of PEI_DEFAULT PEI_PREMEM DXE_SMM.
> +!endif
> +
> +################################################################################
> +#
> +# Library Class section - list of all Library Classes needed by this Platform.
> +#
> +################################################################################
> +
> +!include MdePkg/MdeLibs.dsc.inc
> +[LibraryClasses]
> + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
> + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
> + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> + HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
> +
> +[LibraryClasses.ARM, LibraryClasses.AARCH64]
> + #
> + # It is not possible to prevent the ARM compiler for generic intrinsic functions.
> + # This library provides the instrinsic functions generate by a given compiler.
> + # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
> + # into all ARM and AARCH64 images.
> + #
> + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
> +
> + # Add support for stack protector
> + NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
> +
> +[LibraryClasses.common.PEIM]
> + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
> + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
> + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
> + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
> + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
> +
> +[LibraryClasses.common.DXE_SMM_DRIVER]
> + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
> + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
> + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
> +
> +[LibraryClasses]
> + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
> + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
> + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
> + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
> + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
> + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
> + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
> + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
> + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
> +
> +[LibraryClasses.ARM]
> + ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
> +
> +[LibraryClasses.common.PEIM]
> + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
> + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
> + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> +
> +[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]
> + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
> +
> +[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM]
> + PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
> +
> +[LibraryClasses.common.DXE_DRIVER]
> + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
> + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> +
> +[LibraryClasses.common.DXE_SMM_DRIVER]
> + ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
> + TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> +
> +################################################################################
> +#
> +# Pcd Section - list of all EDK II PCD Entries defined by this Platform
> +#
> +################################################################################
> +[PcdsFixedAtBuild]
> + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0f
> + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000
> + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
> +
> +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +!endif
> +
> +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT"
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.GetContextSize | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Init | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Final | TRUE
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.GetContextSize | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Init | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Final | TRUE
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.GetContextSize | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Init | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Final | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.HashAll | TRUE
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.GetContextSize | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Init | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Final | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.HashAll | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Duplicate | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.New | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Free | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.SetKey | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Duplicate | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Final | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services.Sha256ExtractAndExpand | TRUE
> +!endif
> +
> +!if $(CRYPTO_IMG_TYPE) IN "PEI_PREMEM"
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.GetContextSize | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Init | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Final | TRUE
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.GetContextSize | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Init | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Final | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.HashAll | TRUE
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.GetContextSize | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Init | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Update | TRUE
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Final | TRUE
> +!endif
> +
> +###################################################################################################
> +#
> +# Components Section - list of the modules and components that will be processed by compilation
> +# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
> +#
> +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
> +# into firmware volume images. This section is just a list of modules to compile from
> +# source into UEFI-compliant binaries.
> +# It is the FDF file that contains information on combining binary files into firmware
> +# volume images, whose concept is beyond UEFI and is described in PI specification.
> +# Binary modules do not need to be listed in this section, as they should be
> +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
> +# Logo (Logo.bmp), and etc.
> +# There may also be modules listed in this section that are not required in the FDF file,
> +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
> +# generated for it, but the binary will not be put into any firmware volume.
> +#
> +###################################################################################################
> +
> +!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM"
> +[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
> + CryptoPkg/Driver/CryptoPei.inf {
> + <Defines>
> + !if "$(CRYPTO_SERVICES)" == "ALL"
> + FILE_GUID = 8DF53C2E-3380-495F-A8B7-370CFE28E1C6
> + !elseif "$(CRYPTO_SERVICES)" == "NONE"
> + FILE_GUID = E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF
> + !elseif "$(CRYPTO_SERVICES)" == "MIN_PEI"
> + FILE_GUID = 0F5827A9-35FD-4F41-8D38-9BAFCE594D31
> + !endif
> + }
> +!endif
> +
> +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
> +[Components.IA32, Components.X64, Components.AARCH64]
> + CryptoPkg/Driver/CryptoDxe.inf {
> + <Defines>
> + !if "$(CRYPTO_SERVICES)" == "ALL"
> + FILE_GUID = D9444B06-060D-42C5-9344-F04707BE0169
> + !elseif "$(CRYPTO_SERVICES)" == "NONE"
> + FILE_GUID = C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A
> + !elseif "$(CRYPTO_SERVICES)" == MIN_DXE_MIN_SMM
> + FILE_GUID = DDF5BE9E-159A-4B77-B6D7-82B84B5763A2
> + !endif
> + }
> +
> +[Components.IA32, Components.X64]
> + CryptoPkg/Driver/CryptoSmm.inf {
> + <Defines>
> + !if "$(CRYPTO_SERVICES)" == "ALL"
> + FILE_GUID = A3542CE8-77F7-49DC-A834-45D37D2EC1FA
> + !elseif "$(CRYPTO_SERVICES)" == "NONE"
> + FILE_GUID = 6DCB3127-01E7-4131-A487-DC77A965A541
> + !elseif "$(CRYPTO_SERVICES)" == MIN_DXE_MIN_SMM
> + FILE_GUID = 85F7EA15-3A2B-474A-8875-180542CD6BF3
> + !endif
> + }
> +!endif
> +
> +[BuildOptions]
> + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
> + MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> + INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> + GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
> + RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
> +!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
> + MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096
> + GCC:*_GCC*_*_DLINK_FLAGS = -z common-page-size=0x1000
> +!endif
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
> new file mode 100644
> index 0000000000..16def792c5
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
> @@ -0,0 +1,81 @@
> +## @file
> +# Cryptographic Library Instance for DXE_DRIVER.
> +#
> +# Caution: This module requires additional review when modified.
> +# This library will have external input - signature.
> +# This external input must be validated carefully to avoid security issues such as
> +# buffer overflow or integer overflow.
> +#
> +# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = BaseCryptLib
> + FILE_GUID = 693C5308-AF95-4CE5-ADE9-CA011C2FC642
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
> +
> +#
> +# The following information is for reference only and not required by the build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> +#
> +
> +[Sources]
> + InternalCryptLib.h
> + Cipher/CryptAeadAesGcmNull.c
> + Cipher/CryptAes.c
> + Hash/CryptSha256.c
> + Hash/CryptSha512.c
> + Hash/CryptParallelHashNull.c
> + Hash/CryptSm3Null.c
> + Hash/CryptMd5.c
> + Hash/CryptSha1.c
> + Hmac/CryptHmac.c
> + Kdf/CryptHkdf.c
> + Pk/CryptRsaBasic.c
> + Pk/CryptRsaExtNull.c
> + Pk/CryptRsaPss.c
> + Pk/CryptRsaPssSignNull.c
> + Bn/CryptBnNull.c
> + Pem/CryptPemNull.c
> + Pk/CryptDhNull.c
> + Pk/CryptEcNull.c
> + Pk/CryptPkcs1OaepNull.c
> + Pk/CryptPkcs5Pbkdf2Null.c
> + Pk/CryptPkcs7SignNull.c
> + Pk/CryptPkcs7VerifyNull.c
> + Pk/CryptPkcs7VerifyEkuNull.c
> + Pk/CryptX509Null.c
> + Pk/CryptAuthenticodeNull.c
> + Pk/CryptTsNull.c
> + Rand/CryptRandNull.c
> + SysCall/CrtWrapper.c
> + SysCall/TimerWrapper.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + MemoryAllocationLib
> + UefiRuntimeServicesTableLib
> + DebugLib
> + MbedTlsLib
> + PrintLib
> + IntrinsicLib
> + RngLib
> + SynchronizationLib
> +[Protocols]
> + gEfiMpServiceProtocolGuid
> +#
> +# Remove these [BuildOptions] after this library is cleaned up
> +#
> +[BuildOptions]
> + MSFT:*_*_*_CC_FLAGS = /GL-
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
> new file mode 100644
> index 0000000000..72b22a24e8
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
> @@ -0,0 +1,101 @@
> +## @file
> +# Cryptographic Library Instance for PEIM.
> +#
> +# Caution: This module requires additional review when modified.
> +# This library will have external input - signature.
> +# This external input must be validated carefully to avoid security issues such as
> +# buffer overflow or integer overflow.
> +#
> +# Note:
> +# HMAC-SHA256 functions, AES functions, RSA external
> +# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
> +# certificate handler functions, authenticode signature verification functions,
> +# PEM handler functions, and pseudorandom number generator functions are not
> +# supported in this instance.
> +#
> +# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = PeiCryptLib
> + MODULE_UNI_FILE = PeiCryptLib.uni
> + FILE_GUID = 91E0A3C3-37A7-4AEE-8689-C5B0AD2C8E63
> + MODULE_TYPE = PEIM
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE
> +
> +#
> +# The following information is for reference only and not required by the build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64
> +#
> +
> +[Sources]
> + InternalCryptLib.h
> + Hash/CryptMd5.c
> + Hash/CryptSha1.c
> + Hash/CryptSha256.c
> + Hash/CryptSm3Null.c
> + Hash/CryptSha512.c
> + Hash/CryptParallelHashNull.c
> + Hmac/CryptHmac.c
> + Kdf/CryptHkdf.c
> + Cipher/CryptAes.c
> + Cipher/CryptAeadAesGcmNull.c
> + Pk/CryptRsaBasic.c
> + Pk/CryptRsaExtNull.c
> + Pk/CryptRsaPss.c
> + Pk/CryptRsaPssSignNull.c
> + Bn/CryptBnNull.c
> + Pem/CryptPemNull.c
> + Pk/CryptDhNull.c
> + Pk/CryptEcNull.c
> + Pk/CryptPkcs1OaepNull.c
> + Pk/CryptPkcs5Pbkdf2Null.c
> + Pk/CryptPkcs7SignNull.c
> + Pk/CryptPkcs7VerifyNull.c
> + Pk/CryptPkcs7VerifyEkuNull.c
> + Pk/CryptX509Null.c
> + Pk/CryptAuthenticodeNull.c
> + Pk/CryptTsNull.c
> + Rand/CryptRandNull.c
> + SysCall/CrtWrapper.c
> + SysCall/ConstantTimeClock.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + MemoryAllocationLib
> + DebugLib
> + MbedTlsLib
> + IntrinsicLib
> + PrintLib
> + PeiServicesTablePointerLib
> + PeiServicesLib
> + SynchronizationLib
> +
> +[Ppis]
> + gEfiPeiMpServicesPpiGuid
> +#
> +# Remove these [BuildOptions] after this library is cleaned up
> +#
> +[BuildOptions]
> + #
> + # suppress the following warnings so we do not break the build with warnings-as-errors:
> + # C4090: 'function' : different 'const' qualifiers
> + # C4718: 'function call' : recursive call has no side effects, deleting
> + #
> + MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
> +
> + GCC:*_CLANG35_*_CC_FLAGS = -std=c99
> + GCC:*_CLANG38_*_CC_FLAGS = -std=c99
> + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
> +
> + XCODE:*_*_*_CC_FLAGS = -std=c99
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
> new file mode 100644
> index 0000000000..3a6845642d
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
> @@ -0,0 +1,25 @@
> +// /** @file
> +// Cryptographic Library Instance for PEIM.
> +//
> +// Caution: This module requires additional review when modified.
> +// This library will have external input - signature.
> +// This external input must be validated carefully to avoid security issues such as
> +// buffer overflow or integer overflow.
> +//
> +// Note: AES
> +// functions, RSA external functions, PKCS#7 SignedData sign functions,
> +// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
> +// signature verification functions, PEM handler functions, and pseudorandom number
> +// generator functions are not supported in this instance.
> +//
> +// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
> +
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
> new file mode 100644
> index 0000000000..9f17ef00bf
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
> @@ -0,0 +1,92 @@
> +## @file
> +# Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
> +#
> +# Caution: This module requires additional review when modified.
> +# This library will have external input - signature.
> +# This external input must be validated carefully to avoid security issues such as
> +# buffer overflow or integer overflow.
> +#
> +# Note: SHA-384 Digest functions, SHA-512 Digest functions,
> +# HMAC-SHA256 functions, AES functions, RSA external
> +# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
> +# authenticode signature verification functions are not supported in this instance.
> +#
> +# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = RuntimeCryptLib
> + MODULE_UNI_FILE = RuntimeCryptLib.uni
> + FILE_GUID = D263B580-D9FC-4DC4-B445-578AAEFF530E
> + MODULE_TYPE = DXE_RUNTIME_DRIVER
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = BaseCryptLib|DXE_RUNTIME_DRIVER
> + CONSTRUCTOR = RuntimeCryptLibConstructor
> +
> +#
> +# The following information is for reference only and not required by the build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> +#
> +
> +[Sources]
> + InternalCryptLib.h
> + Hash/CryptMd5.c
> + Hash/CryptSha1.c
> + Hash/CryptSha256.c
> + Hash/CryptSm3Null.c
> + Hash/CryptSha512.c
> + Hash/CryptParallelHashNull.c
> + Hmac/CryptHmac.c
> + Kdf/CryptHkdf.c
> + Cipher/CryptAes.c
> + Cipher/CryptAeadAesGcmNull.c
> + Pk/CryptRsaBasic.c
> + Pk/CryptRsaExtNull.c
> + Pk/CryptRsaPssNull.c
> + Pk/CryptRsaPssSignNull.c
> + Bn/CryptBnNull.c
> + Pem/CryptPemNull.c
> + Pk/CryptDhNull.c
> + Pk/CryptEcNull.c
> + Pk/CryptPkcs1OaepNull.c
> + Pk/CryptPkcs5Pbkdf2Null.c
> + Pk/CryptPkcs7SignNull.c
> + Pk/CryptPkcs7VerifyNull.c
> + Pk/CryptPkcs7VerifyEkuNull.c
> + Pk/CryptX509Null.c
> + Pk/CryptAuthenticodeNull.c
> + Pk/CryptTsNull.c
> + Rand/CryptRandNull.c
> + SysCall/CrtWrapper.c
> + SysCall/TimerWrapper.c
> + SysCall/RuntimeMemAllocation.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + UefiRuntimeServicesTableLib
> + DebugLib
> + MbedTlsLib
> + IntrinsicLib
> + PrintLib
> +
> +#
> +# Remove these [BuildOptions] after this library is cleaned up
> +#
> +[BuildOptions]
> + #
> + # suppress the following warnings so we do not break the build with warnings-as-errors:
> + #
> + GCC:*_CLANG35_*_CC_FLAGS = -std=c99
> + GCC:*_CLANG38_*_CC_FLAGS = -std=c99
> + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
> +
> + XCODE:*_*_*_CC_FLAGS = -std=c99
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
> new file mode 100644
> index 0000000000..b2a2f5ff21
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
> @@ -0,0 +1,22 @@
> +// /** @file
> +// Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
> +//
> +// Caution: This module requires additional review when modified.
> +// This library will have external input - signature.
> +// This external input must be validated carefully to avoid security issues such as
> +// buffer overflow or integer overflow.
> +//
> +// Note: AES
> +// functions, RSA external functions, PKCS#7 SignedData sign functions,
> +// Diffie-Hellman functions, and authenticode signature verification functions are
> +// not supported in this instance.
> +//
> +// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
> new file mode 100644
> index 0000000000..6fc073aac6
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
> @@ -0,0 +1,84 @@
> +## @file
> +# Cryptographic Library Instance for SEC.
> +#
> +# Caution: This module requires additional review when modified.
> +# This library will have external input - signature.
> +# This external input must be validated carefully to avoid security issues such as
> +# buffer overflow or integer overflow.
> +#
> +# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = SecCryptLib
> + MODULE_UNI_FILE = SecCryptLib.uni
> + FILE_GUID = 894C367F-254A-4563-8624-798D46EAD796
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = BaseCryptLib|SEC
> +
> +#
> +# The following information is for reference only and not required by the build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64
> +#
> +
> +[Sources]
> + InternalCryptLib.h
> + Hash/CryptSha512.c
> +
> + Hash/CryptMd5Null.c
> + Hash/CryptSha1Null.c
> + Hash/CryptSha256Null.c
> + Hash/CryptSm3Null.c
> + Hash/CryptParallelHashNull.c
> + Hmac/CryptHmacNull.c
> + Kdf/CryptHkdfNull.c
> + Cipher/CryptAesNull.c
> + Cipher/CryptAeadAesGcmNull.c
> + Pk/CryptRsaBasicNull.c
> + Pk/CryptRsaExtNull.c
> + Bn/CryptBnNull.c
> + Pem/CryptPemNull.c
> + Pk/CryptDhNull.c
> + Pk/CryptEcNull.c
> + Pk/CryptPkcs1OaepNull.c
> + Pk/CryptPkcs5Pbkdf2Null.c
> + Pk/CryptPkcs7SignNull.c
> + Pk/CryptPkcs7VerifyNull.c
> + Pk/CryptPkcs7VerifyEkuNull.c
> + Pk/CryptX509Null.c
> + Pk/CryptAuthenticodeNull.c
> + Pk/CryptTsNull.c
> + Rand/CryptRandNull.c
> + SysCall/CrtWrapper.c
> + SysCall/ConstantTimeClock.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + MemoryAllocationLib
> + DebugLib
> + MbedTlsLib
> + IntrinsicLib
> + PrintLib
> +
> +#
> +# Remove these [BuildOptions] after this library is cleaned up
> +#
> +[BuildOptions]
> + #
> + # suppress the following warnings so we do not break the build with warnings-as-errors:
> + #
> + GCC:*_CLANG35_*_CC_FLAGS = -std=c99
> + GCC:*_CLANG38_*_CC_FLAGS = -std=c99
> + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
> +
> + XCODE:*_*_*_CC_FLAGS = -std=c99
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
> new file mode 100644
> index 0000000000..be2fc4067f
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
> @@ -0,0 +1,17 @@
> +// /** @file
> +// Cryptographic Library Instance for SEC driver.
> +//
> +// Caution: This module requires additional review when modified.
> +// This library will have external input - signature.
> +// This external input must be validated carefully to avoid security issues such as
> +// buffer overflow or integer overflow.
> +//
> +// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SEC driver"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
> new file mode 100644
> index 0000000000..40c56d1b7d
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
> @@ -0,0 +1,92 @@
> +## @file
> +# Cryptographic Library Instance for SMM driver.
> +#
> +# Caution: This module requires additional review when modified.
> +# This library will have external input - signature.
> +# This external input must be validated carefully to avoid security issues such as
> +# buffer overflow or integer overflow.
> +#
> +# Note: SHA-384 Digest functions, SHA-512 Digest functions,
> +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
> +# authenticode signature verification functions are not supported in this instance.
> +#
> +# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = SmmCryptLib
> + MODULE_UNI_FILE = SmmCryptLib.uni
> + FILE_GUID = CF104633-9901-4504-AD7A-91690926A253
> + MODULE_TYPE = DXE_SMM_DRIVER
> + VERSION_STRING = 1.0
> + PI_SPECIFICATION_VERSION = 0x0001000A
> + LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE MM_STANDALONE
> +
> +#
> +# The following information is for reference only and not required by the build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> +#
> +
> +[Sources]
> + InternalCryptLib.h
> + Hash/CryptMd5.c
> + Hash/CryptSha1.c
> + Hash/CryptSha256.c
> + Hash/CryptSm3Null.c
> + Hash/CryptSha512.c
> + Hash/CryptParallelHashNull.c
> + Hmac/CryptHmac.c
> + Kdf/CryptHkdf.c
> + Cipher/CryptAes.c
> + Cipher/CryptAeadAesGcmNull.c
> + Pk/CryptRsaBasic.c
> + Pk/CryptRsaExtNull.c
> + Pk/CryptRsaPss.c
> + Pk/CryptRsaPssSignNull.c
> + Bn/CryptBnNull.c
> + Pem/CryptPemNull.c
> + Pk/CryptDhNull.c
> + Pk/CryptEcNull.c
> + Pk/CryptPkcs1OaepNull.c
> + Pk/CryptPkcs5Pbkdf2Null.c
> + Pk/CryptPkcs7SignNull.c
> + Pk/CryptPkcs7VerifyNull.c
> + Pk/CryptPkcs7VerifyEkuNull.c
> + Pk/CryptX509Null.c
> + Pk/CryptAuthenticodeNull.c
> + Pk/CryptTsNull.c
> + Rand/CryptRandNull.c
> + SysCall/CrtWrapper.c
> + SysCall/ConstantTimeClock.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + MemoryAllocationLib
> + MbedTlsLib
> + IntrinsicLib
> + PrintLib
> + MmServicesTableLib
> + SynchronizationLib
> +
> +#
> +# Remove these [BuildOptions] after this library is cleaned up
> +#
> +[BuildOptions]
> + #
> + # suppress the following warnings so we do not break the build with warnings-as-errors:
> + #
> +
> + XCODE:*_*_*_CC_FLAGS = -mmmx -msse -std=c99
> +
> + GCC:*_CLANG35_*_CC_FLAGS = -std=c99
> + GCC:*_CLANG38_*_CC_FLAGS = -std=c99
> + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
> new file mode 100644
> index 0000000000..13948c2f3d
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
> @@ -0,0 +1,22 @@
> +// /** @file
> +// Cryptographic Library Instance for SMM driver.
> +//
> +// Caution: This module requires additional review when modified.
> +// This library will have external input - signature.
> +// This external input must be validated carefully to avoid security issues such as
> +// buffer overflow or integer overflow.
> +//
> +// Note: AES
> +// functions, RSA external functions, PKCS#7 SignedData sign functions,
> +// Diffie-Hellman functions, and authenticode signature verification functions are
> +// not supported in this instance.
> +//
> +// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
> new file mode 100644
> index 0000000000..2ec13ef9d0
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
> @@ -0,0 +1,75 @@
> +/** @file
> + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
> + for MbedTLS-based Cryptographic Library.
> +
> + This C file implements constant time value for time() and NULL for gmtime()
> + thus should not be used in library instances which require functionality
> + of following APIs which need system time support:
> + 1) RsaGenerateKey
> + 2) RsaCheckKey
> + 3) RsaPkcs1Sign
> + 4) Pkcs7Sign
> + 5) DhGenerateParameter
> + 6) DhGenerateKey
> +
> +Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Library/BaseMemoryLib.h>
> +
> +typedef int time_t;
> +
> +//
> +// Structures Definitions
> +//
> +struct tm {
> + int tm_sec; /* seconds after the minute [0-60] */
> + int tm_min; /* minutes after the hour [0-59] */
> + int tm_hour; /* hours since midnight [0-23] */
> + int tm_mday; /* day of the month [1-31] */
> + int tm_mon; /* months since January [0-11] */
> + int tm_year; /* years since 1900 */
> + int tm_wday; /* days since Sunday [0-6] */
> + int tm_yday; /* days since January 1 [0-365] */
> + int tm_isdst; /* Daylight Savings Time flag */
> + long tm_gmtoff; /* offset from CUT in seconds */
> + char *tm_zone; /* timezone abbreviation */
> +};
> +
> +//
> +// -- Time Management Routines --
> +//
> +
> +/**time function. **/
> +time_t
> +time (
> + time_t *timer
> + )
> +{
> + if (timer != NULL) {
> + *timer = 0;
> + }
> +
> + return 0;
> +}
> +
> +/**gmtime function. **/
> +struct tm *
> +gmtime (
> + const time_t *timer
> + )
> +{
> + return NULL;
> +}
> +
> +/**_time64 function. **/
> +time_t
> +_time64 (
> + time_t *t
> + )
> +{
> + return time (t);
> +}
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
> new file mode 100644
> index 0000000000..f1d9b9c35c
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
> @@ -0,0 +1,58 @@
> +/** @file
> + C Run-Time Libraries (CRT) Wrapper Implementation for MbedTLS-based
> + Cryptographic Library.
> +
> +Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <stdio.h>
> +
> +/**dummy mbedtls_printf function. **/
> +int
> +mbedtls_printf (
> + char const *fmt,
> + ...
> + )
> +{
> + ASSERT (FALSE);
> + return 0;
> +}
> +
> +/**dummy mbedtls_vsnprintf function. **/
> +int
> +mbedtls_vsnprintf (
> + char *str,
> + size_t size,
> + const char *format,
> + ...
> + )
> +{
> + ASSERT (FALSE);
> + return 0;
> +}
> +
> +/**strchr function. **/
> +char *
> +strchr (
> + const char *str,
> + int ch
> + )
> +{
> + return ScanMem8 (str, AsciiStrSize (str), (char)ch);
> +}
> +
> +/**strcmp function. **/
> +int
> +strcmp (
> + const char *s1,
> + const char *s2
> + )
> +{
> + return (int)AsciiStrCmp (s1, s2);
> +}
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
> new file mode 100644
> index 0000000000..51992029a8
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
> @@ -0,0 +1,462 @@
> +/** @file
> + Light-weight Memory Management Routines for MbedTLS-based Crypto
> + Library at Runtime Phase.
> +
> +Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <CrtLibSupport.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/UefiRuntimeLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Guid/EventGroup.h>
> +
> +// ----------------------------------------------------------------
> +// Initial version. Needs further optimizations.
> +// ----------------------------------------------------------------
> +
> +//
> +// Definitions for Runtime Memory Operations
> +//
> +#define RT_PAGE_SIZE 0x200
> +#define RT_PAGE_MASK 0x1FF
> +#define RT_PAGE_SHIFT 9
> +
> +#define RT_SIZE_TO_PAGES(a) (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MASK) ? 1 : 0))
> +#define RT_PAGES_TO_SIZE(a) ((a) << RT_PAGE_SHIFT)
> +
> +//
> +// Page Flag Definitions
> +//
> +#define RT_PAGE_FREE 0x00000000
> +#define RT_PAGE_USED 0x00000001
> +
> +#define MIN_REQUIRED_BLOCKS 600
> +
> +//
> +// Memory Page Table
> +//
> +typedef struct {
> + UINTN StartPageOffset; // Offset of the starting page allocated.
> + // Only available for USED pages.
> + UINT32 PageFlag; // Page Attributes.
> +} RT_MEMORY_PAGE_ENTRY;
> +
> +typedef struct {
> + UINTN PageCount;
> + UINTN LastEmptyPageOffset;
> + UINT8 *DataAreaBase; // Pointer to data Area.
> + RT_MEMORY_PAGE_ENTRY Pages[1]; // Page Table Entries.
> +} RT_MEMORY_PAGE_TABLE;
> +
> +//
> +// Global Page Table for Runtime Cryptographic Provider.
> +//
> +RT_MEMORY_PAGE_TABLE *mRTPageTable = NULL;
> +
> +//
> +// Event for Runtime Address Conversion.
> +//
> +STATIC EFI_EVENT mVirtualAddressChangeEvent;
> +
> +/**
> + Initializes pre-allocated memory pointed by ScratchBuffer for subsequent
> + runtime use.
> +
> + @param[in, out] ScratchBuffer Pointer to user-supplied memory buffer.
> + @param[in] ScratchBufferSize Size of supplied buffer in bytes.
> +
> + @retval EFI_SUCCESS Successful initialization.
> +
> +**/
> +EFI_STATUS
> +InitializeScratchMemory (
> + IN OUT UINT8 *ScratchBuffer,
> + IN UINTN ScratchBufferSize
> + )
> +{
> + UINTN Index;
> + UINTN MemorySize;
> +
> + //
> + // Parameters Checking
> + //
> + if (ScratchBuffer == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (ScratchBufferSize < MIN_REQUIRED_BLOCKS * 1024) {
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + mRTPageTable = (RT_MEMORY_PAGE_TABLE *)ScratchBuffer;
> +
> + //
> + // Initialize Internal Page Table for Memory Management
> + //
> + SetMem (mRTPageTable, ScratchBufferSize, 0xFF);
> + MemorySize = ScratchBufferSize - sizeof (RT_MEMORY_PAGE_TABLE) + sizeof (RT_MEMORY_PAGE_ENTRY);
> +
> + mRTPageTable->PageCount = MemorySize / (RT_PAGE_SIZE + sizeof (RT_MEMORY_PAGE_ENTRY));
> + mRTPageTable->LastEmptyPageOffset = 0x0;
> +
> + for (Index = 0; Index < mRTPageTable->PageCount; Index++) {
> + mRTPageTable->Pages[Index].PageFlag = RT_PAGE_FREE;
> + mRTPageTable->Pages[Index].StartPageOffset = 0;
> + }
> +
> + mRTPageTable->DataAreaBase = ScratchBuffer + sizeof (RT_MEMORY_PAGE_TABLE) +
> + (mRTPageTable->PageCount - 1) * sizeof (RT_MEMORY_PAGE_ENTRY);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Look-up Free memory Region for object allocation.
> +
> + @param[in] AllocationSize Bytes to be allocated.
> +
> + @return Return available page offset for object allocation.
> +
> +**/
> +UINTN
> +LookupFreeMemRegion (
> + IN UINTN AllocationSize
> + )
> +{
> + UINTN StartPageIndex;
> + UINTN Index;
> + UINTN SubIndex;
> + UINTN ReqPages;
> +
> + StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset);
> + ReqPages = RT_SIZE_TO_PAGES (AllocationSize);
> + if (ReqPages > mRTPageTable->PageCount) {
> + //
> + // No enough region for object allocation.
> + //
> + return (UINTN)(-1);
> + }
> +
> + //
> + // Look up the free memory region with in current memory map table.
> + //
> + for (Index = StartPageIndex; Index <= (mRTPageTable->PageCount - ReqPages); ) {
> + //
> + // Check consecutive ReqPages pages.
> + //
> + for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) {
> + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
> + break;
> + }
> + }
> +
> + if (SubIndex == ReqPages) {
> + //
> + // Succeed! Return the Starting Offset.
> + //
> + return RT_PAGES_TO_SIZE (Index);
> + }
> +
> + //
> + // Failed! Skip current free memory pages and adjacent Used pages
> + //
> + while ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
> + SubIndex++;
> + }
> +
> + Index += SubIndex;
> + }
> +
> + //
> + // Look up the free memory region from the beginning of the memory table
> + // until the StartCursorOffset
> + //
> + if (ReqPages > StartPageIndex) {
> + //
> + // No enough region for object allocation.
> + //
> + return (UINTN)(-1);
> + }
> +
> + for (Index = 0; Index < (StartPageIndex - ReqPages); ) {
> + //
> + // Check Consecutive ReqPages Pages.
> + //
> + for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) {
> + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
> + break;
> + }
> + }
> +
> + if (SubIndex == ReqPages) {
> + //
> + // Succeed! Return the Starting Offset.
> + //
> + return RT_PAGES_TO_SIZE (Index);
> + }
> +
> + //
> + // Failed! Skip current adjacent Used pages
> + //
> + while ((SubIndex < (StartPageIndex - ReqPages)) &&
> + ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0))
> + {
> + SubIndex++;
> + }
> +
> + Index += SubIndex;
> + }
> +
> + //
> + // No available region for object allocation!
> + //
> + return (UINTN)(-1);
> +}
> +
> +/**
> + Allocates a buffer at runtime phase.
> +
> + @param[in] AllocationSize Bytes to be allocated.
> +
> + @return A pointer to the allocated buffer or NULL if allocation fails.
> +
> +**/
> +VOID *
> +RuntimeAllocateMem (
> + IN UINTN AllocationSize
> + )
> +{
> + UINT8 *AllocPtr;
> + UINTN ReqPages;
> + UINTN Index;
> + UINTN StartPage;
> + UINTN AllocOffset;
> +
> + AllocPtr = NULL;
> + ReqPages = 0;
> +
> + //
> + // Look for available consecutive memory region starting from LastEmptyPageOffset.
> + // If no proper memory region found, look up from the beginning.
> + // If still not found, return NULL to indicate failed allocation.
> + //
> + AllocOffset = LookupFreeMemRegion (AllocationSize);
> + if (AllocOffset == (UINTN)(-1)) {
> + return NULL;
> + }
> +
> + //
> + // Allocates consecutive memory pages with length of Size. Update the page
> + // table status. Returns the starting address.
> + //
> + ReqPages = RT_SIZE_TO_PAGES (AllocationSize);
> + AllocPtr = mRTPageTable->DataAreaBase + AllocOffset;
> + StartPage = RT_SIZE_TO_PAGES (AllocOffset);
> + Index = 0;
> + while (Index < ReqPages) {
> + mRTPageTable->Pages[StartPage + Index].PageFlag |= RT_PAGE_USED;
> + mRTPageTable->Pages[StartPage + Index].StartPageOffset = AllocOffset;
> +
> + Index++;
> + }
> +
> + mRTPageTable->LastEmptyPageOffset = AllocOffset + RT_PAGES_TO_SIZE (ReqPages);
> +
> + ZeroMem (AllocPtr, AllocationSize);
> +
> + //
> + // Returns a VOID pointer to the allocated space
> + //
> + return AllocPtr;
> +}
> +
> +/**
> + Frees a buffer that was previously allocated at runtime phase.
> +
> + @param[in] Buffer Pointer to the buffer to free.
> +
> +**/
> +VOID
> +RuntimeFreeMem (
> + IN VOID *Buffer
> + )
> +{
> + UINTN StartOffset;
> + UINTN StartPageIndex;
> +
> + StartOffset = (UINTN)Buffer - (UINTN)mRTPageTable->DataAreaBase;
> + StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset);
> +
> + while (StartPageIndex < mRTPageTable->PageCount) {
> + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
> + (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
> + {
> + //
> + // Free this page
> + //
> + mRTPageTable->Pages[StartPageIndex].PageFlag &= ~RT_PAGE_USED;
> + mRTPageTable->Pages[StartPageIndex].PageFlag |= RT_PAGE_FREE;
> + mRTPageTable->Pages[StartPageIndex].StartPageOffset = 0;
> +
> + StartPageIndex++;
> + } else {
> + break;
> + }
> + }
> +
> + return;
> +}
> +
> +/**
> + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
> +
> + This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE
> + event. It converts a pointer to a new virtual address.
> +
> + @param[in] Event The event whose notification function is being invoked.
> + @param[in] Context The pointer to the notification function's context.
> +
> +**/
> +VOID
> +EFIAPI
> +RuntimeCryptLibAddressChangeEvent (
> + IN EFI_EVENT Event,
> + IN VOID *Context
> + )
> +{
> + //
> + // Converts a pointer for runtime memory management to a new virtual address.
> + //
> + EfiConvertPointer (0x0, (VOID **)&mRTPageTable->DataAreaBase);
> + EfiConvertPointer (0x0, (VOID **)&mRTPageTable);
> +}
> +
> +/**
> + Constructor routine for runtime crypt library instance.
> +
> + The constructor function pre-allocates space for runtime cryptographic operation.
> +
> + @param ImageHandle The firmware allocated handle for the EFI image.
> + @param SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The construction succeeded.
> + @retval EFI_OUT_OF_RESOURCE Failed to allocate memory.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RuntimeCryptLibConstructor (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> + VOID *Buffer;
> +
> + //
> + // Pre-allocates runtime space for possible cryptographic operations
> + //
> + Buffer = AllocateRuntimePool (MIN_REQUIRED_BLOCKS * 1024);
> + Status = InitializeScratchMemory (Buffer, MIN_REQUIRED_BLOCKS * 1024);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + //
> + // Create address change event
> + //
> + Status = gBS->CreateEventEx (
> + EVT_NOTIFY_SIGNAL,
> + TPL_NOTIFY,
> + RuntimeCryptLibAddressChangeEvent,
> + NULL,
> + &gEfiEventVirtualAddressChangeGuid,
> + &mVirtualAddressChangeEvent
> + );
> + ASSERT_EFI_ERROR (Status);
> +
> + return Status;
> +}
> +
> +//
> +// -- Memory-Allocation Routines Wrapper for UEFI-MbedTLS Library --
> +//
> +
> +/** Allocates memory blocks. **/
> +VOID *
> +malloc (
> + size_t size
> + )
> +{
> + return RuntimeAllocateMem ((UINTN)size);
> +}
> +
> +/** Reallocate memory blocks. **/
> +VOID *
> +realloc (
> + VOID *ptr,
> + size_t size
> + )
> +{
> + VOID *NewPtr;
> + UINTN StartOffset;
> + UINTN StartPageIndex;
> + UINTN PageCount;
> +
> + if (ptr == NULL) {
> + return malloc (size);
> + }
> +
> + //
> + // Get Original Size of ptr
> + //
> + StartOffset = (UINTN)ptr - (UINTN)mRTPageTable->DataAreaBase;
> + StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset);
> + PageCount = 0;
> + while (StartPageIndex < mRTPageTable->PageCount) {
> + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
> + (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
> + {
> + StartPageIndex++;
> + PageCount++;
> + } else {
> + break;
> + }
> + }
> +
> + if (size <= RT_PAGES_TO_SIZE (PageCount)) {
> + //
> + // Return the original pointer, if Caller try to reduce region size;
> + //
> + return ptr;
> + }
> +
> + NewPtr = RuntimeAllocateMem ((UINTN)size);
> + if (NewPtr == NULL) {
> + return NULL;
> + }
> +
> + CopyMem (NewPtr, ptr, RT_PAGES_TO_SIZE (PageCount));
> +
> + RuntimeFreeMem (ptr);
> +
> + return NewPtr;
> +}
> +
> +/** Deallocates or frees a memory block. **/
> +VOID
> +free (
> + VOID *ptr
> + )
> +{
> + //
> + // In Standard C, free() handles a null pointer argument transparently. This
> + // is not true of RuntimeFreeMem() below, so protect it.
> + //
> + if (ptr != NULL) {
> + RuntimeFreeMem (ptr);
> + }
> +}
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
> new file mode 100644
> index 0000000000..b7cd4d3181
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
> @@ -0,0 +1,198 @@
> +/** @file
> + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
> + for MbedTLS-based Cryptographic Library (used in DXE & RUNTIME).
> +
> +Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Uefi.h>
> +#include <Library/UefiRuntimeServicesTableLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +
> +typedef int time_t;
> +
> +//
> +// Structures Definitions
> +//
> +struct tm {
> + int tm_sec; /* seconds after the minute [0-60] */
> + int tm_min; /* minutes after the hour [0-59] */
> + int tm_hour; /* hours since midnight [0-23] */
> + int tm_mday; /* day of the month [1-31] */
> + int tm_mon; /* months since January [0-11] */
> + int tm_year; /* years since 1900 */
> + int tm_wday; /* days since Sunday [0-6] */
> + int tm_yday; /* days since January 1 [0-365] */
> + int tm_isdst; /* Daylight Savings Time flag */
> + long tm_gmtoff; /* offset from CUT in seconds */
> + char *tm_zone; /* timezone abbreviation */
> +};
> +
> +//
> +// -- Time Management Routines --
> +//
> +
> +#define IsLeap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
> +#define SECSPERMIN (60)
> +#define SECSPERHOUR (60 * 60)
> +#define SECSPERDAY (24 * SECSPERHOUR)
> +
> +//
> +// The arrays give the cumulative number of days up to the first of the
> +// month number used as the index (1 -> 12) for regular and leap years.
> +// The value at index 13 is for the whole year.
> +//
> +UINTN CumulativeDays[2][14] = {
> + {
> + 0,
> + 0,
> + 31,
> + 31 + 28,
> + 31 + 28 + 31,
> + 31 + 28 + 31 + 30,
> + 31 + 28 + 31 + 30 + 31,
> + 31 + 28 + 31 + 30 + 31 + 30,
> + 31 + 28 + 31 + 30 + 31 + 30 + 31,
> + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31,
> + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
> + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
> + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
> + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
> + },
> + {
> + 0,
> + 0,
> + 31,
> + 31 + 29,
> + 31 + 29 + 31,
> + 31 + 29 + 31 + 30,
> + 31 + 29 + 31 + 30 + 31,
> + 31 + 29 + 31 + 30 + 31 + 30,
> + 31 + 29 + 31 + 30 + 31 + 30 + 31,
> + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31,
> + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
> + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
> + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
> + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
> + }
> +};
> +
> +/** Get the system time as seconds elapsed since midnight, January 1, 1970. **/
> +time_t
> +time (
> + time_t *timer
> + )
> +{
> + EFI_STATUS Status;
> + EFI_TIME Time;
> + time_t CalTime;
> + UINTN Year;
> +
> + //
> + // Get the current time and date information
> + //
> + Status = gRT->GetTime (&Time, NULL);
> + if (EFI_ERROR (Status) || (Time.Year < 1970)) {
> + return 0;
> + }
> +
> + //
> + // Years Handling
> + // UTime should now be set to 00:00:00 on Jan 1 of the current year.
> + //
> + for (Year = 1970, CalTime = 0; Year != Time.Year; Year++) {
> + CalTime = CalTime + (time_t)(CumulativeDays[IsLeap (Year)][13] * SECSPERDAY);
> + }
> +
> + //
> + // Add in number of seconds for current Month, Day, Hour, Minute, Seconds, and TimeZone adjustment
> + //
> + CalTime = CalTime +
> + (time_t)((Time.TimeZone != EFI_UNSPECIFIED_TIMEZONE) ? (Time.TimeZone * 60) : 0) +
> + (time_t)(CumulativeDays[IsLeap (Time.Year)][Time.Month] * SECSPERDAY) +
> + (time_t)(((Time.Day > 0) ? Time.Day - 1 : 0) * SECSPERDAY) +
> + (time_t)(Time.Hour * SECSPERHOUR) +
> + (time_t)(Time.Minute * 60) +
> + (time_t)Time.Second;
> +
> + if (timer != NULL) {
> + *timer = CalTime;
> + }
> +
> + return CalTime;
> +}
> +
> +/** Convert a time value from type time_t to struct tm. **/
> +struct tm *
> +gmtime (
> + const time_t *timer
> + )
> +{
> + struct tm *GmTime;
> + UINT16 DayNo;
> + UINT16 DayRemainder;
> + time_t Year;
> + time_t YearNo;
> + UINT16 TotalDays;
> + UINT16 MonthNo;
> +
> + if (timer == NULL) {
> + return NULL;
> + }
> +
> + GmTime = AllocateZeroPool (sizeof (struct tm));
> + if (GmTime == NULL) {
> + return NULL;
> + }
> +
> + ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm));
> +
> + DayNo = (UINT16)(*timer / SECSPERDAY);
> + DayRemainder = (UINT16)(*timer % SECSPERDAY);
> +
> + GmTime->tm_sec = (int)(DayRemainder % SECSPERMIN);
> + GmTime->tm_min = (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN);
> + GmTime->tm_hour = (int)(DayRemainder / SECSPERHOUR);
> + GmTime->tm_wday = (int)((DayNo + 4) % 7);
> +
> + for (Year = 1970, YearNo = 0; DayNo > 0; Year++) {
> + TotalDays = (UINT16)(IsLeap (Year) ? 366 : 365);
> + if (DayNo >= TotalDays) {
> + DayNo = (UINT16)(DayNo - TotalDays);
> + YearNo++;
> + } else {
> + break;
> + }
> + }
> +
> + GmTime->tm_year = (int)(YearNo + (1970 - 1900));
> + GmTime->tm_yday = (int)DayNo;
> +
> + for (MonthNo = 12; MonthNo > 1; MonthNo--) {
> + if (DayNo >= CumulativeDays[IsLeap (Year)][MonthNo]) {
> + DayNo = (UINT16)(DayNo - (UINT16)(CumulativeDays[IsLeap (Year)][MonthNo]));
> + break;
> + }
> + }
> +
> + GmTime->tm_mon = (int)MonthNo - 1;
> + GmTime->tm_mday = (int)DayNo + 1;
> +
> + GmTime->tm_isdst = 0;
> + GmTime->tm_gmtoff = 0;
> + GmTime->tm_zone = NULL;
> +
> + return GmTime;
> +}
> +
> +/**_time64 function. **/
> +time_t
> +_time64 (
> + time_t *t
> + )
> +{
> + return time (t);
> +}
> diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
> new file mode 100644
> index 0000000000..def990b996
> --- /dev/null
> +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
> @@ -0,0 +1,76 @@
> +## @file
> +# Cryptographic Library Instance for DXE_DRIVER.
> +#
> +# Caution: This module requires additional review when modified.
> +# This library will have external input - signature.
> +# This external input must be validated carefully to avoid security issues such as
> +# buffer overflow or integer overflow.
> +#
> +# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = BaseCryptLib
> + FILE_GUID = 9DD60CFE-9D05-41E2-8B9E-958E2A4C1913
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
> +
> +#
> +# The following information is for reference only and not required by the build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> +#
> +
> +[Sources]
> + InternalCryptLib.h
> + Cipher/CryptAeadAesGcmNull.c
> + Cipher/CryptAes.c
> + Hash/CryptSha256.c
> + Hash/CryptSha512.c
> + Hash/CryptSm3Null.c
> + Hash/CryptMd5.c
> + Hash/CryptSha1.c
> + Hmac/CryptHmac.c
> + Kdf/CryptHkdf.c
> + Pk/CryptRsaBasic.c
> + Pk/CryptRsaExtNull.c
> + Pk/CryptRsaPss.c
> + Pk/CryptRsaPssSignNull.c
> + Bn/CryptBnNull.c
> + Pem/CryptPemNull.c
> + Pk/CryptDhNull.c
> + Pk/CryptEcNull.c
> + Pk/CryptPkcs1OaepNull.c
> + Pk/CryptPkcs5Pbkdf2Null.c
> + Pk/CryptPkcs7SignNull.c
> + Pk/CryptPkcs7VerifyNull.c
> + Pk/CryptPkcs7VerifyEkuNull.c
> + Pk/CryptX509Null.c
> + Pk/CryptAuthenticodeNull.c
> + Pk/CryptTsNull.c
> + Rand/CryptRandNull.c
> + SysCall/CrtWrapper.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + MemoryAllocationLib
> + UefiRuntimeServicesTableLib
> + DebugLib
> + MbedTlsLib
> + PrintLib
> + RngLib
> +
> +#
> +# Remove these [BuildOptions] after this library is cleaned up
> +#
> +[BuildOptions]
> + MSFT:*_*_*_CC_FLAGS = /GL-
> diff --git a/CryptoPkg/Library/Include/stdint.h b/CryptoPkg/Library/Include/stdint.h
> new file mode 100644
> index 0000000000..17b8c767d7
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/stdint.h
> @@ -0,0 +1,19 @@
> +/** @file
> + Include file to support building the third-party cryptographic library.
> +
> +Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <CrtLibSupport.h>
> +
> +typedef INT8 int8_t;
> +typedef UINT8 uint8_t;
> +typedef INT16 int16_t;
> +typedef UINT16 uint16_t;
> +typedef INT32 int32_t;
> +typedef UINT32 uint32_t;
> +typedef INT64 int64_t;
> +typedef UINT64 uint64_t;
> +typedef UINTN uintptr_t;
> diff --git a/CryptoPkg/Library/Include/stubs-32.h b/CryptoPkg/Library/Include/stubs-32.h
> new file mode 100644
> index 0000000000..786d57e8d5
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/stubs-32.h
> @@ -0,0 +1,9 @@
> +/** @file
> + Include file to support building the third-party cryptographic library.
> +
> +Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <CrtLibSupport.h>
> diff --git a/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c b/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
> index c7d5c393a1..1c9cd72b70 100644
> --- a/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
> +++ b/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
> @@ -12,7 +12,7 @@
> #include <mbedtls/ecdh.h>
> #include <mbedtls/ecdsa.h>
> #include <mbedtls/bignum.h>
> -#include <library/bignum_core.h>
> +#include <bignum_core.h>
>
> /*
> * Get the curve info for the internal identifier
--
Alexey
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112356): https://edk2.groups.io/g/devel/message/112356
Mute This Topic: https://groups.io/mt/101639981/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-12-12 3:52 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-28 15:34 [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 01/11] CryptoPkg: Add mbedtls submodule for EDKII Wenxing Hou
2023-10-11 18:21 ` Michael D Kinney
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 02/11] CryptoPkg: Add mbedtls_config and MbedTlsLib.inf Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 03/11] CryptoPkg: Add HMAC functions based on Mbedtls Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 04/11] CryptoPkg: Add HKDF " Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 05/11] CryptoPkg: Add RSA " Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 06/11] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls Wenxing Hou
2023-12-12 3:52 ` Alexey Kardashevskiy via groups.io [this message]
[not found] ` <179FF92851F08A90.471@groups.io>
2023-12-12 4:03 ` Alexey Kardashevskiy via groups.io
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 07/11] CryptoPkg: Add Null functions for building pass Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 08/11] CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add Mbedtls submodule in CI Wenxing Hou
2023-10-11 18:23 ` Michael D Kinney
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 10/11] CryptoPkg: Add basic Readme for BaseCryptLibMbedTls Wenxing Hou
2023-09-28 15:34 ` [edk2-devel] [PATCH v3 11/11] CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS Wenxing Hou
2023-10-07 12:38 ` [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls Li, Yi
[not found] ` <178919F6750E1B48.1188@groups.io>
2023-10-07 13:39 ` [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add Mbedtls submodule in CI Wenxing Hou
2023-10-10 1:49 ` Wenxing Hou
2023-10-11 8:04 ` Li, Yi
[not found] ` <178BD38EB7306FC4.5378@groups.io>
2023-10-12 5:50 ` [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls Li, Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1849bef7-bbb4-487d-b374-f09a7afc9e7f@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox