From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.382.1673028673900039845 for ; Fri, 06 Jan 2023 10:11:14 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=XhqwdZ4/; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673028673; x=1704564673; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=ZpWNNVv+UGLYAID1mHkTh1wofw2mLwePtJ/e1TGqblg=; b=XhqwdZ4/q0QvfSCivrWu1ZlZANvna4UTAYanM58TU8UqtMM2xcb/6sJh zSag2hDKz59EM59MxLctsT4p1Hr00ZDIHeD46oR6w38nWeCNwcNszFKHS 8RQVXkQ+FgzjiGjEHhqpZoXBxEJhL20oF+e+Xq5WA09JwVuXiuxawJZst 6ovefiRsiZq3n22YL6k8dmiRyRXfwq7ehQd2tA3ViUCY6O1w1gBO1iQw4 ZfDvpd3aPWdzgmB8ojMXjLx10nnWfwYQhVL1jWmHcF0aZlaON6wZu8K/x lzbeI8rrGm84RTet4VRMkPpyma0dK9R0HLA1lnpRcNqM8pq3ld38LkyXr w==; X-IronPort-AV: E=McAfee;i="6500,9779,10582"; a="386981087" X-IronPort-AV: E=Sophos;i="5.96,306,1665471600"; d="scan'208,217";a="386981087" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jan 2023 10:11:12 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10582"; a="901358208" X-IronPort-AV: E=Sophos;i="5.96,306,1665471600"; d="scan'208,217";a="901358208" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga006.fm.intel.com with ESMTP; 06 Jan 2023 10:11:11 -0800 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Fri, 6 Jan 2023 10:11:11 -0800 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Fri, 6 Jan 2023 10:11:10 -0800 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Fri, 6 Jan 2023 10:11:10 -0800 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.109) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Fri, 6 Jan 2023 10:11:10 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ae5NtzRjZ8vgww+nMYC9YNNZMdhP2fnkhtlYS7PFNnuyXImi9Y2uZbY8RArI19WTB+I36jAPrxR15jA4jOve23OM2EgkChf09Fwbbefpw55rfblXBxgH/hDdwYGytaYELA51etROmthSiQ3746dB3nE8bQx7/1Lor/4medXIpY7APTzs+x1wsIiEsZEK5xWg9GHQRsH2wBvfiyG1+XCqd89vfEbVWo33bw14HXd9Hx55xQyaSIDE7AtrOZe+DGp8plRguUsIlkKHNT56Plxvjvc3XwBZBONkH8q2K3XOmh8m4vksB99SlnEH+j/OWkl/sdaj7ktR0SDEfcLGpzjO0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+KkH7burSxMXbp37BWii+wWhk5FHQPAmcx2ob3kf3sM=; b=dK3BMieQ527W3GKxklWEM3fUMBntP2gLERO2wpZw6sgMS8u9qOvAag+q/hMm6hIDGgxfwvX46pKw3uGICiRf4dD/wukTf7AO4vy3o48na2GOo4h5kQSf5omh0BYXdexCjkp8wE45rNcbpZhAtVpIQacc2VL3EbL0p+rEKcKf7nP9+3zXyjQ2DnH+6Rnqgleg9DIHUaIFp7/wuNshSXLtLyYmiqYPBl5icmPY9Vfvqof3cbs70kGFsry04Az9BgGKwfVZvMlVuzyejcck2P+zMwaJeKqqWXZk01O4deYzsWqR7ocRizFgkdLjpfFPZjODlhujvQ7fIINEdkM3jfEPLg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SJ1PR11MB6227.namprd11.prod.outlook.com (2603:10b6:a03:45a::10) by CY5PR11MB6391.namprd11.prod.outlook.com (2603:10b6:930:38::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Fri, 6 Jan 2023 18:11:03 +0000 Received: from SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::221e:24cf:a864:9986]) by SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::221e:24cf:a864:9986%5]) with mapi id 15.20.5944.019; Fri, 6 Jan 2023 18:11:02 +0000 From: "Li, Yi" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, Xiaoyu1" , "Jiang, Guomin" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service API backward compatible Thread-Topic: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service API backward compatible Thread-Index: AQHZE3KiKk/wZcz5yE+quVxefKcceq6NmfeAgAOn4OCAABAwsIAABgCQgAANUaCAABBqsIAAJzyggAAv8VA= Date: Fri, 6 Jan 2023 18:11:01 +0000 Message-ID: References: <17321DB57D822CE7.23615@groups.io> <1737B458A2E4874C.7095@groups.io> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ1PR11MB6227:EE_|CY5PR11MB6391:EE_ x-ms-office365-filtering-correlation-id: fd1dc327-c1c9-46b5-097d-08daf0115eb3 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DM0rVa3LLQ+5wug4hAysrBDwDISYR29of/SLdnI3AiWYfnwsNTx67PQbhbUG8uUlz3GdsJjMA39ZBJ9LGf5+WlllQeUzS1N0UMVvsLzZw07pIL1tazJdOHjPqMwELKmC4UsXmNDLkvB8b47Bg6GH6JxMuE3z+9bt8yBjgJAchd6Rz8jjX6boVCNeXRFjCUdJNzpQfNHyxKdVEezpx1/5LEYtJWm6rwsFglwKOPQ7KqxbJ5nM0jhXh5V4cvKGMdtIG5S/eeKQDULeA3D12FeGlCX238GI1HCVGS0bTK9x19elSXpBDRo25M0kpCNkeE/ououL77UOJUVMkmjPz4ubTLpm/GogrxnYjH9smkeLJWFdLlUwK41TxadNg2xhIEcZeklU2NV6bnpNenfh4nubQCIz5GsLdfAJPIcsUwa+nf+MlgCm878Xt/DQHv2rV2pU21UtRSNgH1gUVWGKFIGfvNG6kwSIjdBJW/74sXqEijCmtKCveB1s+UFsTjAn8kfcBtreq2zXtG/YMjPq6EZYDeduezIRUdXtSoC3MdRhSk0beVoFFTywdx2qI50XLSmxDWIwTuJjGGISpIkYVk1W/3LgDcHSeeOolPTF3fBb+fi/q3p6bggRbRlO1wNUHDL/bBFiy+6+kQIZ/+qVSZcTfADktl1CWFWY1cnZg1AltBisJxqJ6KwDo0KNCwJpQ7SPNMlPQfeuatbPqknXT4LpC0Rk5XFtwMrHoJ1U69VDDo8842ruM0kuF47tROTzVGYwJzPTWesGmIyGWa71QjERrQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ1PR11MB6227.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(396003)(376002)(366004)(39860400002)(136003)(346002)(451199015)(5660300002)(2906002)(41300700001)(966005)(66899015)(4326008)(478600001)(8676002)(52536014)(8936002)(76116006)(19627235002)(64756008)(110136005)(66446008)(66946007)(66476007)(316002)(54906003)(30864003)(66556008)(71200400001)(26005)(55016003)(9686003)(7696005)(6506007)(33656002)(83380400001)(186003)(53546011)(122000001)(38100700002)(166002)(107886003)(82960400001)(86362001)(38070700005)(559001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GkV/xXDR0uGk7TB+b/+XyhlWTOvfBcV7SscAA8gNXuLpktYM0FTT3zcjK2HH?= =?us-ascii?Q?fr09AYs8Ma/92ot+mXq8hnkwN2LWyM6YFQJ1fpgT3TXa24eAXTJ8LdgKTndS?= =?us-ascii?Q?MBg4RlYr3B6K+lIVByUZBWsz9G9CTC9xCybXpA8Js5xa8XLuffsWvnsp92LK?= =?us-ascii?Q?NAGMxGxiChD8UfYn8kXx8zgkRO4GSFQ3uobpCGUWwPA7j/ebvJyMyZXEDaj2?= =?us-ascii?Q?rJDdJxlwR44WGzN3lr43zWBiXnXDOSOdWm8GXTCnEMsqooQAjXpTx3DwTrL8?= =?us-ascii?Q?yEwrghaP9Yt8asMPqNBMT54YiFM9fFUgZP00XnHMWh5yEghLwOoAdoOJoeqz?= =?us-ascii?Q?D1UCJEYo/LzgCtjNROhNqkUHaLuOd58KFB/s5+N8QNjnbLn2u+00wFnENav2?= =?us-ascii?Q?XWk/xei8VO/AYTBc4TEFKudStENaz+Sl2XCZMIkND5h98DugvwKmguHXUzEA?= =?us-ascii?Q?l7HsZhUg4G8lRzwjT61ERKO4IUeL6iptCwz/NpX/hdTBAlb4g2oNhR6n3YJt?= =?us-ascii?Q?Umg/Egx6BoYDhvqLW26baL9QiotMXvKYM/ny4r6oMtwuM/Nq/htTwpy3iC5N?= =?us-ascii?Q?QPdZhmmpT3K3t6XaWC+JiIynw8u4CSUHAb/PUTRmZjnk84MIZAR0ywcSte6f?= =?us-ascii?Q?MoNP4sbZ+r098YN0+hiYEq2xR10mIfoFf0bRsCWATnIUN44EGzy+9rpepXDD?= =?us-ascii?Q?bXm004EQ8Oy8um/Jlh2GLtC38ihze0922Ct8IL4oOfnNvmuCCuThQIAZQzkB?= =?us-ascii?Q?0Y+RgMFSl6QYaIkaJ8X55dNJFUmpYcd3+0BcbPIg0PCfPu1ScffNr2iQROU2?= =?us-ascii?Q?1yyxp2D8ZvE8H3WtA1zwTwP+//KR3cgrTDOsNaHWrl2L9wTkspIBX5JYocfy?= =?us-ascii?Q?N0KWxDJLXKgUzzRdJ8tECapHcHl3ftK+WJdvh+kctDQtY0f0a1Uthj3J3H7x?= =?us-ascii?Q?51Ad3ADXtHkV0lOuWXQGj+oEWvyYTcEfL/NBIu2a/VYuUg0tbzBKiMxGd0Wy?= =?us-ascii?Q?xiJmufMULIWcNYFRsWyGphqu3hmipaIpfbqDAXnQdFQ2npcPobTWHKIQe/qF?= =?us-ascii?Q?wTnQSI+Cy2BDBThEqqVflr3/86uI4sj7zagFUCtf3FQ0/8IqwO+NMZt7KOLx?= =?us-ascii?Q?bDP/VJFjP+3Q+r2gSgt2JZUzyAaStfxMr6i3PCE1Y5qdLK0M+tVSGdf1i0vR?= =?us-ascii?Q?xZbwIU57dHjUWChZ3T0mL19+Lnnt8CJD1Y0CAjB9CqnHb5NVhi9JH1fCj91d?= =?us-ascii?Q?finUQppFUQAJiEWS6Pvwq8V0s+9gUwcZO/ZxgvNgrlEkXPd4ViGUJKgEWdgI?= =?us-ascii?Q?mlqwEef3j32W+xYELFmxV16SjrRAIL+GG8WWnDF2cjkWWMrSg5Wv15nETegk?= =?us-ascii?Q?TM2TbyHPqgSaWl6OP7RY6uQlW8uG5nNiH3Bb1KUbxe3WTAjbagApjHbaoajB?= =?us-ascii?Q?U4dxgIbsEL+l+zf98vd79LfyYnNg0N0IIPHbiafIbdLpLDLU95gH4vgJZbMy?= =?us-ascii?Q?x4SEC/dK0bLwd6QaB2XOHYATHAjfgf413a30jzjE1p3UBtfLFrbbZnkAOFS5?= =?us-ascii?Q?/ky+aXpEsFRjTzXTt4o=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ1PR11MB6227.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fd1dc327-c1c9-46b5-097d-08daf0115eb3 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2023 18:11:01.9928 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: rQXF1eOtw7kFg5cky/KX3lK0xU0aev0QiBZFn3zjAniF7NCGfTW3EQ4O0NvC6XYDqXXJJXQhCshTF+7hz4XnAw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR11MB6391 Return-Path: yi1.li@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_SJ1PR11MB62271C043A341470AF6A12F0C5FB9SJ1PR11MB6227namp_" --_000_SJ1PR11MB62271C043A341470AF6A12F0C5FB9SJ1PR11MB6227namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sorry, there may be a misunderstanding here, 'latest platform code' means '= EDK2 in latest platform code'. CyptoBin is not the only consideration, CyptoConsumer will statically link = other EDK2 libraries, such as MemoryLib, PrintLib, which prefer to use the = latest EDK2 code, because it may contain important bug fixes. Compatibility is not a big problem since most libraries use static linking. If Crypto Protocol can be backward compatible, the development of features = will be more independent, and they can be directly developed based on the l= atest EDK2 without considering the platform code. Thanks, Yi -----Original Message----- From: Yao, Jiewen Sent: Friday, January 6, 2023 11:20 PM To: Li, Yi1 ; devel@edk2.groups.io Cc: Wang, Jian J ; Lu, Xiaoyu1 ; Jiang, Guomin ; Kinney, Michael D Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service API = backward compatible > The developers of CryptoConsumer always build binary based on latest plat= form code. If so, how you guarantee the compatibility between CryptoConsumer and old o= ther platform code? The saftest way is always to build CryptoConsumer with old platform, then r= eplace it with the one in the old platform. > -----Original Message----- > From: Li, Yi1 > > Sent: Friday, January 6, 2023 11:09 PM > To: Yao, Jiewen >; deve= l@edk2.groups.io > Cc: Wang, Jian J >; L= u, Xiaoyu1 > >; Jiang, Guomin >; Kinney, > Michael D > > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service AP= I > backward compatible > > >However, I am still not sure why the CryptoConsumer need link a higher > version CryptoLib wrapper, if it wants to work with old CryptoBin. > > The developers of CryptoConsumer always build binary based on latest > platform code. > They prefer to keep the integrity of the platform code instead of changin= g the > CryptoLib wrapper. > > The result is that there will be two binaries on the old platform and the= new > platform. > > Thanks, > Yi > > -----Original Message----- > From: Yao, Jiewen > > Sent: Friday, January 6, 2023 8:14 PM > To: devel@edk2.groups.io; Yao, Jiewen >; Li, Yi1 > > > Cc: Wang, Jian J >; L= u, Xiaoyu1 > >; Jiang, Guomin >; Kinney, > Michael D > > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service AP= I > backward compatible > > Hi Yi > I believe I have some misunderstanding, after I read the definition again= . > According to > https://github.com/tianocore/edk2/blob/master/CryptoPkg/Private/Protocol > /Crypto.h#L24, the version means "The version of the EDK II Crypto > Protocol." > It is not the version of the implementation. As such, my comment on bug f= ix > does not stand. I am sorry to bring the confusing. > With that, I don't have a super strong reason to reject, so far. > > However, I am still not sure why the CryptoConsumer need link a higher > version CryptoLib wrapper, if it wants to work with old CryptoBin. > > Thank you > Yao, Jiewen > > > > > -----Original Message----- > > From: devel@edk2.groups.io > On Behalf Of Yao, > > Jiewen > > Sent: Friday, January 6, 2023 7:21 PM > > To: Li, Yi1 >; devel@edk2.gro= ups.io > > Cc: Wang, Jian J >;= Lu, Xiaoyu1 > > >; Jiang, Guomin >; Kinney, > > Michael D > > > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service = API > > backward compatible > > > > Perhaps we can ask developers to update the minimum version of > CyptoAPI > > after bug or security fixes. > > > > [Jiewen] First, this is a new requirement. Hard to enforce. > > Second, if you do this, then you *may* need update the CryptoBin, if > > CryptoConsumer is updated. > > Third, it is hard to determine *when* to upgrade the MinVersion, > especially > > when a bug fix is in the dependency module. For example, the code in > > CryptoPkg does not update, but the MdePkg update, which may cause the > > CryptoBin update. Should we update MinVersion? It will bring a burden t= o > > the one who maintains the MinVersion. > > > > I believe it will create more potential compatibility problem. > > > > > > One more question: > > If you want to update CryptoConsumer, but keep CryptoBin. Why you want > > to link a higher version of CryptoLib wrapper? Why not use the old vers= ion > > CryptoLib wrapper? > > > > Thank you > > Yao, Jiewen > > > > > -----Original Message----- > > > From: Li, Yi1 > > > > Sent: Friday, January 6, 2023 7:07 PM > > > To: Yao, Jiewen >; = devel@edk2.groups.io > > > Cc: Wang, Jian J = >; Lu, Xiaoyu1 > > > >; Jiang, Guomin >; > Kinney, > > > Michael D > > > > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Servic= e > API > > > backward compatible > > > > > > Hi Jiewen, > > > > > > Thanks for feedback. > > > > > > >If you can upgrade the CryptoConsumer, why not upgrade the CryptoBin > > at > > > the same time? > > > > > > 1. CryptoConsumer and CryptoBin are usually delivered by different > people. > > > For example, some features that require CryptoBin are responsible for= by > > an > > > independent team, but Cyptobin is responsible for the platform as par= t of > > > the platform firmware. > > > > > > 2. In the actual development process, the update of CryptoBin is ofte= n > > > difficult due to reasons such as binary size or freeze of platform co= de, > > > especially on older platforms, which will cause the feature developme= nt > > > team to have to maintain multiple feature versions based on different > EDK2 > > > CyptoPkg. > > > > > > > But it is NOT TRUE, if you care the implementation of API. Maybe th= e > > higher > > > version of an API fixed some bug, or add some new features. > > > > > > Perhaps we can ask developers to update the minimum version of > > CyptoAPI > > > after bug or security fixes. > > > > > > Thanks, > > > Yi > > > > > > -----Original Message----- > > > From: Yao, Jiewen > > > > Sent: Friday, January 6, 2023 6:06 PM > > > To: Li, Yi1 >; devel@edk2.g= roups.io > > > Cc: Wang, Jian J = >; Lu, Xiaoyu1 > > > >; Jiang, Guomin >; > Kinney, > > > Michael D > > > > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Servic= e > API > > > backward compatible > > > > > > Thanks Yi. > > > You raised a very interesting question. > > > > > > + Mike Kinney, to comment from the requirement perspective. > > > > > > The original design is very simple: CryptoBin.Version >=3D > > > CryptoConsumer.Version. > > > > > > Now you want to handle the case that: CryptoConsumer.Version > > > > CryptoBin.Version, but the CryptoConsumer.Api is already present in > > > CryptoBin.Api. > > > To me, the hidden assumption is that: As long as an API is present, i= t will > be > > > used. The version of the API is not cared. > > > > > > This is only TRUE, if you only care the API is present or absent. > > > But it is NOT TRUE, if you care the implementation of API. Maybe the > higher > > > version of an API fixed some bug, or add some new features. > > > > > > I believe this is very dangerous downgrade. I don't recommend we do i= t. > > > Mike, what do you think? > > > > > > Question to Yi: If you can upgrade the CryptoConsumer, why not upgrad= e > > the > > > CryptoBin at the same time? > > > > > > Thank you > > > Yao, Jiewen > > > > > > > -----Original Message----- > > > > From: Li, Yi1 > > > > > Sent: Wednesday, January 4, 2023 10:03 AM > > > > To: devel@edk2.groups.io; Li, Yi1 > > > > > Cc: Yao, Jiewen >= ; Wang, Jian J > > > > >; Lu, Xiaoyu1 = >; Jiang, > > > > Guomin > > > > > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Serv= ice > > API > > > > backward compatible > > > > > > > > Hi, any comments about this BZ and patch? > > > > Code link: https://github.com/tianocore/edk2/pull/3787 > > > > > > > > -----Original Message----- > > > > From: devel@edk2.groups.io > On Behalf Of Li, > Yi > > > > Sent: Monday, December 19, 2022 2:24 PM > > > > To: devel@edk2.groups.io > > > > Cc: Li, Yi1 >; Yao, Jiewe= n >; > Wang, > > > > Jian J >; Lu, X= iaoyu1 >; > > Jiang, > > > > Guomin > > > > > Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service = API > > > > backward compatible > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4197 > > > > > > > > Using older Crypto protocol will be allowed. > > > > Each function wrapper will be annotated to require a minimum > required > > > > version of the crypto protocol and assert if called when the versio= n is > > > > not compatible. > > > > Ths minimum version difined as the version when the API was > introduced. > > > > Details: > > > > ///Parallel hash: MinVersion 8 > > > > ParallelHash256HashAll, > > > > /// HMAC SHA256 (continued): MinVersion 9 > > > > HmacSha256All, > > > > /// HMAC SHA384: MinVersion 9 > > > > HmacSha384New, > > > > ... > > > > HmacSha384All, > > > > /// HKDF (continued): MinVersion 10 > > > > HkdfSha256Extract, > > > > ... > > > > HkdfSha384Expand, > > > > /// Aead Aes GCM: MinVersion 11 > > > > AeadAesGcmEncrypt, > > > > AeadAesGcmDecrypt, > > > > /// Big Numbers: MinVersion 12 > > > > BigNumInit, > > > > ... > > > > BigNumAddMod, > > > > /// EC: MinVersion 13 > > > > EcGroupInit, > > > > ... > > > > EcDhComputeKey, > > > > /// TLS (continued): MinVersion 14 > > > > TlsShutdown, > > > > ... > > > > TlsGetExportKey, > > > > /// Ec (Continued): MinVersion 15 > > > > EcGetPublicKeyFromX509, > > > > ... > > > > EcDsaVerify, > > > > /// X509 (Continued): MinVersion 16 > > > > X509GetVersion, > > > > ... > > > > X509GetExtendedBasicConstraints > > > > /// Others: MinVersion 7 > > > > > > > > Cc: Jiewen Yao > > > > > Cc: Jian J Wang > > > > > Cc: Xiaoyu Lu > > > > > Cc: Guomin Jiang > > > > > Signed-off-by: Yi Li > > > > > --- > > > > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 449 +++++++++-----= ---- > > > > .../BaseCryptLibOnProtocolPpi/DxeCryptLib.c | 9 - > > > > .../BaseCryptLibOnProtocolPpi/PeiCryptLib.c | 8 - > > > > .../BaseCryptLibOnProtocolPpi/SmmCryptLib.c | 9 - > > > > 4 files changed, 227 insertions(+), 248 deletions(-) > > > > > > > > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > > > index 4e31bc278e..e470a0f0d4 100644 > > > > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > > > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > > > @@ -24,18 +24,20 @@ > > > > @param Args The argument list to pass to Function. > > > > @param ErrorReturnValue The value to return if the protocol is= NULL > > or > > > > the > > > > service in the protocol is NULL. > > > > - > > > > -**/ > > > > -#define CALL_CRYPTO_SERVICE(Function, Args, ErrorReturnValue) > \ > > > > - do { = \ > > > > - EDKII_CRYPTO_PROTOCOL *CryptoServices; = \ > > > > - = \ > > > > - CryptoServices =3D (EDKII_CRYPTO_PROTOCOL *)GetCryptoServices = (); > > \ > > > > - if (CryptoServices !=3D NULL && CryptoServices->Function !=3D = NULL) { \ > > > > - return (CryptoServices->Function) Args; = \ > > > > - } = \ > > > > - CryptoServiceNotAvailable (#Function); = \ > > > > - return ErrorReturnValue; = \ > > > > + @param MinVersion The minimum protocol version that > supports > > > the > > > > API. > > > > + > > > > +**/ > > > > +#define CALL_CRYPTO_SERVICE(Function, Args, ErrorReturnValue, > > > > MinVersion) \ > > > > + do { = \ > > > > + EDKII_CRYPTO_PROTOCOL *CryptoServices; = \ > > > > + = \ > > > > + CryptoServices =3D (EDKII_CRYPTO_PROTOCOL *)GetCryptoServices = (); > > > \ > > > > + if (CryptoServices !=3D NULL && CryptoServices->Function !=3D = NULL && > > \ > > > > + CryptoServices->GetVersion () >=3D MinVersion) { = \ > > > > + return (CryptoServices->Function) Args; = \ > > > > + } = \ > > > > + CryptoServiceNotAvailable (#Function); = \ > > > > + return ErrorReturnValue; = \ > > > > } while (FALSE); > > > > > > > > /** > > > > @@ -45,14 +47,16 @@ > > > > > > > > @param Function Name of the EDK II Crypto Protocol ser= vice to > > call. > > > > @param Args The argument list to pass to Function. > > > > + @param MinVersion The minimum protocol version that > supports > > > the > > > > API. > > > > > > > > **/ > > > > -#define CALL_VOID_CRYPTO_SERVICE(Function, Args) = \ > > > > +#define CALL_VOID_CRYPTO_SERVICE(Function, Args, MinVersion) > > \ > > > > do { = \ > > > > EDKII_CRYPTO_PROTOCOL *CryptoServices; = \ > > > > = \ > > > > CryptoServices =3D (EDKII_CRYPTO_PROTOCOL *)GetCryptoServices = (); > \ > > > > - if (CryptoServices !=3D NULL && CryptoServices->Function !=3D = NULL) { \ > > > > + if (CryptoServices !=3D NULL && CryptoServices->Function !=3D = NULL && > \ > > > > + CryptoServices->GetVersion () >=3D MinVersion) { = \ > > > > (CryptoServices->Function) Args; = \ > > > > return; = \ > > > > } = \ > > > > @@ -116,7 +120,7 @@ Md5GetContextSize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Md5GetContextSize, (), 0); > > > > + CALL_CRYPTO_SERVICE (Md5GetContextSize, (), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -139,7 +143,7 @@ Md5Init ( > > > > OUT VOID *Md5Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Md5Init, (Md5Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Md5Init, (Md5Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -164,7 +168,7 @@ Md5Duplicate ( > > > > OUT VOID *NewMd5Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Md5Duplicate, (Md5Context, > NewMd5Context), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Md5Duplicate, (Md5Context, > > NewMd5Context), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -195,7 +199,7 @@ Md5Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Md5Update, (Md5Context, Data, DataSize), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Md5Update, (Md5Context, Data, DataSize), > > > FALSE, > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -227,7 +231,7 @@ Md5Final ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Md5Final, (Md5Context, HashValue), FALSE); > > > > + CALL_CRYPTO_SERVICE (Md5Final, (Md5Context, HashValue), FALSE, > 7); > > > > } > > > > > > > > /** > > > > @@ -256,7 +260,7 @@ Md5HashAll ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Md5HashAll, (Data, DataSize, HashValue), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Md5HashAll, (Data, DataSize, HashValue), > > FALSE, > > > > 7); > > > > } > > > > > > > > #endif > > > > @@ -278,7 +282,7 @@ Sha1GetContextSize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha1GetContextSize, (), 0); > > > > + CALL_CRYPTO_SERVICE (Sha1GetContextSize, (), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -301,7 +305,7 @@ Sha1Init ( > > > > OUT VOID *Sha1Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha1Init, (Sha1Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha1Init, (Sha1Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -326,7 +330,7 @@ Sha1Duplicate ( > > > > OUT VOID *NewSha1Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha1Duplicate, (Sha1Context, > > NewSha1Context), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha1Duplicate, (Sha1Context, > > NewSha1Context), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -357,7 +361,7 @@ Sha1Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha1Update, (Sha1Context, Data, DataSize), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha1Update, (Sha1Context, Data, DataSize), > > > FALSE, > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -389,7 +393,7 @@ Sha1Final ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha1Final, (Sha1Context, HashValue), FALSE)= ; > > > > + CALL_CRYPTO_SERVICE (Sha1Final, (Sha1Context, HashValue), FALSE, > > 7); > > > > } > > > > > > > > /** > > > > @@ -418,7 +422,7 @@ Sha1HashAll ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize, HashValue), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize, HashValue), > > FALSE, > > > > 7); > > > > } > > > > > > > > #endif > > > > @@ -435,7 +439,7 @@ Sha256GetContextSize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha256GetContextSize, (), 0); > > > > + CALL_CRYPTO_SERVICE (Sha256GetContextSize, (), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -456,7 +460,7 @@ Sha256Init ( > > > > OUT VOID *Sha256Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha256Init, (Sha256Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha256Init, (Sha256Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -481,7 +485,7 @@ Sha256Duplicate ( > > > > OUT VOID *NewSha256Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha256Duplicate, (Sha256Context, > > > > NewSha256Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha256Duplicate, (Sha256Context, > > > > NewSha256Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -510,7 +514,7 @@ Sha256Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha256Update, (Sha256Context, Data, > > DataSize), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha256Update, (Sha256Context, Data, > > DataSize), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -540,7 +544,7 @@ Sha256Final ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha256Final, (Sha256Context, HashValue), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha256Final, (Sha256Context, HashValue), > > FALSE, > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -569,7 +573,7 @@ Sha256HashAll ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha256HashAll, (Data, DataSize, HashValue), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha256HashAll, (Data, DataSize, HashValue), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -584,7 +588,7 @@ Sha384GetContextSize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha384GetContextSize, (), 0); > > > > + CALL_CRYPTO_SERVICE (Sha384GetContextSize, (), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -605,7 +609,7 @@ Sha384Init ( > > > > OUT VOID *Sha384Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha384Init, (Sha384Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha384Init, (Sha384Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -630,7 +634,7 @@ Sha384Duplicate ( > > > > OUT VOID *NewSha384Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha384Duplicate, (Sha384Context, > > > > NewSha384Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha384Duplicate, (Sha384Context, > > > > NewSha384Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -659,7 +663,7 @@ Sha384Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha384Update, (Sha384Context, Data, > > DataSize), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha384Update, (Sha384Context, Data, > > DataSize), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -689,7 +693,7 @@ Sha384Final ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha384Final, (Sha384Context, HashValue), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha384Final, (Sha384Context, HashValue), > > FALSE, > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -718,7 +722,7 @@ Sha384HashAll ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha384HashAll, (Data, DataSize, HashValue), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha384HashAll, (Data, DataSize, HashValue), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -733,7 +737,7 @@ Sha512GetContextSize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha512GetContextSize, (), 0); > > > > + CALL_CRYPTO_SERVICE (Sha512GetContextSize, (), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -754,7 +758,7 @@ Sha512Init ( > > > > OUT VOID *Sha512Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha512Init, (Sha512Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha512Init, (Sha512Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -779,7 +783,7 @@ Sha512Duplicate ( > > > > OUT VOID *NewSha512Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha512Duplicate, (Sha512Context, > > > > NewSha512Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha512Duplicate, (Sha512Context, > > > > NewSha512Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -808,7 +812,7 @@ Sha512Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha512Update, (Sha512Context, Data, > > DataSize), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha512Update, (Sha512Context, Data, > > DataSize), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -838,7 +842,7 @@ Sha512Final ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha512Final, (Sha512Context, HashValue), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha512Final, (Sha512Context, HashValue), > > FALSE, > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -867,7 +871,7 @@ Sha512HashAll ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sha512HashAll, (Data, DataSize, HashValue), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sha512HashAll, (Data, DataSize, HashValue), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -899,7 +903,7 @@ ParallelHash256HashAll ( > > > > IN UINTN CustomByteLen > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (ParallelHash256HashAll, (Input, InputByteLe= n, > > > > BlockSize, Output, OutputByteLen, Customization, CustomByteLen), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (ParallelHash256HashAll, (Input, > InputByteLen, > > > > BlockSize, Output, OutputByteLen, Customization, CustomByteLen), > FALSE, > > > 8); > > > > } > > > > > > > > /** > > > > @@ -914,7 +918,7 @@ Sm3GetContextSize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sm3GetContextSize, (), 0); > > > > + CALL_CRYPTO_SERVICE (Sm3GetContextSize, (), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -935,7 +939,7 @@ Sm3Init ( > > > > OUT VOID *Sm3Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sm3Init, (Sm3Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sm3Init, (Sm3Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -960,7 +964,7 @@ Sm3Duplicate ( > > > > OUT VOID *NewSm3Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sm3Duplicate, (Sm3Context, > NewSm3Context), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sm3Duplicate, (Sm3Context, > NewSm3Context), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -989,7 +993,7 @@ Sm3Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sm3Update, (Sm3Context, Data, DataSize), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sm3Update, (Sm3Context, Data, DataSize), > > > FALSE, > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -1019,7 +1023,7 @@ Sm3Final ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sm3Final, (Sm3Context, HashValue), FALSE); > > > > + CALL_CRYPTO_SERVICE (Sm3Final, (Sm3Context, HashValue), FALSE, > 7); > > > > } > > > > > > > > /** > > > > @@ -1048,7 +1052,7 @@ Sm3HashAll ( > > > > OUT UINT8 *HashValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Sm3HashAll, (Data, DataSize, HashValue), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Sm3HashAll, (Data, DataSize, HashValue), > > FALSE, > > > > 7); > > > > } > > > > > > > > // > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > @@ -1068,7 +1072,7 @@ HmacSha256New ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha256New, (), NULL); > > > > + CALL_CRYPTO_SERVICE (HmacSha256New, (), NULL, 7); > > > > } > > > > > > > > /** > > > > @@ -1083,7 +1087,7 @@ HmacSha256Free ( > > > > IN VOID *HmacSha256Ctx > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (HmacSha256Free, (HmacSha256Ctx)); > > > > + CALL_VOID_CRYPTO_SERVICE (HmacSha256Free, (HmacSha256Ctx), > 7); > > > > } > > > > > > > > /** > > > > @@ -1110,7 +1114,7 @@ HmacSha256SetKey ( > > > > IN UINTN KeySize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha256SetKey, (HmacSha256Context, > Key, > > > > KeySize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha256SetKey, (HmacSha256Context, > Key, > > > > KeySize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1135,7 +1139,7 @@ HmacSha256Duplicate ( > > > > OUT VOID *NewHmacSha256Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha256Duplicate, (HmacSha256Context, > > > > NewHmacSha256Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha256Duplicate, (HmacSha256Context, > > > > NewHmacSha256Context), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1166,7 +1170,7 @@ HmacSha256Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha256Update, (HmacSha256Context, > > Data, > > > > DataSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha256Update, (HmacSha256Context, > > > Data, > > > > DataSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1198,7 +1202,7 @@ HmacSha256Final ( > > > > OUT UINT8 *HmacValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, > > > > HmacValue), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha256Final, (HmacSha256Context, > > > > HmacValue), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1231,7 +1235,7 @@ HmacSha256All ( > > > > OUT UINT8 *HmacValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySiz= e, > > > > HmacValue), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha256All, (Data, DataSize, Key, KeySiz= e, > > > > HmacValue), FALSE, 9); > > > > } > > > > > > > > /** > > > > @@ -1247,7 +1251,7 @@ HmacSha384New ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL); > > > > + CALL_CRYPTO_SERVICE (HmacSha384New, (), NULL, 9); > > > > } > > > > > > > > /** > > > > @@ -1262,7 +1266,7 @@ HmacSha384Free ( > > > > IN VOID *HmacSha384Ctx > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx)); > > > > + CALL_VOID_CRYPTO_SERVICE (HmacSha384Free, (HmacSha384Ctx), > 9); > > > > } > > > > > > > > /** > > > > @@ -1289,7 +1293,7 @@ HmacSha384SetKey ( > > > > IN UINTN KeySize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, > Key, > > > > KeySize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha384SetKey, (HmacSha384Context, > Key, > > > > KeySize), FALSE, 9); > > > > } > > > > > > > > /** > > > > @@ -1314,7 +1318,7 @@ HmacSha384Duplicate ( > > > > OUT VOID *NewHmacSha384Context > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context, > > > > NewHmacSha384Context), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha384Duplicate, (HmacSha384Context, > > > > NewHmacSha384Context), FALSE, 9); > > > > } > > > > > > > > /** > > > > @@ -1345,7 +1349,7 @@ HmacSha384Update ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, > > Data, > > > > DataSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha384Update, (HmacSha384Context, > > > Data, > > > > DataSize), FALSE, 9); > > > > } > > > > > > > > /** > > > > @@ -1377,7 +1381,7 @@ HmacSha384Final ( > > > > OUT UINT8 *HmacValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context, > > > > HmacValue), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha384Final, (HmacSha384Context, > > > > HmacValue), FALSE, 9); > > > > } > > > > > > > > /** > > > > @@ -1410,7 +1414,7 @@ HmacSha384All ( > > > > OUT UINT8 *HmacValue > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySiz= e, > > > > HmacValue), FALSE); > > > > + CALL_CRYPTO_SERVICE (HmacSha384All, (Data, DataSize, Key, KeySiz= e, > > > > HmacValue), FALSE, 9); > > > > } > > > > > > > > // > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > @@ -1432,7 +1436,7 @@ AesGetContextSize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (AesGetContextSize, (), 0); > > > > + CALL_CRYPTO_SERVICE (AesGetContextSize, (), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -1465,7 +1469,7 @@ AesInit ( > > > > IN UINTN KeyLength > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALS= E); > > > > + CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALS= E, > > 7); > > > > } > > > > > > > > /** > > > > @@ -1507,7 +1511,7 @@ AesCbcEncrypt ( > > > > OUT UINT8 *Output > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (AesCbcEncrypt, (AesContext, Input, InputSiz= e, > > > Ivec, > > > > Output), FALSE); > > > > + CALL_CRYPTO_SERVICE (AesCbcEncrypt, (AesContext, Input, InputSiz= e, > > > Ivec, > > > > Output), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1549,7 +1553,7 @@ AesCbcDecrypt ( > > > > OUT UINT8 *Output > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSiz= e, > > > Ivec, > > > > Output), FALSE); > > > > + CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, > InputSize, > > > > Ivec, Output), FALSE, 7); > > > > } > > > > > > > > // > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > @@ -1597,7 +1601,7 @@ AeadAesGcmEncrypt ( > > > > OUT UINTN *DataOutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (AeadAesGcmEncrypt, (Key, KeySize, Iv, IvSiz= e, > > > > AData, ADataSize, DataIn, DataInSize, TagOut, TagSize, DataOut, > > > > DataOutSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (AeadAesGcmEncrypt, (Key, KeySize, Iv, IvSiz= e, > > > > AData, ADataSize, DataIn, DataInSize, TagOut, TagSize, DataOut, > > > > DataOutSize), FALSE, 11); > > > > } > > > > > > > > /** > > > > @@ -1642,7 +1646,7 @@ AeadAesGcmDecrypt ( > > > > OUT UINTN *DataOutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (AeadAesGcmDecrypt, (Key, KeySize, Iv, IvSiz= e, > > > > AData, ADataSize, DataIn, DataInSize, Tag, TagSize, DataOut, > > DataOutSize), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (AeadAesGcmDecrypt, (Key, KeySize, Iv, IvSiz= e, > > > > AData, ADataSize, DataIn, DataInSize, Tag, TagSize, DataOut, > > DataOutSize), > > > > FALSE, 11); > > > > } > > > > > > > > // > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > @@ -1662,7 +1666,7 @@ RsaNew ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaNew, (), NULL); > > > > + CALL_CRYPTO_SERVICE (RsaNew, (), NULL, 7); > > > > } > > > > > > > > /** > > > > @@ -1679,7 +1683,7 @@ RsaFree ( > > > > IN VOID *RsaContext > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (RsaFree, (RsaContext)); > > > > + CALL_VOID_CRYPTO_SERVICE (RsaFree, (RsaContext), 7); > > > > } > > > > > > > > /** > > > > @@ -1713,7 +1717,7 @@ RsaSetKey ( > > > > IN UINTN BnSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaSetKey, (RsaContext, KeyTag, BigNumber, > > > > BnSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaSetKey, (RsaContext, KeyTag, BigNumber, > > > > BnSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1753,7 +1757,7 @@ RsaGetKey ( > > > > IN OUT UINTN *BnSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaGetKey, (RsaContext, KeyTag, BigNumber, > > > > BnSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaGetKey, (RsaContext, KeyTag, BigNumber, > > > > BnSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1788,7 +1792,7 @@ RsaGenerateKey ( > > > > IN UINTN PublicExponentSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaGenerateKey, (RsaContext, > ModulusLength, > > > > PublicExponent, PublicExponentSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaGenerateKey, (RsaContext, > ModulusLength, > > > > PublicExponent, PublicExponentSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1818,7 +1822,7 @@ RsaCheckKey ( > > > > IN VOID *RsaContext > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaCheckKey, (RsaContext), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaCheckKey, (RsaContext), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1858,7 +1862,7 @@ RsaPkcs1Sign ( > > > > IN OUT UINTN *SigSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaPkcs1Sign, (RsaContext, MessageHash, > > > > HashSize, Signature, SigSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaPkcs1Sign, (RsaContext, MessageHash, > > > > HashSize, Signature, SigSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1890,7 +1894,7 @@ RsaPkcs1Verify ( > > > > IN UINTN SigSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaPkcs1Verify, (RsaContext, MessageHash, > > > > HashSize, Signature, SigSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaPkcs1Verify, (RsaContext, MessageHash, > > > > HashSize, Signature, SigSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1923,7 +1927,7 @@ RsaPssVerify ( > > > > IN UINT16 SaltLen > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaPssVerify, (RsaContext, Message, MsgSize= , > > > > Signature, SigSize, DigestLen, SaltLen), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaPssVerify, (RsaContext, Message, MsgSize= , > > > > Signature, SigSize, DigestLen, SaltLen), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1968,7 +1972,7 @@ RsaPssSign ( > > > > IN OUT UINTN *SigSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaPssSign, (RsaContext, Message, MsgSize, > > > > DigestLen, SaltLen, Signature, SigSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaPssSign, (RsaContext, Message, MsgSize, > > > > DigestLen, SaltLen, Signature, SigSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -1999,7 +2003,7 @@ RsaGetPrivateKeyFromPem ( > > > > OUT VOID **RsaContext > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaGetPrivateKeyFromPem, (PemData, > > PemSize, > > > > Password, RsaContext), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaGetPrivateKeyFromPem, (PemData, > > PemSize, > > > > Password, RsaContext), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2028,7 +2032,7 @@ RsaGetPublicKeyFromX509 ( > > > > OUT VOID **RsaContext > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RsaGetPublicKeyFromX509, (Cert, CertSize, > > > > RsaContext), FALSE); > > > > + CALL_CRYPTO_SERVICE (RsaGetPublicKeyFromX509, (Cert, CertSize, > > > > RsaContext), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2059,7 +2063,7 @@ X509GetSubjectName ( > > > > IN OUT UINTN *SubjectSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetSubjectName, (Cert, CertSize, > > > CertSubject, > > > > SubjectSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetSubjectName, (Cert, CertSize, > > > CertSubject, > > > > SubjectSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2097,7 +2101,7 @@ X509GetCommonName ( > > > > IN OUT UINTN *CommonNameSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetCommonName, (Cert, CertSize, > > > > CommonName, CommonNameSize), RETURN_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (X509GetCommonName, (Cert, CertSize, > > > > CommonName, CommonNameSize), RETURN_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -2135,7 +2139,7 @@ X509GetOrganizationName ( > > > > IN OUT UINTN *NameBufferSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetOrganizationName, (Cert, CertSize, > > > > NameBuffer, NameBufferSize), RETURN_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (X509GetOrganizationName, (Cert, CertSize, > > > > NameBuffer, NameBufferSize), RETURN_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -2165,7 +2169,7 @@ X509VerifyCert ( > > > > IN UINTN CACertSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509VerifyCert, (Cert, CertSize, CACert, > > > > CACertSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509VerifyCert, (Cert, CertSize, CACert, > > > > CACertSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2192,7 +2196,7 @@ X509ConstructCertificate ( > > > > OUT UINT8 **SingleX509Cert > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509ConstructCertificate, (Cert, CertSize, > > > > SingleX509Cert), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509ConstructCertificate, (Cert, CertSize, > > > > SingleX509Cert), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2256,7 +2260,7 @@ X509ConstructCertificateStackV ( > > > > IN VA_LIST Args > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509ConstructCertificateStackV, (X509Stack, > > > Args), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (X509ConstructCertificateStackV, (X509Stack, > > > Args), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2273,7 +2277,7 @@ X509Free ( > > > > IN VOID *X509Cert > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (X509Free, (X509Cert)); > > > > + CALL_VOID_CRYPTO_SERVICE (X509Free, (X509Cert), 7); > > > > } > > > > > > > > /** > > > > @@ -2290,7 +2294,7 @@ X509StackFree ( > > > > IN VOID *X509Stack > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (X509StackFree, (X509Stack)); > > > > + CALL_VOID_CRYPTO_SERVICE (X509StackFree, (X509Stack), 7); > > > > } > > > > > > > > /** > > > > @@ -2319,7 +2323,7 @@ X509GetTBSCert ( > > > > OUT UINTN *TBSCertSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetTBSCert, (Cert, CertSize, TBSCert, > > > > TBSCertSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetTBSCert, (Cert, CertSize, TBSCert, > > > > TBSCertSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2346,7 +2350,7 @@ X509GetVersion ( > > > > OUT UINTN *Version > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetVersion, (Cert, CertSize, Version), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetVersion, (Cert, CertSize, Version), > > FALSE, > > > > 16); > > > > } > > > > > > > > /** > > > > @@ -2381,7 +2385,7 @@ X509GetSerialNumber ( > > > > IN OUT UINTN *SerialNumberSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetSerialNumber, (Cert, CertSize, > > > > SerialNumber, SerialNumberSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetSerialNumber, (Cert, CertSize, > > > > SerialNumber, SerialNumberSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2412,7 +2416,7 @@ X509GetIssuerName ( > > > > IN OUT UINTN *CertIssuerSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetIssuerName, (Cert, CertSize, > CertIssuer, > > > > CertIssuerSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetIssuerName, (Cert, CertSize, > > CertIssuer, > > > > CertIssuerSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2442,7 +2446,7 @@ X509GetSignatureAlgorithm ( > > > > IN OUT UINTN *OidSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetSignatureAlgorithm, (Cert, CertSize, > > Oid, > > > > OidSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetSignatureAlgorithm, (Cert, CertSize, > > Oid, > > > > OidSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2476,7 +2480,7 @@ X509GetExtensionData ( > > > > IN OUT UINTN *ExtensionDataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetExtensionData, (Cert, CertSize, Oid, > > > > OidSize, ExtensionData, ExtensionDataSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetExtensionData, (Cert, CertSize, Oid, > > > > OidSize, ExtensionData, ExtensionDataSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2505,7 +2509,7 @@ X509GetExtendedKeyUsage ( > > > > IN OUT UINTN *UsageSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetExtendedKeyUsage, (Cert, CertSize, > > > Usage, > > > > UsageSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetExtendedKeyUsage, (Cert, CertSize, > > > Usage, > > > > UsageSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2540,7 +2544,7 @@ X509GetValidity ( > > > > IN OUT UINTN *ToSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetValidity, (Cert, CertSize, From, > > FromSize, > > > > To, ToSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetValidity, (Cert, CertSize, From, > > FromSize, > > > > To, ToSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2574,7 +2578,7 @@ X509FormatDateTime ( > > > > IN OUT UINTN *DateTimeSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509FormatDateTime, (DateTimeStr, > DateTime, > > > > DateTimeSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509FormatDateTime, (DateTimeStr, > DateTime, > > > > DateTimeSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2600,7 +2604,7 @@ X509CompareDateTime ( > > > > IN CONST VOID *DateTime2 > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509CompareDateTime, (DateTime1, > > > DateTime2), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (X509CompareDateTime, (DateTime1, > > > DateTime2), > > > > FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2622,7 +2626,7 @@ X509GetKeyUsage ( > > > > OUT UINTN *Usage > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetKeyUsage, (Cert, CertSize, Usage), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetKeyUsage, (Cert, CertSize, Usage), > > FALSE, > > > > 16); > > > > } > > > > > > > > /** > > > > @@ -2650,7 +2654,7 @@ X509VerifyCertChain ( > > > > IN UINTN CertChainLength > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509VerifyCertChain, (RootCert, > > RootCertLength, > > > > CertChain, CertChainLength), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509VerifyCertChain, (RootCert, > > RootCertLength, > > > > CertChain, CertChainLength), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2681,7 +2685,7 @@ X509GetCertFromCertChain ( > > > > OUT UINTN *CertLength > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetCertFromCertChain, (CertChain, > > > > CertChainLength, CertIndex, Cert, CertLength), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetCertFromCertChain, (CertChain, > > > > CertChainLength, CertIndex, Cert, CertLength), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2704,7 +2708,7 @@ Asn1GetTag ( > > > > IN UINT32 Tag > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Asn1GetTag, (Ptr, End, Length, Tag), FALSE)= ; > > > > + CALL_CRYPTO_SERVICE (Asn1GetTag, (Ptr, End, Length, Tag), FALSE, > 16); > > > > } > > > > > > > > /** > > > > @@ -2734,7 +2738,7 @@ X509GetExtendedBasicConstraints ( > > > > UINTN *BasicConstraintsSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (X509GetExtendedBasicConstraints, (Cert, > > > CertSize, > > > > BasicConstraints, BasicConstraintsSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (X509GetExtendedBasicConstraints, (Cert, > > > CertSize, > > > > BasicConstraints, BasicConstraintsSize), FALSE, 16); > > > > } > > > > > > > > /** > > > > @@ -2777,7 +2781,7 @@ Pkcs5HashPassword ( > > > > OUT UINT8 *OutKey > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Pkcs5HashPassword, (PasswordLength, > > > Password, > > > > SaltLength, Salt, IterationCount, DigestSize, KeyLength, OutKey), F= ALSE); > > > > + CALL_CRYPTO_SERVICE (Pkcs5HashPassword, (PasswordLength, > > > Password, > > > > SaltLength, Salt, IterationCount, DigestSize, KeyLength, OutKey), F= ALSE, > 7); > > > > } > > > > > > > > /** > > > > @@ -2822,7 +2826,7 @@ Pkcs1v2Encrypt ( > > > > OUT UINTN *EncryptedDataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Pkcs1v2Encrypt, (PublicKey, PublicKeySize, > > InData, > > > > InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSiz= e), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (Pkcs1v2Encrypt, (PublicKey, PublicKeySize, > > > InData, > > > > InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSiz= e), > > > > FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2862,7 +2866,7 @@ Pkcs7GetSigners ( > > > > OUT UINTN *CertLength > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Pkcs7GetSigners, (P7Data, P7Length, > CertStack, > > > > StackLength, TrustedCert, CertLength), FALSE); > > > > + CALL_CRYPTO_SERVICE (Pkcs7GetSigners, (P7Data, P7Length, > CertStack, > > > > StackLength, TrustedCert, CertLength), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2879,7 +2883,7 @@ Pkcs7FreeSigners ( > > > > IN UINT8 *Certs > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (Pkcs7FreeSigners, (Certs)); > > > > + CALL_VOID_CRYPTO_SERVICE (Pkcs7FreeSigners, (Certs), 7); > > > > } > > > > > > > > /** > > > > @@ -2915,7 +2919,7 @@ Pkcs7GetCertificatesList ( > > > > OUT UINTN *UnchainLength > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Pkcs7GetCertificatesList, (P7Data, P7Length= , > > > > SignerChainCerts, ChainLength, UnchainCerts, UnchainLength), FALSE)= ; > > > > + CALL_CRYPTO_SERVICE (Pkcs7GetCertificatesList, (P7Data, P7Length= , > > > > SignerChainCerts, ChainLength, UnchainCerts, UnchainLength), FALSE, > 7); > > > > } > > > > > > > > /** > > > > @@ -2959,7 +2963,7 @@ Pkcs7Sign ( > > > > OUT UINTN *SignedDataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Pkcs7Sign, (PrivateKey, PrivateKeySize, > > > > KeyPassword, InData, InDataSize, SignCert, OtherCerts, SignedData, > > > > SignedDataSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (Pkcs7Sign, (PrivateKey, PrivateKeySize, > > > > KeyPassword, InData, InDataSize, SignCert, OtherCerts, SignedData, > > > > SignedDataSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -2995,7 +2999,7 @@ Pkcs7Verify ( > > > > IN UINTN DataLength > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Pkcs7Verify, (P7Data, P7Length, TrustedCert= , > > > > CertLength, InData, DataLength), FALSE); > > > > + CALL_CRYPTO_SERVICE (Pkcs7Verify, (P7Data, P7Length, TrustedCert= , > > > > CertLength, InData, DataLength), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3040,7 +3044,7 @@ VerifyEKUsInPkcs7Signature ( > > > > IN BOOLEAN RequireAllPresent > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (VerifyEKUsInPkcs7Signature, (Pkcs7Signature= , > > > > SignatureSize, RequiredEKUs, RequiredEKUsSize, RequireAllPresent), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (VerifyEKUsInPkcs7Signature, (Pkcs7Signature= , > > > > SignatureSize, RequiredEKUs, RequiredEKUsSize, RequireAllPresent), > > FALSE, > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -3072,7 +3076,7 @@ Pkcs7GetAttachedContent ( > > > > OUT UINTN *ContentSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (Pkcs7GetAttachedContent, (P7Data, P7Length, > > > > Content, ContentSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (Pkcs7GetAttachedContent, (P7Data, > P7Length, > > > > Content, ContentSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3110,7 +3114,7 @@ AuthenticodeVerify ( > > > > IN UINTN HashSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (AuthenticodeVerify, (AuthData, DataSize, > > > > TrustedCert, CertSize, ImageHash, HashSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (AuthenticodeVerify, (AuthData, DataSize, > > > > TrustedCert, CertSize, ImageHash, HashSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3143,7 +3147,7 @@ ImageTimestampVerify ( > > > > OUT EFI_TIME *SigningTime > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (ImageTimestampVerify, (AuthData, DataSize, > > > > TsaCert, CertSize, SigningTime), FALSE); > > > > + CALL_CRYPTO_SERVICE (ImageTimestampVerify, (AuthData, DataSize, > > > > TsaCert, CertSize, SigningTime), FALSE, 7); > > > > } > > > > > > > > // > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > @@ -3164,7 +3168,7 @@ DhNew ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (DhNew, (), NULL); > > > > + CALL_CRYPTO_SERVICE (DhNew, (), NULL, 7); > > > > } > > > > > > > > /** > > > > @@ -3181,7 +3185,7 @@ DhFree ( > > > > IN VOID *DhContext > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (DhFree, (DhContext)); > > > > + CALL_VOID_CRYPTO_SERVICE (DhFree, (DhContext), 7); > > > > } > > > > > > > > /** > > > > @@ -3217,7 +3221,7 @@ DhGenerateParameter ( > > > > OUT UINT8 *Prime > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (DhGenerateParameter, (DhContext, > Generator, > > > > PrimeLength, Prime), FALSE); > > > > + CALL_CRYPTO_SERVICE (DhGenerateParameter, (DhContext, > Generator, > > > > PrimeLength, Prime), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3252,7 +3256,7 @@ DhSetParameter ( > > > > IN CONST UINT8 *Prime > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (DhSetParameter, (DhContext, Generator, > > > > PrimeLength, Prime), FALSE); > > > > + CALL_CRYPTO_SERVICE (DhSetParameter, (DhContext, Generator, > > > > PrimeLength, Prime), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3287,7 +3291,7 @@ DhGenerateKey ( > > > > IN OUT UINTN *PublicKeySize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (DhGenerateKey, (DhContext, PublicKey, > > > > PublicKeySize), FALSE); > > > > + CALL_CRYPTO_SERVICE (DhGenerateKey, (DhContext, PublicKey, > > > > PublicKeySize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3326,7 +3330,7 @@ DhComputeKey ( > > > > IN OUT UINTN *KeySize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (DhComputeKey, (DhContext, PeerPublicKey, > > > > PeerPublicKeySize, Key, KeySize), FALSE); > > > > + CALL_CRYPTO_SERVICE (DhComputeKey, (DhContext, PeerPublicKey, > > > > PeerPublicKeySize, Key, KeySize), FALSE, 7); > > > > } > > > > > > > > // > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > @@ -3358,7 +3362,7 @@ RandomSeed ( > > > > IN UINTN SeedSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RandomSeed, (Seed, SeedSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (RandomSeed, (Seed, SeedSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3382,7 +3386,7 @@ RandomBytes ( > > > > IN UINTN Size > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (RandomBytes, (Output, Size), FALSE); > > > > + CALL_CRYPTO_SERVICE (RandomBytes, (Output, Size), FALSE, 7); > > > > } > > > > > > > > // > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > @@ -3418,7 +3422,7 @@ HkdfSha256ExtractAndExpand ( > > > > IN UINTN OutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, > > > Salt, > > > > SaltSize, Info, InfoSize, Out, OutSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, (Key, KeySize, > > > Salt, > > > > SaltSize, Info, InfoSize, Out, OutSize), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3446,7 +3450,7 @@ HkdfSha256Extract ( > > > > UINTN PrkOutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, > SaltSize, > > > > PrkOut, PrkOutSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HkdfSha256Extract, (Key, KeySize, Salt, > SaltSize, > > > > PrkOut, PrkOutSize), FALSE, 10); > > > > } > > > > > > > > /** > > > > @@ -3474,7 +3478,7 @@ HkdfSha256Expand ( > > > > IN UINTN OutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, > InfoSize, > > > > Out, OutSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HkdfSha256Expand, (Prk, PrkSize, Info, > > InfoSize, > > > > Out, OutSize), FALSE, 10); > > > > } > > > > > > > > /** > > > > @@ -3506,7 +3510,7 @@ HkdfSha384ExtractAndExpand ( > > > > IN UINTN OutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, > > > Salt, > > > > SaltSize, Info, InfoSize, Out, OutSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HkdfSha384ExtractAndExpand, (Key, KeySize, > > > Salt, > > > > SaltSize, Info, InfoSize, Out, OutSize), FALSE, 10); > > > > } > > > > > > > > /** > > > > @@ -3534,7 +3538,7 @@ HkdfSha384Extract ( > > > > UINTN PrkOutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, > SaltSize, > > > > PrkOut, PrkOutSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HkdfSha384Extract, (Key, KeySize, Salt, > SaltSize, > > > > PrkOut, PrkOutSize), FALSE, 10); > > > > } > > > > > > > > /** > > > > @@ -3562,7 +3566,7 @@ HkdfSha384Expand ( > > > > IN UINTN OutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, > InfoSize, > > > > Out, OutSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (HkdfSha384Expand, (Prk, PrkSize, Info, > > InfoSize, > > > > Out, OutSize), FALSE, 10); > > > > } > > > > > > > > /** > > > > @@ -3582,7 +3586,7 @@ TlsInitialize ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsInitialize, (), FALSE); > > > > + CALL_CRYPTO_SERVICE (TlsInitialize, (), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3597,7 +3601,7 @@ TlsCtxFree ( > > > > IN VOID *TlsCtx > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (TlsCtxFree, (TlsCtx)); > > > > + CALL_VOID_CRYPTO_SERVICE (TlsCtxFree, (TlsCtx), 7); > > > > } > > > > > > > > /** > > > > @@ -3618,7 +3622,7 @@ TlsCtxNew ( > > > > IN UINT8 MinorVer > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsCtxNew, (MajorVer, MinorVer), NULL); > > > > + CALL_CRYPTO_SERVICE (TlsCtxNew, (MajorVer, MinorVer), NULL, 7); > > > > } > > > > > > > > /** > > > > @@ -3636,7 +3640,7 @@ TlsFree ( > > > > IN VOID *Tls > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (TlsFree, (Tls)); > > > > + CALL_VOID_CRYPTO_SERVICE (TlsFree, (Tls), 7); > > > > } > > > > > > > > /** > > > > @@ -3658,7 +3662,7 @@ TlsNew ( > > > > IN VOID *TlsCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsNew, (TlsCtx), NULL); > > > > + CALL_CRYPTO_SERVICE (TlsNew, (TlsCtx), NULL, 7); > > > > } > > > > > > > > /** > > > > @@ -3678,7 +3682,7 @@ TlsInHandshake ( > > > > IN VOID *Tls > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsInHandshake, (Tls), FALSE); > > > > + CALL_CRYPTO_SERVICE (TlsInHandshake, (Tls), FALSE, 7); > > > > } > > > > > > > > /** > > > > @@ -3717,7 +3721,7 @@ TlsDoHandshake ( > > > > IN OUT UINTN *BufferOutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsDoHandshake, (Tls, BufferIn, BufferInSiz= e, > > > > BufferOut, BufferOutSize), EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsDoHandshake, (Tls, BufferIn, BufferInSiz= e, > > > > BufferOut, BufferOutSize), EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -3755,7 +3759,7 @@ TlsHandleAlert ( > > > > IN OUT UINTN *BufferOutSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsHandleAlert, (Tls, BufferIn, BufferInSiz= e, > > > > BufferOut, BufferOutSize), EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsHandleAlert, (Tls, BufferIn, BufferInSiz= e, > > > > BufferOut, BufferOutSize), EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -3784,7 +3788,7 @@ TlsCloseNotify ( > > > > IN OUT UINTN *BufferSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsCloseNotify, (Tls, Buffer, BufferSize), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsCloseNotify, (Tls, Buffer, BufferSize), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -3809,7 +3813,7 @@ TlsCtrlTrafficOut ( > > > > IN UINTN BufferSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsCtrlTrafficOut, (Tls, Buffer, BufferSize= ), 0); > > > > + CALL_CRYPTO_SERVICE (TlsCtrlTrafficOut, (Tls, Buffer, BufferSize= ), 0, > 7); > > > > } > > > > > > > > /** > > > > @@ -3834,7 +3838,7 @@ TlsCtrlTrafficIn ( > > > > IN UINTN BufferSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsCtrlTrafficIn, (Tls, Buffer, BufferSize)= , 0); > > > > + CALL_CRYPTO_SERVICE (TlsCtrlTrafficIn, (Tls, Buffer, BufferSize)= , 0, 7); > > > > } > > > > > > > > /** > > > > @@ -3860,7 +3864,7 @@ TlsRead ( > > > > IN UINTN BufferSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsRead, (Tls, Buffer, BufferSize), 0); > > > > + CALL_CRYPTO_SERVICE (TlsRead, (Tls, Buffer, BufferSize), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -3886,7 +3890,7 @@ TlsWrite ( > > > > IN UINTN BufferSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0); > > > > + CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -3908,7 +3912,7 @@ TlsShutdown ( > > > > IN VOID *Tls > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED, 14); > > > > } > > > > > > > > /** > > > > @@ -3933,7 +3937,7 @@ TlsSetVersion ( > > > > IN UINT8 MinorVer > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetVersion, (Tls, MajorVer, MinorVer), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetVersion, (Tls, MajorVer, MinorVer), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -3956,7 +3960,7 @@ TlsSetConnectionEnd ( > > > > IN BOOLEAN IsServer > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetConnectionEnd, (Tls, IsServer), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetConnectionEnd, (Tls, IsServer), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -3985,7 +3989,7 @@ TlsSetCipherList ( > > > > IN UINTN CipherNum > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetCipherList, (Tls, CipherId, CipherNum= ), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetCipherList, (Tls, CipherId, CipherNum= ), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4006,7 +4010,7 @@ TlsSetCompressionMethod ( > > > > IN UINT8 CompMethod > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetCompressionMethod, (CompMethod), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetCompressionMethod, (CompMethod), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4025,7 +4029,7 @@ TlsSetVerify ( > > > > IN UINT32 VerifyMode > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (TlsSetVerify, (Tls, VerifyMode)); > > > > + CALL_VOID_CRYPTO_SERVICE (TlsSetVerify, (Tls, VerifyMode), 7); > > > > } > > > > > > > > /** > > > > @@ -4048,7 +4052,7 @@ TlsSetVerifyHost ( > > > > IN CHAR8 *HostName > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetVerifyHost, (Tls, Flags, HostName), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetVerifyHost, (Tls, Flags, HostName), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4074,7 +4078,7 @@ TlsSetSessionId ( > > > > IN UINT16 SessionIdLen > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetSessionId, (Tls, SessionId, SessionId= Len), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetSessionId, (Tls, SessionId, > SessionIdLen), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4102,7 +4106,7 @@ TlsSetCaCertificate ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetCaCertificate, (Tls, Data, DataSize), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetCaCertificate, (Tls, Data, DataSize), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4130,7 +4134,7 @@ TlsSetHostPublicCert ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetHostPublicCert, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetHostPublicCert, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4160,7 +4164,7 @@ TlsSetHostPrivateKeyEx ( > > > > IN VOID *Password OPTIONAL > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSiz= e, > > > > Password), EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSiz= e, > > > > Password), EFI_UNSUPPORTED, 14); > > > > } > > > > > > > > /** > > > > @@ -4187,7 +4191,7 @@ TlsSetHostPrivateKey ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetHostPrivateKey, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetHostPrivateKey, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED, 14); > > > > } > > > > > > > > /** > > > > @@ -4211,7 +4215,7 @@ TlsSetCertRevocationList ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4239,7 +4243,7 @@ TlsSetSignatureAlgoList ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSi= ze), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSi= ze), > > > > EFI_UNSUPPORTED, 14); > > > > } > > > > > > > > /** > > > > @@ -4264,7 +4268,7 @@ TlsSetEcCurve ( > > > > IN UINTN DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSi= ze), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsSetEcCurve, (Tls, Data, DataSize), > > > > EFI_UNSUPPORTED, 14); > > > > } > > > > > > > > /** > > > > @@ -4286,7 +4290,7 @@ TlsGetVersion ( > > > > IN VOID *Tls > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetVersion, (Tls), 0); > > > > + CALL_CRYPTO_SERVICE (TlsGetVersion, (Tls), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -4308,7 +4312,7 @@ TlsGetConnectionEnd ( > > > > IN VOID *Tls > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetConnectionEnd, (Tls), 0); > > > > + CALL_CRYPTO_SERVICE (TlsGetConnectionEnd, (Tls), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -4332,7 +4336,7 @@ TlsGetCurrentCipher ( > > > > IN OUT UINT16 *CipherId > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetCurrentCipher, (Tls, CipherId), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetCurrentCipher, (Tls, CipherId), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4358,7 +4362,7 @@ TlsGetCurrentCompressionId ( > > > > IN OUT UINT8 *CompressionId > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetCurrentCompressionId, (Tls, > > > CompressionId), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetCurrentCompressionId, (Tls, > > > > CompressionId), EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4380,7 +4384,7 @@ TlsGetVerify ( > > > > IN VOID *Tls > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetVerify, (Tls), 0); > > > > + CALL_CRYPTO_SERVICE (TlsGetVerify, (Tls), 0, 7); > > > > } > > > > > > > > /** > > > > @@ -4406,7 +4410,7 @@ TlsGetSessionId ( > > > > IN OUT UINT16 *SessionIdLen > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetSessionId, (Tls, SessionId, > SessionIdLen), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetSessionId, (Tls, SessionId, > SessionIdLen), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4427,7 +4431,7 @@ TlsGetClientRandom ( > > > > IN OUT UINT8 *ClientRandom > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (TlsGetClientRandom, (Tls, > > ClientRandom)); > > > > + CALL_VOID_CRYPTO_SERVICE (TlsGetClientRandom, (Tls, > > ClientRandom), > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -4448,7 +4452,7 @@ TlsGetServerRandom ( > > > > IN OUT UINT8 *ServerRandom > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (TlsGetServerRandom, (Tls, > > > ServerRandom)); > > > > + CALL_VOID_CRYPTO_SERVICE (TlsGetServerRandom, (Tls, > > > ServerRandom), > > > > 7); > > > > } > > > > > > > > /** > > > > @@ -4472,7 +4476,7 @@ TlsGetKeyMaterial ( > > > > IN OUT UINT8 *KeyMaterial > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetKeyMaterial, (Tls, KeyMaterial), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetKeyMaterial, (Tls, KeyMaterial), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4499,7 +4503,7 @@ TlsGetCaCertificate ( > > > > IN OUT UINTN *DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetCaCertificate, (Tls, Data, DataSize), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetCaCertificate, (Tls, Data, DataSize), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4527,7 +4531,7 @@ TlsGetHostPublicCert ( > > > > IN OUT UINTN *DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetHostPublicCert, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetHostPublicCert, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4554,7 +4558,7 @@ TlsGetHostPrivateKey ( > > > > IN OUT UINTN *DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetHostPrivateKey, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetHostPrivateKey, (Tls, Data, DataSize)= , > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4579,7 +4583,7 @@ TlsGetCertRevocationList ( > > > > IN OUT UINTN *DataSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), > > > > EFI_UNSUPPORTED); > > > > + CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), > > > > EFI_UNSUPPORTED, 7); > > > > } > > > > > > > > /** > > > > @@ -4615,7 +4619,8 @@ TlsGetExportKey ( > > > > TlsGetExportKey, > > > > (Tls, Label, Context, ContextLen, > > > > KeyBuffer, KeyBufferLen), > > > > - EFI_UNSUPPORTED > > > > + EFI_UNSUPPORTED, > > > > + 14 > > > > ); > > > > } > > > > > > > > @@ -4634,7 +4639,7 @@ BigNumInit ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumInit, (), NULL); > > > > + CALL_CRYPTO_SERVICE (BigNumInit, (), NULL, 12); > > > > } > > > > > > > > /** > > > > @@ -4652,7 +4657,7 @@ BigNumFromBin ( > > > > IN UINTN Len > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumFromBin, (Buf, Len), NULL); > > > > + CALL_CRYPTO_SERVICE (BigNumFromBin, (Buf, Len), NULL, 12); > > > > } > > > > > > > > /** > > > > @@ -4671,7 +4676,7 @@ BigNumToBin ( > > > > OUT UINT8 *Buf > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumToBin, (Bn, Buf), -1); > > > > + CALL_CRYPTO_SERVICE (BigNumToBin, (Bn, Buf), -1, 12); > > > > } > > > > > > > > /** > > > > @@ -4687,7 +4692,7 @@ BigNumFree ( > > > > IN BOOLEAN Clear > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (BigNumFree, (Bn, Clear)); > > > > + CALL_VOID_CRYPTO_SERVICE (BigNumFree, (Bn, Clear), 12); > > > > } > > > > > > > > /** > > > > @@ -4710,7 +4715,7 @@ BigNumAdd ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumAdd, (BnA, BnB, BnRes), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumAdd, (BnA, BnB, BnRes), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -4733,7 +4738,7 @@ BigNumSub ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumSub, (BnA, BnB, BnRes), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumSub, (BnA, BnB, BnRes), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -4756,7 +4761,7 @@ BigNumMod ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumMod, (BnA, BnB, BnRes), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumMod, (BnA, BnB, BnRes), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -4781,7 +4786,7 @@ BigNumExpMod ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumExpMod, (BnA, BnP, BnM, BnRes), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumExpMod, (BnA, BnP, BnM, BnRes), > > FALSE, > > > > 12); > > > > } > > > > > > > > /** > > > > @@ -4804,7 +4809,7 @@ BigNumInverseMod ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumInverseMod, (BnA, BnM, BnRes), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumInverseMod, (BnA, BnM, BnRes), > FALSE, > > > > 12); > > > > } > > > > > > > > /** > > > > @@ -4827,7 +4832,7 @@ BigNumDiv ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumDiv, (BnA, BnB, BnRes), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumDiv, (BnA, BnB, BnRes), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -4852,7 +4857,7 @@ BigNumMulMod ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumMulMod, (BnA, BnB, BnM, BnRes), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumMulMod, (BnA, BnB, BnM, BnRes), > > FALSE, > > > > 12); > > > > } > > > > > > > > /** > > > > @@ -4872,7 +4877,7 @@ BigNumCmp ( > > > > IN CONST VOID *BnB > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumCmp, (BnA, BnB), 0); > > > > + CALL_CRYPTO_SERVICE (BigNumCmp, (BnA, BnB), 0, 12); > > > > } > > > > > > > > /** > > > > @@ -4888,7 +4893,7 @@ BigNumBits ( > > > > IN CONST VOID *Bn > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumBits, (Bn), 0); > > > > + CALL_CRYPTO_SERVICE (BigNumBits, (Bn), 0, 12); > > > > } > > > > > > > > /** > > > > @@ -4904,7 +4909,7 @@ BigNumBytes ( > > > > IN CONST VOID *Bn > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumBytes, (Bn), 0); > > > > + CALL_CRYPTO_SERVICE (BigNumBytes, (Bn), 0, 12); > > > > } > > > > > > > > /** > > > > @@ -4923,7 +4928,7 @@ BigNumIsWord ( > > > > IN UINTN Num > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumIsWord, (Bn, Num), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumIsWord, (Bn, Num), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -4940,7 +4945,7 @@ BigNumIsOdd ( > > > > IN CONST VOID *Bn > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumIsOdd, (Bn), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumIsOdd, (Bn), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -4959,7 +4964,7 @@ BigNumCopy ( > > > > IN CONST VOID *BnSrc > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumCopy, (BnDst, BnSrc), NULL); > > > > + CALL_CRYPTO_SERVICE (BigNumCopy, (BnDst, BnSrc), NULL, 12); > > > > } > > > > > > > > /** > > > > @@ -4974,7 +4979,7 @@ BigNumValueOne ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumValueOne, (), NULL); > > > > + CALL_CRYPTO_SERVICE (BigNumValueOne, (), NULL, 12); > > > > } > > > > > > > > /** > > > > @@ -4997,7 +5002,7 @@ BigNumRShift ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumRShift, (Bn, N, BnRes), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumRShift, (Bn, N, BnRes), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -5013,7 +5018,7 @@ BigNumConstTime ( > > > > IN VOID *Bn > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (BigNumConstTime, (Bn)); > > > > + CALL_VOID_CRYPTO_SERVICE (BigNumConstTime, (Bn), 12); > > > > } > > > > > > > > /** > > > > @@ -5036,7 +5041,7 @@ BigNumSqrMod ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumSqrMod, (BnA, BnM, BnRes), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumSqrMod, (BnA, BnM, BnRes), FALSE, > > 12); > > > > } > > > > > > > > /** > > > > @@ -5052,7 +5057,7 @@ BigNumNewContext ( > > > > VOID > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumNewContext, (), NULL); > > > > + CALL_CRYPTO_SERVICE (BigNumNewContext, (), NULL, 12); > > > > } > > > > > > > > /** > > > > @@ -5066,7 +5071,7 @@ BigNumContextFree ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (BigNumContextFree, (BnCtx)); > > > > + CALL_VOID_CRYPTO_SERVICE (BigNumContextFree, (BnCtx), 12); > > > > } > > > > > > > > /** > > > > @@ -5085,7 +5090,7 @@ BigNumSetUint ( > > > > IN UINTN Val > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumSetUint, (Bn, Val), FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumSetUint, (Bn, Val), FALSE, 12); > > > > } > > > > > > > > /** > > > > @@ -5108,7 +5113,7 @@ BigNumAddMod ( > > > > OUT VOID *BnRes > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (BigNumAddMod, (BnA, BnB, BnM, BnRes), > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (BigNumAddMod, (BnA, BnB, BnM, BnRes), > > > FALSE, > > > > 12); > > > > } > > > > > > > > /** > > > > @@ -5128,7 +5133,7 @@ EcGroupInit ( > > > > IN UINTN CryptoNid > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcGroupInit, (CryptoNid), NULL); > > > > + CALL_CRYPTO_SERVICE (EcGroupInit, (CryptoNid), NULL, 13); > > > > } > > > > > > > > /** > > > > @@ -5156,7 +5161,7 @@ EcGroupGetCurve ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcGroupGetCurve, (EcGroup, BnPrime, BnA, > > BnB, > > > > BnCtx), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcGroupGetCurve, (EcGroup, BnPrime, BnA, > > BnB, > > > > BnCtx), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5178,7 +5183,7 @@ EcGroupGetOrder ( > > > > OUT VOID *BnOrder > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcGroupGetOrder, (EcGroup, BnOrder), > FALSE); > > > > + CALL_CRYPTO_SERVICE (EcGroupGetOrder, (EcGroup, BnOrder), > FALSE, > > > 13); > > > > } > > > > > > > > /** > > > > @@ -5192,7 +5197,7 @@ EcGroupFree ( > > > > IN VOID *EcGroup > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (EcGroupFree, (EcGroup)); > > > > + CALL_VOID_CRYPTO_SERVICE (EcGroupFree, (EcGroup), 13); > > > > } > > > > > > > > /** > > > > @@ -5210,7 +5215,7 @@ EcPointInit ( > > > > IN CONST VOID *EcGroup > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointInit, (EcGroup), NULL); > > > > + CALL_CRYPTO_SERVICE (EcPointInit, (EcGroup), NULL, 13); > > > > } > > > > > > > > /** > > > > @@ -5226,7 +5231,7 @@ EcPointDeInit ( > > > > IN BOOLEAN Clear > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (EcPointDeInit, (EcPoint, Clear)); > > > > + CALL_VOID_CRYPTO_SERVICE (EcPointDeInit, (EcPoint, Clear), 13); > > > > } > > > > > > > > /** > > > > @@ -5254,7 +5259,7 @@ EcPointGetAffineCoordinates ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointGetAffineCoordinates, (EcGroup, > > EcPoint, > > > > BnX, BnY, BnCtx), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointGetAffineCoordinates, (EcGroup, > > EcPoint, > > > > BnX, BnY, BnCtx), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5279,7 +5284,7 @@ EcPointSetAffineCoordinates ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointSetAffineCoordinates, (EcGroup, > > EcPoint, > > > > BnX, BnY, BnCtx), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointSetAffineCoordinates, (EcGroup, > > EcPoint, > > > > BnX, BnY, BnCtx), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5305,7 +5310,7 @@ EcPointAdd ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointAdd, (EcGroup, EcPointResult, > EcPointA, > > > > EcPointB, BnCtx), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointAdd, (EcGroup, EcPointResult, > EcPointA, > > > > EcPointB, BnCtx), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5331,7 +5336,7 @@ EcPointMul ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointMul, (EcGroup, EcPointResult, EcPoin= t, > > > > BnPScalar, BnCtx), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointMul, (EcGroup, EcPointResult, EcPoin= t, > > > > BnPScalar, BnCtx), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5352,7 +5357,7 @@ EcPointInvert ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointInvert, (EcGroup, EcPoint, BnCtx), > > FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointInvert, (EcGroup, EcPoint, BnCtx), > > FALSE, > > > > 13); > > > > } > > > > > > > > /** > > > > @@ -5373,7 +5378,7 @@ EcPointIsOnCurve ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointIsOnCurve, (EcGroup, EcPoint, BnCtx)= , > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointIsOnCurve, (EcGroup, EcPoint, BnCtx)= , > > > > FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5392,7 +5397,7 @@ EcPointIsAtInfinity ( > > > > IN CONST VOID *EcPoint > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointIsAtInfinity, (EcGroup, EcPoint), > FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointIsAtInfinity, (EcGroup, EcPoint), FA= LSE, > > > 13); > > > > } > > > > > > > > /** > > > > @@ -5415,7 +5420,7 @@ EcPointEqual ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointEqual, (EcGroup, EcPointA, EcPointB, > > > > BnCtx), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointEqual, (EcGroup, EcPointA, EcPointB, > > > > BnCtx), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5445,7 +5450,7 @@ EcPointSetCompressedCoordinates ( > > > > IN VOID *BnCtx > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcPointSetCompressedCoordinates, (EcGroup, > > > > EcPoint, BnX, YBit, BnCtx), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcPointSetCompressedCoordinates, > (EcGroup, > > > > EcPoint, BnX, YBit, BnCtx), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5462,7 +5467,7 @@ EcNewByNid ( > > > > IN UINTN Nid > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcNewByNid, (Nid), NULL); > > > > + CALL_CRYPTO_SERVICE (EcNewByNid, (Nid), NULL, 13); > > > > } > > > > > > > > /** > > > > @@ -5476,7 +5481,7 @@ EcFree ( > > > > IN VOID *EcContext > > > > ) > > > > { > > > > - CALL_VOID_CRYPTO_SERVICE (EcFree, (EcContext)); > > > > + CALL_VOID_CRYPTO_SERVICE (EcFree, (EcContext), 13); > > > > } > > > > > > > > /** > > > > @@ -5513,7 +5518,7 @@ EcGenerateKey ( > > > > IN OUT UINTN *PublicKeySize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcGenerateKey, (EcContext, PublicKey, > > > > PublicKeySize), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcGenerateKey, (EcContext, PublicKey, > > > > PublicKeySize), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5538,7 +5543,7 @@ EcGetPubKey ( > > > > IN OUT UINTN *PublicKeySize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcGetPubKey, (EcContext, PublicKey, > > > PublicKeySize), > > > > FALSE); > > > > + CALL_CRYPTO_SERVICE (EcGetPubKey, (EcContext, PublicKey, > > > > PublicKeySize), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5577,7 +5582,7 @@ EcDhComputeKey ( > > > > IN OUT UINTN *KeySize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcDhComputeKey, (EcContext, PeerPublic, > > > > PeerPublicSize, CompressFlag, Key, KeySize), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcDhComputeKey, (EcContext, PeerPublic, > > > > PeerPublicSize, CompressFlag, Key, KeySize), FALSE, 13); > > > > } > > > > > > > > /** > > > > @@ -5604,7 +5609,7 @@ EcGetPublicKeyFromX509 ( > > > > OUT VOID **EcContext > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcGetPublicKeyFromX509, (Cert, CertSize, > > > > EcContext), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcGetPublicKeyFromX509, (Cert, CertSize, > > > > EcContext), FALSE, 15); > > > > } > > > > > > > > /** > > > > @@ -5633,7 +5638,7 @@ EcGetPrivateKeyFromPem ( > > > > OUT VOID **EcContext > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcGetPrivateKeyFromPem, (PemData, > PemSize, > > > > Password, EcContext), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcGetPrivateKeyFromPem, (PemData, > PemSize, > > > > Password, EcContext), FALSE, 15); > > > > } > > > > > > > > /** > > > > @@ -5676,7 +5681,7 @@ EcDsaSign ( > > > > IN OUT UINTN *SigSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcDsaSign, (EcContext, HashNid, > MessageHash, > > > > HashSize, Signature, SigSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcDsaSign, (EcContext, HashNid, > MessageHash, > > > > HashSize, Signature, SigSize), FALSE, 15); > > > > } > > > > > > > > /** > > > > @@ -5713,5 +5718,5 @@ EcDsaVerify ( > > > > IN UINTN SigSize > > > > ) > > > > { > > > > - CALL_CRYPTO_SERVICE (EcDsaVerify, (EcContext, HashNid, > > MessageHash, > > > > HashSize, Signature, SigSize), FALSE); > > > > + CALL_CRYPTO_SERVICE (EcDsaVerify, (EcContext, HashNid, > > MessageHash, > > > > HashSize, Signature, SigSize), FALSE, 15); > > > > } > > > > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLi= b.c > > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c > > > > index dc7527bb01..fe9cdc0d4d 100644 > > > > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c > > > > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c > > > > @@ -49,7 +49,6 @@ DxeCryptLibConstructor ( > > > > ) > > > > { > > > > EFI_STATUS Status; > > > > - UINTN Version; > > > > > > > > Status =3D gBS->LocateProtocol ( > > > > &gEdkiiCryptoProtocolGuid, > > > > @@ -65,13 +64,5 @@ DxeCryptLibConstructor ( > > > > return EFI_NOT_FOUND; > > > > } > > > > > > > > - Version =3D mCryptoProtocol->GetVersion (); > > > > - if (Version < EDKII_CRYPTO_VERSION) { > > > > - DEBUG ((DEBUG_ERROR, "[DxeCryptLib] Crypto Protocol > unsupported > > > > version %d\n", Version)); > > > > - ASSERT (Version >=3D EDKII_CRYPTO_VERSION); > > > > - mCryptoProtocol =3D NULL; > > > > - return EFI_NOT_FOUND; > > > > - } > > > > - > > > > return EFI_SUCCESS; > > > > } > > > > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLi= b.c > > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c > > > > index 51f858302f..6ad1d3afe0 100644 > > > > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c > > > > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c > > > > @@ -30,7 +30,6 @@ GetCryptoServices ( > > > > { > > > > EFI_STATUS Status; > > > > EDKII_CRYPTO_PPI *CryptoPpi; > > > > - UINTN Version; > > > > > > > > CryptoPpi =3D NULL; > > > > Status =3D PeiServicesLocatePpi ( > > > > @@ -46,12 +45,5 @@ GetCryptoServices ( > > > > return NULL; > > > > } > > > > > > > > - Version =3D CryptoPpi->GetVersion (); > > > > - if (Version < EDKII_CRYPTO_VERSION) { > > > > - DEBUG ((DEBUG_ERROR, "[PeiCryptLib] Crypto PPI unsupported > > > > version %d\n", Version)); > > > > - ASSERT (Version >=3D EDKII_CRYPTO_VERSION); > > > > - return NULL; > > > > - } > > > > - > > > > return (VOID *)CryptoPpi; > > > > } > > > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c > > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c > > > > index be0f44e63b..6c7c75c8a7 100644 > > > > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c > > > > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c > > > > @@ -52,7 +52,6 @@ SmmCryptLibConstructor ( > > > > ) > > > > { > > > > EFI_STATUS Status; > > > > - UINTN Version; > > > > > > > > Status =3D gSmst->SmmLocateProtocol ( > > > > &gEdkiiSmmCryptoProtocolGuid, > > > > @@ -67,13 +66,5 @@ SmmCryptLibConstructor ( > > > > return EFI_NOT_FOUND; > > > > } > > > > > > > > - Version =3D mSmmCryptoProtocol->GetVersion (); > > > > - if (Version < EDKII_CRYPTO_VERSION) { > > > > - DEBUG ((DEBUG_ERROR, "[SmmCryptLib] Crypto SMM Protocol > > > > unsupported version %d\n", Version)); > > > > - ASSERT (Version >=3D EDKII_CRYPTO_VERSION); > > > > - mSmmCryptoProtocol =3D NULL; > > > > - return EFI_NOT_FOUND; > > > > - } > > > > - > > > > return EFI_SUCCESS; > > > > } > > > > -- > > > > 2.31.1.windows.1 > > > > > > > > > > > > > > > > > > > > > > > > > > > >=20 > > --_000_SJ1PR11MB62271C043A341470AF6A12F0C5FB9SJ1PR11MB6227namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Sorry, there may be a misunderstanding here, 'lat= est platform code' means 'EDK2 in latest platform code'.

 

CyptoBin is not the only consideration, CyptoCons= umer will statically link other EDK2 libraries, such as MemoryLib, PrintLib= , which prefer to use the latest EDK2 code, because it may contain importan= t bug fixes.

 

Compatibility is not a big problem since most lib= raries use static linking.

 

If Crypto Protocol can be backward compatible, th= e development of features will be more independent, and they can be directl= y developed based on the latest EDK2 without considering the platform code.=

 

Thanks,

Yi

 

-----Original Message-----
From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Friday, January 6, 2023 11:20 PM
To: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@= intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Kinney, Michae= l D <michael.d.kinney@intel.com>
Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service API = backward compatible

 

> The developers of CryptoConsumer always buil= d binary based on latest platform code.

 

If so, how you guarantee the compatibility betwee= n CryptoConsumer and old other platform code?

 

The saftest way is always to build CryptoConsumer= with old platform, then replace it with the one in the old platform.<= /o:p>

 

 

 

> -----Original Message-----

> From: Li, Yi1 <yi1.li@inte= l.com>

> Sent: Friday, January 6, 2023 11:09 PM<= /o:p>

> To: Yao, Jiewen <jiewe= n.yao@intel.com>; devel@edk2.groups.io

> Cc: Wang, Jian J <jia= n.j.wang@intel.com>; Lu, Xiaoyu1

> <= xiaoyu1.lu@intel.com<= /span>>; Jiang, Guomin <guomin.jiang@intel.c= om>; Kinney,

> Michael D <micha= el.d.kinney@intel.com>

> Subject: RE: [edk2-devel] [PATCH 1/1] Crypto= Pkg: Make Protocol Service API

> backward compatible

>

> >However, I am still not sure why the Cry= ptoConsumer need link a higher

> version CryptoLib wrapper, if it wants to wo= rk with old CryptoBin.

>

> The developers of CryptoConsumer always buil= d binary based on latest

> platform code.

> They prefer to keep the integrity of the pla= tform code instead of changing the

> CryptoLib wrapper.

>

> The result is that there will be two binarie= s on the old platform and the new

> platform.

>

> Thanks,

> Yi

>

> -----Original Message-----

> From: Yao, Jiewen <jie= wen.yao@intel.com>

> Sent: Friday, January 6, 2023 8:14 PM

> To: = devel@edk2.groups.io<= /span>; Yao, Jiewen <jiewen.yao@intel.com<= /a>>; Li, Yi1

> <yi1.li@intel.com>

> Cc: Wang, Jian J <jia= n.j.wang@intel.com>; Lu, Xiaoyu1

> <= xiaoyu1.lu@intel.com<= /span>>; Jiang, Guomin <guomin.jiang@intel.c= om>; Kinney,

> Michael D <micha= el.d.kinney@intel.com>

> Subject: RE: [edk2-devel] [PATCH 1/1] Crypto= Pkg: Make Protocol Service API

> backward compatible

>

> Hi Yi

> I believe I have some misunderstanding, afte= r I read the definition again.

> According to

> https://github.com/ti= anocore/edk2/blob/master/CryptoPkg/Private/Protocol

> /Crypto.h#L24, the version means "The v= ersion of the EDK II Crypto

> Protocol."

> It is not the version of the implementation.= As such, my comment on bug fix

> does not stand. I am sorry to bring the conf= using.

> With that, I don’t have a super strong= reason to reject, so far.

>

> However, I am still not sure why the CryptoC= onsumer need link a higher

> version CryptoLib wrapper, if it wants to wo= rk with old CryptoBin.

>

> Thank you

> Yao, Jiewen

>

>

>

> > -----Original Message-----

> > From: devel@edk2.gro= ups.io <devel@edk2.groups.io&= gt; On Behalf Of Yao,

> > Jiewen

> > Sent: Friday, January 6, 2023 7:21 PM

> > To: Li, Yi1 <yi1.li@i= ntel.com>; devel@edk2.groups.io

> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1

> > <xiaoyu1.lu@intel= .com>; Jiang, Guomin <guomin.jiang@in= tel.com>; Kinney,

> > Michael D <= michael.d.kinney@intel.com>

> > Subject: Re: [edk2-devel] [PATCH 1/1] C= ryptoPkg: Make Protocol Service API

> > backward compatible

> >

> > Perhaps we can ask developers to update= the minimum version of

> CyptoAPI

> > after bug or security fixes.=

> >

> > [Jiewen] First, this is a new requireme= nt. Hard to enforce.

> > Second, if you do this, then you *may* = need update the CryptoBin, if

> > CryptoConsumer is updated.

> > Third, it is hard to determine *when* t= o upgrade the MinVersion,

> especially

> > when a bug fix is in the dependency mod= ule. For example, the code in

> > CryptoPkg does not update, but the MdeP= kg update, which may cause the

> > CryptoBin update. Should we update MinV= ersion? It will bring a burden to

> > the one who maintains the MinVersion.

> >

> > I believe it will create more potential= compatibility problem.

> >

> >

> > One more question:

> > If you want to update CryptoConsumer, b= ut keep CryptoBin. Why you want

> > to link a higher version of CryptoLib w= rapper? Why not use the old version

> > CryptoLib wrapper?

> >

> > Thank you

> > Yao, Jiewen

> >

> > > -----Original Message-----

> > > From: Li, Yi1 <y= i1.li@intel.com>

> > > Sent: Friday, January 6, 2023 7:07= PM

> > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io

> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1

> > > <xiaoyu1.lu@= intel.com>; Jiang, Guomin <guomin.jia= ng@intel.com>;

> Kinney,

> > > Michael D <michael.d.kinney@intel.com>

> > > Subject: RE: [edk2-devel] [PATCH 1= /1] CryptoPkg: Make Protocol Service

> API

> > > backward compatible

> > >

> > > Hi Jiewen,

> > >

> > > Thanks for feedback.

> > >

> > > >If you can upgrade the CryptoC= onsumer, why not upgrade the CryptoBin

> > at

> > > the same time?

> > >

> > > 1. CryptoConsumer and CryptoBin ar= e usually delivered by different

> people.

> > > For example, some features that re= quire CryptoBin are responsible for by

> > an

> > > independent team, but Cyptobin is = responsible for the platform as part of

> > > the platform firmware.<= /p>

> > >

> > > 2. In the actual development proce= ss, the update of CryptoBin is often

> > > difficult due to reasons such as b= inary size or freeze of platform code,

> > > especially on older platforms, whi= ch will cause the feature development

> > > team to have to maintain multiple = feature versions based on different

> EDK2

> > > CyptoPkg.

> > >

> > > > But it is NOT TRUE, if you ca= re the implementation of API. Maybe the

> > higher

> > > version of an API fixed some bug, = or add some new features.

> > >

> > > Perhaps we can ask developers to u= pdate the minimum version of

> > CyptoAPI

> > > after bug or security fixes.<= /o:p>

> > >

> > > Thanks,

> > > Yi

> > >

> > > -----Original Message-----

> > > From: Yao, Jiewen <jiewen.yao@intel.com>

> > > Sent: Friday, January 6, 2023 6:06= PM

> > > To: Li, Yi1 <yi1= .li@intel.com>; devel@edk2.groups.io

> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1

> > > <xiaoyu1.lu@= intel.com>; Jiang, Guomin <guomin.jia= ng@intel.com>;

> Kinney,

> > > Michael D <michael.d.kinney@intel.com>

> > > Subject: RE: [edk2-devel] [PATCH 1= /1] CryptoPkg: Make Protocol Service

> API

> > > backward compatible

> > >

> > > Thanks Yi.

> > > You raised a very interesting ques= tion.

> > >

> > > + Mike Kinney, to comment from the= requirement perspective.

> > >

> > > The original design is very simple= : CryptoBin.Version >=3D

> > > CryptoConsumer.Version.=

> > >

> > > Now you want to handle the case th= at: CryptoConsumer.Version >

> > > CryptoBin.Version, but the CryptoC= onsumer.Api is already present in

> > > CryptoBin.Api.

> > > To me, the hidden assumption is th= at: As long as an API is present, it will

> be

> > > used. The version of the API is no= t cared.

> > >

> > > This is only TRUE, if you only car= e the API is present or absent.

> > > But it is NOT TRUE, if you care th= e implementation of API. Maybe the

> higher

> > > version of an API fixed some bug, = or add some new features.

> > >

> > > I believe this is very dangerous d= owngrade. I don't recommend we do it.

> > > Mike, what do you think?

> > >

> > > Question to Yi: If you can upgrade= the CryptoConsumer, why not upgrade

> > the

> > > CryptoBin at the same time?

> > >

> > > Thank you

> > > Yao, Jiewen

> > >

> > > > -----Original Message-----

> > > > From: Li, Yi1 <yi1.li@intel.com>

> > > > Sent: Wednesday, January 4, 2= 023 10:03 AM

> > > > To: devel@= edk2.groups.io; Li, Yi1 <= yi1.li@intel.com>

> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J

> > > > <jian.= j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1= .lu@intel.com>; Jiang,

> > > > Guomin <guomin.jiang@intel.com>

> > > > Subject: RE: [edk2-devel] [PA= TCH 1/1] CryptoPkg: Make Protocol Service

> > API

> > > > backward compatible

> > > >

> > > > Hi, any comments about this B= Z and patch?

> > > > Code link: https://github.com/ti= anocore/edk2/pull/3787

> > > >

> > > > -----Original Message-----

> > > > From: deve= l@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li,

> Yi

> > > > Sent: Monday, December 19, 20= 22 2:24 PM

> > > > To: devel@= edk2.groups.io

> > > > Cc: Li, Yi1 <yi1.li@intel.com>; Yao, Jiewen <jiewe= n.yao@intel.com>;

> Wang,

> > > > Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <= xiaoyu1.lu@intel.com>;

> > Jiang,

> > > > Guomin <guomin.jiang@intel.com>

> > > > Subject: [edk2-devel] [PATCH = 1/1] CryptoPkg: Make Protocol Service API

> > > > backward compatible

> > > >

> > > > REF: https://bugzilla.tian= ocore.org/show_bug.cgi?id=3D4197

> > > >

> > > > Using older Crypto protocol w= ill be allowed.

> > > > Each function wrapper will be= annotated to require a minimum

> required

> > > > version of the crypto protoco= l and assert if called when the version is

> > > > not compatible.

> > > > Ths minimum version difined a= s the version when the API was

> introduced.

> > > > Details:

> > > > ///Parallel hash: MinVersion = 8

> > > >   ParallelHash256Ha= shAll,

> > > > /// HMAC SHA256 (continued): = MinVersion 9

> > > >   HmacSha256All,

> > > > /// HMAC SHA384: MinVersion 9=

> > > >   HmacSha384New,

> > > >   ...

> > > >   HmacSha384All,

> > > > /// HKDF (continued): MinVers= ion 10

> > > >   HkdfSha256Extract= ,

> > > >   ...

> > > >   HkdfSha384Expand,=

> > > > /// Aead Aes GCM: MinVersion = 11

> > > >   AeadAesGcmEncrypt= ,

> > > >   AeadAesGcmDecrypt= ,

> > > > /// Big Numbers: MinVersion 1= 2

> > > >   BigNumInit,<= /o:p>

> > > >   ...

> > > >   BigNumAddMod,

> > > > /// EC: MinVersion 13

> > > >   EcGroupInit,=

> > > >   ...

> > > >   EcDhComputeKey,

> > > > /// TLS (continued): MinVersi= on 14

> > > >   TlsShutdown,=

> > > >   ...

> > > >   TlsGetExportKey,<= o:p>

> > > > /// Ec (Continued): MinVersio= n 15

> > > >   EcGetPublicKeyFro= mX509,

> > > >   ...

> > > >   EcDsaVerify,=

> > > > /// X509 (Continued): MinVers= ion 16

> > > >   X509GetVersion,

> > > >   ...

> > > >   X509GetExtendedBa= sicConstraints

> > > > /// Others: MinVersion 7=

> > > >

> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>

> > > > Cc: Jian J Wang <jian.j.wang@intel.com>

> > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>

> > > > Cc: Guomin Jiang <guomin.jiang@intel.com>

> > > > Signed-off-by: Yi Li <yi1.li@intel.com>

> > > > ---

> > > >  .../BaseCryptLibOnProto= colPpi/CryptLib.c      | 449 +++++++++---------

> > > >  .../BaseCryptLibOnProto= colPpi/DxeCryptLib.c   |   9 -

> > > >  .../BaseCryptLibOnProto= colPpi/PeiCryptLib.c   |   8 -

> > > >  .../BaseCryptLibOnProto= colPpi/SmmCryptLib.c   |   9 -

> > > >  4 files changed, 227 in= sertions(+), 248 deletions(-)

> > > >

> > > > diff --git a/CryptoPkg/Librar= y/BaseCryptLibOnProtocolPpi/CryptLib.c

> > > > b/CryptoPkg/Library/BaseCrypt= LibOnProtocolPpi/CryptLib.c

> > > > index 4e31bc278e..e470a0f0d4 = 100644

> > > > --- a/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/CryptLib.c

> > > > +++ b/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/CryptLib.c

> > > > @@ -24,18 +24,20 @@

> > > >    @param &nbs= p;Args           &nb= sp;  The argument list to pass to Function.

> > > >    @param = ; ErrorReturnValue  The value to return if the protocol is NULL

> > or

> > > > the

> > > >     =             &nb= sp;            servi= ce in the protocol is NULL.

> > > > -

> > > > -**/

> > > > -#define CALL_CRYPTO_SERVICE(= Function, Args, ErrorReturnValue)

> \

> > > > -  do {   = ;            &n= bsp;            = ;            &n= bsp;            = ;            \<= /o:p>

> > > > -    EDKII_CRY= PTO_PROTOCOL  *CryptoServices;      &nbs= p;            &= nbsp;        \

> > > > -    &nbs= p;             =             &nb= sp;            =             &nb= sp;            =    \

> > > > -    CryptoSer= vices =3D (EDKII_CRYPTO_PROTOCOL *)GetCryptoServices ();

> > \

> > > > -    if (Crypt= oServices !=3D NULL && CryptoServices->Function !=3D NULL) {&nbs= p; \

> > > > -    &nbs= p; return (CryptoServices->Function) Args;     =             &nb= sp;        \

> > > > -    } &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;  \

> > > > -    CryptoSer= viceNotAvailable (#Function);       &nbs= p;            &= nbsp;        \

> > > > -    return Er= rorReturnValue;          =             &nb= sp;            =         \

> > > > +  @param  MinVersi= on        The minimum protocol version t= hat

> supports

> > > the

> > > > API.

> > > > +

> > > > +**/

> > > > +#define CALL_CRYPTO_SERVICE(= Function, Args, ErrorReturnValue,

> > > > MinVersion) \

> > > > +  do {   = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;  \

> > > > +    EDKII_CRY= PTO_PROTOCOL  *CryptoServices;      &nbs= p;            &= nbsp;           \

> > > > +    &nbs= p;            &= nbsp;           &nbs= p;             =             &nb= sp;            =       \

> > > > +    CryptoSer= vices =3D (EDKII_CRYPTO_PROTOCOL *)GetCryptoServices ();

> > > \

> > > > +    if (Crypt= oServices !=3D NULL && CryptoServices->Function !=3D NULL &&= amp;

> > \

> > > > +    &nbs= p;   CryptoServices->GetVersion () >=3D MinVersion) { =             &nb= sp;      \

> > > > +    &nbs= p; return (CryptoServices->Function) Args;     =             &nb= sp;           \

> > > > +    } &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;     \

> > > > +    CryptoSer= viceNotAvailable (#Function);       &nbs= p;            &= nbsp;           \

> > > > +    return Er= rorReturnValue;          =             &nb= sp;            =            \

> > > >    } while (FA= LSE);

> > > >

> > > >  /**

> > > > @@ -45,14 +47,16 @@

> > > >

> > > >    @param = ; Function          Name of th= e EDK II Crypto Protocol service to

> > call.

> > > >    @param = ; Args           &nb= sp;  The argument list to pass to Function.

> > > > +  @param  MinVersi= on        The minimum protocol version t= hat

> supports

> > > the

> > > > API.

> > > >

> > > >  **/

> > > > -#define CALL_VOID_CRYPTO_SER= VICE(Function, Args)         &= nbsp;           &nbs= p; \

> > > > +#define CALL_VOID_CRYPTO_SER= VICE(Function, Args, MinVersion)

> > \

> > > >    do { &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;             =             &nb= sp;\

> > > >     = EDKII_CRYPTO_PROTOCOL  *CryptoServices;     =             &nb= sp;          \

> > > >     =             &nb= sp;            =             &nb= sp;            =             &nb= sp;     \

> > > >     = CryptoServices =3D (EDKII_CRYPTO_PROTOCOL *)GetCryptoServices ();

> \

> > > > -    if (Crypt= oServices !=3D NULL && CryptoServices->Function !=3D NULL) {&nbs= p; \

> > > > +    if (Crypt= oServices !=3D NULL && CryptoServices->Function !=3D NULL &&= amp;

> \

> > > > +    &nbs= p;   CryptoServices->GetVersion () >=3D MinVersion) { =             &nb= sp;   \

> > > >     =    (CryptoServices->Function) Args;    &nb= sp;            =             &nb= sp;   \

> > > >     =    return;         &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;           \=

> > > >     = }            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;   \

> > > > @@ -116,7 +120,7 @@ Md5GetCon= textSize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Md5GetContextSize, (), 0);

> > > > +  CALL_CRYPTO_SERVICE (= Md5GetContextSize, (), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -139,7 +143,7 @@ Md5Init (=

> > > >    OUT  V= OID  *Md5Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Md5Init, (Md5Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Md5Init, (Md5Context), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -164,7 +168,7 @@ Md5Duplic= ate (

> > > >    OUT  V= OID        *NewMd5Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Md5Duplicate, (Md5Context,

> NewMd5Context),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Md5Duplicate, (Md5Context,

> > NewMd5Context),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -195,7 +199,7 @@ Md5Update= (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Md5Update, (Md5Context, Data, DataSize),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Md5Update, (Md5Context, Data, DataSize),

> > > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -227,7 +231,7 @@ Md5Final = (

> > > >    OUT &n= bsp;   UINT8  *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Md5Final, (Md5Context, HashValue), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Md5Final, (Md5Context, HashValue), FALSE,

> 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -256,7 +260,7 @@ Md5HashAl= l (

> > > >    OUT  U= INT8       *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Md5HashAll, (Data, DataSize, HashValue),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Md5HashAll, (Data, DataSize, HashValue),

> > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  #endif

> > > > @@ -278,7 +282,7 @@ Sha1GetCo= ntextSize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha1GetContextSize, (), 0);

> > > > +  CALL_CRYPTO_SERVICE (= Sha1GetContextSize, (), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -301,7 +305,7 @@ Sha1Init = (

> > > >    OUT  V= OID  *Sha1Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha1Init, (Sha1Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha1Init, (Sha1Context), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -326,7 +330,7 @@ Sha1Dupli= cate (

> > > >    OUT  V= OID        *NewSha1Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha1Duplicate, (Sha1Context,

> > NewSha1Context),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha1Duplicate, (Sha1Context,

> > NewSha1Context),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -357,7 +361,7 @@ Sha1Updat= e (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha1Update, (Sha1Context, Data, DataSize),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha1Update, (Sha1Context, Data, DataSize),

> > > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -389,7 +393,7 @@ Sha1Final= (

> > > >    OUT &n= bsp;   UINT8  *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha1Final, (Sha1Context, HashValue), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha1Final, (Sha1Context, HashValue), FALSE,

> > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -418,7 +422,7 @@ Sha1HashA= ll (

> > > >    OUT  U= INT8       *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha1HashAll, (Data, DataSize, HashValue),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha1HashAll, (Data, DataSize, HashValue),

> > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  #endif

> > > > @@ -435,7 +439,7 @@ Sha256Get= ContextSize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha256GetContextSize, (), 0);

> > > > +  CALL_CRYPTO_SERVICE (= Sha256GetContextSize, (), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -456,7 +460,7 @@ Sha256Ini= t (

> > > >    OUT  V= OID  *Sha256Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha256Init, (Sha256Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha256Init, (Sha256Context), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -481,7 +485,7 @@ Sha256Dup= licate (

> > > >    OUT  V= OID        *NewSha256Context<= /p>

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha256Duplicate, (Sha256Context,

> > > > NewSha256Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha256Duplicate, (Sha256Context,

> > > > NewSha256Context), FALSE, 7);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -510,7 +514,7 @@ Sha256Upd= ate (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha256Update, (Sha256Context, Data,

> > DataSize),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha256Update, (Sha256Context, Data,

> > DataSize),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -540,7 +544,7 @@ Sha256Fin= al (

> > > >    OUT &n= bsp;   UINT8  *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha256Final, (Sha256Context, HashValue),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha256Final, (Sha256Context, HashValue),

> > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -569,7 +573,7 @@ Sha256Has= hAll (

> > > >    OUT  U= INT8       *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha256HashAll, (Data, DataSize, HashValue),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha256HashAll, (Data, DataSize, HashValue),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -584,7 +588,7 @@ Sha384Get= ContextSize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha384GetContextSize, (), 0);

> > > > +  CALL_CRYPTO_SERVICE (= Sha384GetContextSize, (), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -605,7 +609,7 @@ Sha384Ini= t (

> > > >    OUT  V= OID  *Sha384Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha384Init, (Sha384Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha384Init, (Sha384Context), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -630,7 +634,7 @@ Sha384Dup= licate (

> > > >    OUT  V= OID        *NewSha384Context<= /p>

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha384Duplicate, (Sha384Context,

> > > > NewSha384Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha384Duplicate, (Sha384Context,

> > > > NewSha384Context), FALSE, 7);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -659,7 +663,7 @@ Sha384Upd= ate (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha384Update, (Sha384Context, Data,

> > DataSize),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha384Update, (Sha384Context, Data,

> > DataSize),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -689,7 +693,7 @@ Sha384Fin= al (

> > > >    OUT &n= bsp;   UINT8  *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha384Final, (Sha384Context, HashValue),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha384Final, (Sha384Context, HashValue),

> > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -718,7 +722,7 @@ Sha384Has= hAll (

> > > >    OUT  U= INT8       *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha384HashAll, (Data, DataSize, HashValue),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha384HashAll, (Data, DataSize, HashValue),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -733,7 +737,7 @@ Sha512Get= ContextSize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha512GetContextSize, (), 0);

> > > > +  CALL_CRYPTO_SERVICE (= Sha512GetContextSize, (), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -754,7 +758,7 @@ Sha512Ini= t (

> > > >    OUT  V= OID  *Sha512Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha512Init, (Sha512Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha512Init, (Sha512Context), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -779,7 +783,7 @@ Sha512Dup= licate (

> > > >    OUT  V= OID        *NewSha512Context<= /p>

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha512Duplicate, (Sha512Context,

> > > > NewSha512Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha512Duplicate, (Sha512Context,

> > > > NewSha512Context), FALSE, 7);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -808,7 +812,7 @@ Sha512Upd= ate (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha512Update, (Sha512Context, Data,

> > DataSize),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha512Update, (Sha512Context, Data,

> > DataSize),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -838,7 +842,7 @@ Sha512Fin= al (

> > > >    OUT &n= bsp;   UINT8  *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha512Final, (Sha512Context, HashValue),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha512Final, (Sha512Context, HashValue),

> > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -867,7 +871,7 @@ Sha512Has= hAll (

> > > >    OUT  U= INT8       *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sha512HashAll, (Data, DataSize, HashValue),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sha512HashAll, (Data, DataSize, HashValue),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -899,7 +903,7 @@ ParallelH= ash256HashAll (

> > > >    IN &nb= sp;     UINTN  CustomByteLen

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= ParallelHash256HashAll, (Input, InputByteLen,

> > > > BlockSize, Output, OutputByte= Len, Customization, CustomByteLen),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= ParallelHash256HashAll, (Input,

> InputByteLen,

> > > > BlockSize, Output, OutputByte= Len, Customization, CustomByteLen),

> FALSE,

> > > 8);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -914,7 +918,7 @@ Sm3GetCon= textSize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sm3GetContextSize, (), 0);

> > > > +  CALL_CRYPTO_SERVICE (= Sm3GetContextSize, (), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -935,7 +939,7 @@ Sm3Init (=

> > > >    OUT  V= OID  *Sm3Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sm3Init, (Sm3Context), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sm3Init, (Sm3Context), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -960,7 +964,7 @@ Sm3Duplic= ate (

> > > >    OUT  V= OID        *NewSm3Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sm3Duplicate, (Sm3Context,

> NewSm3Context),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sm3Duplicate, (Sm3Context,

> NewSm3Context),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -989,7 +993,7 @@ Sm3Update= (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sm3Update, (Sm3Context, Data, DataSize),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sm3Update, (Sm3Context, Data, DataSize),

> > > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1019,7 +1023,7 @@ Sm3Fina= l (

> > > >    OUT &n= bsp;   UINT8  *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sm3Final, (Sm3Context, HashValue), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sm3Final, (Sm3Context, HashValue), FALSE,

> 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1048,7 +1052,7 @@ Sm3Hash= All (

> > > >    OUT  U= INT8       *HashValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Sm3HashAll, (Data, DataSize, HashValue),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Sm3HashAll, (Data, DataSize, HashValue),

> > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  //

> > > >

> > >

> >

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

> > > > @@ -1068,7 +1072,7 @@ HmacSha= 256New (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha256New, (), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha256New, (), NULL, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1083,7 +1087,7 @@ HmacSha= 256Free (

> > > >    IN  VO= ID  *HmacSha256Ctx

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (HmacSha256Free, (HmacSha256Ctx));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (HmacSha256Free, (HmacSha256Ctx),

> 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1110,7 +1114,7 @@ HmacSha= 256SetKey (

> > > >    IN &nb= sp; UINTN        KeySize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha256SetKey, (HmacSha256Context,

> Key,

> > > > KeySize), FALSE);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha256SetKey, (HmacSha256Context,

> Key,

> > > > KeySize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1135,7 +1139,7 @@ HmacSha= 256Duplicate (

> > > >    OUT  V= OID        *NewHmacSha256Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha256Duplicate, (HmacSha256Context,

> > > > NewHmacSha256Context), FALSE)= ;

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha256Duplicate, (HmacSha256Context,

> > > > NewHmacSha256Context), FALSE,= 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1166,7 +1170,7 @@ HmacSha= 256Update (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha256Update, (HmacSha256Context,

> > Data,

> > > > DataSize), FALSE);=

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha256Update, (HmacSha256Context,

> > > Data,

> > > > DataSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1198,7 +1202,7 @@ HmacSha= 256Final (

> > > >    OUT &n= bsp;   UINT8  *HmacValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha256Final, (HmacSha256Context,

> > > > HmacValue), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha256Final, (HmacSha256Context,

> > > > HmacValue), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1231,7 +1235,7 @@ HmacSha= 256All (

> > > >    OUT  U= INT8        *HmacValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha256All, (Data, DataSize, Key, KeySize,

> > > > HmacValue), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha256All, (Data, DataSize, Key, KeySize,

> > > > HmacValue), FALSE, 9);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1247,7 +1251,7 @@ HmacSha= 384New (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha384New, (), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha384New, (), NULL, 9);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1262,7 +1266,7 @@ HmacSha= 384Free (

> > > >    IN  VO= ID  *HmacSha384Ctx

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (HmacSha384Free, (HmacSha384Ctx));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (HmacSha384Free, (HmacSha384Ctx),

> 9);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1289,7 +1293,7 @@ HmacSha= 384SetKey (

> > > >    IN &nb= sp; UINTN        KeySize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha384SetKey, (HmacSha384Context,

> Key,

> > > > KeySize), FALSE);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha384SetKey, (HmacSha384Context,

> Key,

> > > > KeySize), FALSE, 9);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1314,7 +1318,7 @@ HmacSha= 384Duplicate (

> > > >    OUT  V= OID        *NewHmacSha384Context

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha384Duplicate, (HmacSha384Context,

> > > > NewHmacSha384Context), FALSE)= ;

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha384Duplicate, (HmacSha384Context,

> > > > NewHmacSha384Context), FALSE,= 9);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1345,7 +1349,7 @@ HmacSha= 384Update (

> > > >    IN &nb= sp;    UINTN       DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha384Update, (HmacSha384Context,

> > Data,

> > > > DataSize), FALSE);=

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha384Update, (HmacSha384Context,

> > > Data,

> > > > DataSize), FALSE, 9);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1377,7 +1381,7 @@ HmacSha= 384Final (

> > > >    OUT &n= bsp;   UINT8  *HmacValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha384Final, (HmacSha384Context,

> > > > HmacValue), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha384Final, (HmacSha384Context,

> > > > HmacValue), FALSE, 9);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1410,7 +1414,7 @@ HmacSha= 384All (

> > > >    OUT  U= INT8        *HmacValue

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HmacSha384All, (Data, DataSize, Key, KeySize,

> > > > HmacValue), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HmacSha384All, (Data, DataSize, Key, KeySize,

> > > > HmacValue), FALSE, 9);

> > > >  }

> > > >

> > > >  //

> > > >

> > >

> >

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

> > > > @@ -1432,7 +1436,7 @@ AesGetC= ontextSize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= AesGetContextSize, (), 0);

> > > > +  CALL_CRYPTO_SERVICE (= AesGetContextSize, (), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1465,7 +1469,7 @@ AesInit= (

> > > >    IN &nb= sp; UINTN        KeyLength

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= AesInit, (AesContext, Key, KeyLength), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= AesInit, (AesContext, Key, KeyLength), FALSE,

> > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1507,7 +1511,7 @@ AesCbcE= ncrypt (

> > > >    OUT  U= INT8        *Output

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= AesCbcEncrypt, (AesContext, Input, InputSize,

> > > Ivec,

> > > > Output), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= AesCbcEncrypt, (AesContext, Input, InputSize,

> > > Ivec,

> > > > Output), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1549,7 +1553,7 @@ AesCbcD= ecrypt (

> > > >    OUT  U= INT8        *Output

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= AesCbcDecrypt, (AesContext, Input, InputSize,

> > > Ivec,

> > > > Output), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= AesCbcDecrypt, (AesContext, Input,

> InputSize,

> > > > Ivec, Output), FALSE, 7);

> > > >  }

> > > >

> > > >  //

> > > >

> > >

> >

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

> > > > @@ -1597,7 +1601,7 @@ AeadAes= GcmEncrypt (

> > > >    OUT  U= INTN        *DataOutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= AeadAesGcmEncrypt, (Key, KeySize, Iv, IvSize,

> > > > AData, ADataSize, DataIn, Dat= aInSize, TagOut, TagSize, DataOut,

> > > > DataOutSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= AeadAesGcmEncrypt, (Key, KeySize, Iv, IvSize,

> > > > AData, ADataSize, DataIn, Dat= aInSize, TagOut, TagSize, DataOut,

> > > > DataOutSize), FALSE, 11);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1642,7 +1646,7 @@ AeadAes= GcmDecrypt (

> > > >    OUT  U= INTN        *DataOutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= AeadAesGcmDecrypt, (Key, KeySize, Iv, IvSize,

> > > > AData, ADataSize, DataIn, Dat= aInSize, Tag, TagSize, DataOut,

> > DataOutSize),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= AeadAesGcmDecrypt, (Key, KeySize, Iv, IvSize,

> > > > AData, ADataSize, DataIn, Dat= aInSize, Tag, TagSize, DataOut,

> > DataOutSize),

> > > > FALSE, 11);

> > > >  }

> > > >

> > > >  //

> > > >

> > >

> >

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

> > > > @@ -1662,7 +1666,7 @@ RsaNew = (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaNew, (), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= RsaNew, (), NULL, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1679,7 +1683,7 @@ RsaFree= (

> > > >    IN  VO= ID  *RsaContext

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (RsaFree, (RsaContext));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (RsaFree, (RsaContext), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1713,7 +1717,7 @@ RsaSetK= ey (

> > > >    IN &nb= sp;    UINTN        BnSiz= e

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaSetKey, (RsaContext, KeyTag, BigNumber,

> > > > BnSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaSetKey, (RsaContext, KeyTag, BigNumber,

> > > > BnSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1753,7 +1757,7 @@ RsaGetK= ey (

> > > >    IN OUT = ; UINTN        *BnSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaGetKey, (RsaContext, KeyTag, BigNumber,

> > > > BnSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaGetKey, (RsaContext, KeyTag, BigNumber,

> > > > BnSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1788,7 +1792,7 @@ RsaGene= rateKey (

> > > >    IN &nb= sp;    UINTN        Publi= cExponentSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaGenerateKey, (RsaContext,

> ModulusLength,

> > > > PublicExponent, PublicExponen= tSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaGenerateKey, (RsaContext,

> ModulusLength,

> > > > PublicExponent, PublicExponen= tSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1818,7 +1822,7 @@ RsaChec= kKey (

> > > >    IN  VO= ID  *RsaContext

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaCheckKey, (RsaContext), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaCheckKey, (RsaContext), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1858,7 +1862,7 @@ RsaPkcs= 1Sign (

> > > >    IN OUT = ; UINTN        *SigSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaPkcs1Sign, (RsaContext, MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaPkcs1Sign, (RsaContext, MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1890,7 +1894,7 @@ RsaPkcs= 1Verify (

> > > >    IN  UI= NTN        SigSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaPkcs1Verify, (RsaContext, MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaPkcs1Verify, (RsaContext, MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1923,7 +1927,7 @@ RsaPssV= erify (

> > > >    IN  UI= NT16       SaltLen

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaPssVerify, (RsaContext, Message, MsgSize,

> > > > Signature, SigSize, DigestLen= , SaltLen), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaPssVerify, (RsaContext, Message, MsgSize,

> > > > Signature, SigSize, DigestLen= , SaltLen), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1968,7 +1972,7 @@ RsaPssS= ign (

> > > >    IN OUT = ; UINTN        *SigSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaPssSign, (RsaContext, Message, MsgSize,

> > > > DigestLen, SaltLen, Signature= , SigSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaPssSign, (RsaContext, Message, MsgSize,

> > > > DigestLen, SaltLen, Signature= , SigSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -1999,7 +2003,7 @@ RsaGetP= rivateKeyFromPem (

> > > >    OUT  V= OID         **RsaContext=

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaGetPrivateKeyFromPem, (PemData,

> > PemSize,

> > > > Password, RsaContext), FALSE)= ;

> > > > +  CALL_CRYPTO_SERVICE (= RsaGetPrivateKeyFromPem, (PemData,

> > PemSize,

> > > > Password, RsaContext), FALSE,= 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2028,7 +2032,7 @@ RsaGetP= ublicKeyFromX509 (

> > > >    OUT  V= OID         **RsaContext=

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RsaGetPublicKeyFromX509, (Cert, CertSize,

> > > > RsaContext), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RsaGetPublicKeyFromX509, (Cert, CertSize,

> > > > RsaContext), FALSE, 7);<= /o:p>

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2059,7 +2063,7 @@ X509Get= SubjectName (

> > > >    IN OUT = ; UINTN        *SubjectSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetSubjectName, (Cert, CertSize,

> > > CertSubject,

> > > > SubjectSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetSubjectName, (Cert, CertSize,

> > > CertSubject,

> > > > SubjectSize), FALSE, 7);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2097,7 +2101,7 @@ X509Get= CommonName (

> > > >    IN OUT = ; UINTN        *CommonNameSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetCommonName, (Cert, CertSize,

> > > > CommonName, CommonNameSize), = RETURN_UNSUPPORTED);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetCommonName, (Cert, CertSize,

> > > > CommonName, CommonNameSize), = RETURN_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2135,7 +2139,7 @@ X509Get= OrganizationName (

> > > >    IN OUT = ; UINTN        *NameBufferSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetOrganizationName, (Cert, CertSize,

> > > > NameBuffer, NameBufferSize), = RETURN_UNSUPPORTED);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetOrganizationName, (Cert, CertSize,

> > > > NameBuffer, NameBufferSize), = RETURN_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2165,7 +2169,7 @@ X509Ver= ifyCert (

> > > >    IN  UI= NTN        CACertSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509VerifyCert, (Cert, CertSize, CACert,

> > > > CACertSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509VerifyCert, (Cert, CertSize, CACert,

> > > > CACertSize), FALSE, 7);<= /o:p>

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2192,7 +2196,7 @@ X509Con= structCertificate (

> > > >    OUT  U= INT8        **SingleX509Cert<= /p>

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509ConstructCertificate, (Cert, CertSize,

> > > > SingleX509Cert), FALSE);=

> > > > +  CALL_CRYPTO_SERVICE (= X509ConstructCertificate, (Cert, CertSize,

> > > > SingleX509Cert), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2256,7 +2260,7 @@ X509Con= structCertificateStackV (

> > > >    IN &nb= sp;    VA_LIST  Args

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509ConstructCertificateStackV, (X509Stack,

> > > Args),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509ConstructCertificateStackV, (X509Stack,

> > > Args),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2273,7 +2277,7 @@ X509Fre= e (

> > > >    IN  VO= ID  *X509Cert

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (X509Free, (X509Cert));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (X509Free, (X509Cert), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2290,7 +2294,7 @@ X509Sta= ckFree (

> > > >    IN  VO= ID  *X509Stack

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (X509StackFree, (X509Stack));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (X509StackFree, (X509Stack), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2319,7 +2323,7 @@ X509Get= TBSCert (

> > > >    OUT UINTN&n= bsp;       *TBSCertSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetTBSCert, (Cert, CertSize, TBSCert,

> > > > TBSCertSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetTBSCert, (Cert, CertSize, TBSCert,

> > > > TBSCertSize), FALSE, 7);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2346,7 +2350,7 @@ X509Get= Version (

> > > >    OUT &n= bsp;   UINTN        *Version

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetVersion, (Cert, CertSize, Version),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetVersion, (Cert, CertSize, Version),

> > FALSE,

> > > > 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2381,7 +2385,7 @@ X509Get= SerialNumber (

> > > >    IN OUT = ; UINTN         *SerialNumberSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetSerialNumber, (Cert, CertSize,

> > > > SerialNumber, SerialNumberSiz= e), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetSerialNumber, (Cert, CertSize,

> > > > SerialNumber, SerialNumberSiz= e), FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2412,7 +2416,7 @@ X509Get= IssuerName (

> > > >    IN OUT = ; UINTN        *CertIssuerSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetIssuerName, (Cert, CertSize,

> CertIssuer,

> > > > CertIssuerSize), FALSE);=

> > > > +  CALL_CRYPTO_SERVICE (= X509GetIssuerName, (Cert, CertSize,

> > CertIssuer,

> > > > CertIssuerSize), FALSE, 16);<= o:p>

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2442,7 +2446,7 @@ X509Get= SignatureAlgorithm (

> > > >    IN OUT = ;  UINTN       *OidSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetSignatureAlgorithm, (Cert, CertSize,

> > Oid,

> > > > OidSize), FALSE);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= X509GetSignatureAlgorithm, (Cert, CertSize,

> > Oid,

> > > > OidSize), FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2476,7 +2480,7 @@ X509Get= ExtensionData (

> > > >    IN OUT UINT= N        *ExtensionDataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetExtensionData, (Cert, CertSize, Oid,

> > > > OidSize, ExtensionData, Exten= sionDataSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetExtensionData, (Cert, CertSize, Oid,

> > > > OidSize, ExtensionData, Exten= sionDataSize), FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2505,7 +2509,7 @@ X509Get= ExtendedKeyUsage (

> > > >    IN OUT UINT= N        *UsageSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetExtendedKeyUsage, (Cert, CertSize,

> > > Usage,

> > > > UsageSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetExtendedKeyUsage, (Cert, CertSize,

> > > Usage,

> > > > UsageSize), FALSE, 16);<= /o:p>

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2540,7 +2544,7 @@ X509Get= Validity  (

> > > >    IN OUT UINT= N        *ToSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetValidity, (Cert, CertSize, From,

> > FromSize,

> > > > To, ToSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetValidity, (Cert, CertSize, From,

> > FromSize,

> > > > To, ToSize), FALSE, 16);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2574,7 +2578,7 @@ X509For= matDateTime (

> > > >    IN OUT UINT= N     *DateTimeSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509FormatDateTime, (DateTimeStr,

> DateTime,

> > > > DateTimeSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509FormatDateTime, (DateTimeStr,

> DateTime,

> > > > DateTimeSize), FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2600,7 +2604,7 @@ X509Com= pareDateTime (

> > > >    IN CONST&nb= sp; VOID  *DateTime2

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509CompareDateTime, (DateTime1,

> > > DateTime2),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509CompareDateTime, (DateTime1,

> > > DateTime2),

> > > > FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2622,7 +2626,7 @@ X509Get= KeyUsage (

> > > >    OUT &n= bsp; UINTN        *Usage

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetKeyUsage, (Cert, CertSize, Usage),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetKeyUsage, (Cert, CertSize, Usage),

> > FALSE,

> > > > 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2650,7 +2654,7 @@ X509Ver= ifyCertChain (

> > > >    IN UINTN&nb= sp;       CertChainLength

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509VerifyCertChain, (RootCert,

> > RootCertLength,

> > > > CertChain, CertChainLength), = FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509VerifyCertChain, (RootCert,

> > RootCertLength,

> > > > CertChain, CertChainLength), = FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2681,7 +2685,7 @@ X509Get= CertFromCertChain (

> > > >    OUT UINTN&n= bsp;       *CertLength

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetCertFromCertChain, (CertChain,

> > > > CertChainLength, CertIndex, C= ert, CertLength), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetCertFromCertChain, (CertChain,

> > > > CertChainLength, CertIndex, C= ert, CertLength), FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2704,7 +2708,7 @@ Asn1Get= Tag (

> > > >    IN &nb= sp;   UINT32   Tag

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Asn1GetTag, (Ptr, End, Length, Tag), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Asn1GetTag, (Ptr, End, Length, Tag), FALSE,

> 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2734,7 +2738,7 @@ X509Get= ExtendedBasicConstraints        &nb= sp;    (

> > > >    UINTN =        *BasicConstraintsSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= X509GetExtendedBasicConstraints, (Cert,

> > > CertSize,

> > > > BasicConstraints, BasicConstr= aintsSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= X509GetExtendedBasicConstraints, (Cert,

> > > CertSize,

> > > > BasicConstraints, BasicConstr= aintsSize), FALSE, 16);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2777,7 +2781,7 @@ Pkcs5Ha= shPassword (

> > > >    OUT UINT8&n= bsp;       *OutKey

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Pkcs5HashPassword, (PasswordLength,

> > > Password,

> > > > SaltLength, Salt, IterationCo= unt, DigestSize, KeyLength, OutKey), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Pkcs5HashPassword, (PasswordLength,

> > > Password,

> > > > SaltLength, Salt, IterationCo= unt, DigestSize, KeyLength, OutKey), FALSE,

> 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2822,7 +2826,7 @@ Pkcs1v2= Encrypt (

> > > >    OUT  U= INTN        *EncryptedDataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Pkcs1v2Encrypt, (PublicKey, PublicKeySize,

> > InData,

> > > > InDataSize, PrngSeed, PrngSee= dSize, EncryptedData, EncryptedDataSize),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Pkcs1v2Encrypt, (PublicKey, PublicKeySize,

> > > InData,

> > > > InDataSize, PrngSeed, PrngSee= dSize, EncryptedData, EncryptedDataSize),

> > > > FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2862,7 +2866,7 @@ Pkcs7Ge= tSigners (

> > > >    OUT UINTN&n= bsp;       *CertLength

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Pkcs7GetSigners, (P7Data, P7Length,

> CertStack,

> > > > StackLength, TrustedCert, Cer= tLength), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Pkcs7GetSigners, (P7Data, P7Length,

> CertStack,

> > > > StackLength, TrustedCert, Cer= tLength), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2879,7 +2883,7 @@ Pkcs7Fr= eeSigners (

> > > >    IN  UI= NT8  *Certs

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (Pkcs7FreeSigners, (Certs));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (Pkcs7FreeSigners, (Certs), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2915,7 +2919,7 @@ Pkcs7Ge= tCertificatesList (

> > > >    OUT UINTN&n= bsp;       *UnchainLength

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Pkcs7GetCertificatesList, (P7Data, P7Length,

> > > > SignerChainCerts, ChainLength= , UnchainCerts, UnchainLength), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Pkcs7GetCertificatesList, (P7Data, P7Length,

> > > > SignerChainCerts, ChainLength= , UnchainCerts, UnchainLength), FALSE,

> 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2959,7 +2963,7 @@ Pkcs7Si= gn (

> > > >    OUT  U= INTN        *SignedDataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Pkcs7Sign, (PrivateKey, PrivateKeySize,

> > > > KeyPassword, InData, InDataSi= ze, SignCert, OtherCerts, SignedData,

> > > > SignedDataSize), FALSE);=

> > > > +  CALL_CRYPTO_SERVICE (= Pkcs7Sign, (PrivateKey, PrivateKeySize,

> > > > KeyPassword, InData, InDataSi= ze, SignCert, OtherCerts, SignedData,

> > > > SignedDataSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -2995,7 +2999,7 @@ Pkcs7Ve= rify (

> > > >    IN  UI= NTN        DataLength

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Pkcs7Verify, (P7Data, P7Length, TrustedCert,

> > > > CertLength, InData, DataLengt= h), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= Pkcs7Verify, (P7Data, P7Length, TrustedCert,

> > > > CertLength, InData, DataLengt= h), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3040,7 +3044,7 @@ VerifyE= KUsInPkcs7Signature (

> > > >    IN  BO= OLEAN       RequireAllPresent

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= VerifyEKUsInPkcs7Signature, (Pkcs7Signature,

> > > > SignatureSize, RequiredEKUs, = RequiredEKUsSize, RequireAllPresent),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= VerifyEKUsInPkcs7Signature, (Pkcs7Signature,

> > > > SignatureSize, RequiredEKUs, = RequiredEKUsSize, RequireAllPresent),

> > FALSE,

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3072,7 +3076,7 @@ Pkcs7Ge= tAttachedContent (

> > > >    OUT UINTN&n= bsp;       *ContentSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= Pkcs7GetAttachedContent, (P7Data, P7Length,

> > > > Content, ContentSize), FALSE)= ;

> > > > +  CALL_CRYPTO_SERVICE (= Pkcs7GetAttachedContent, (P7Data,

> P7Length,

> > > > Content, ContentSize), FALSE,= 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3110,7 +3114,7 @@ Authent= icodeVerify (

> > > >    IN  UI= NTN        HashSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= AuthenticodeVerify, (AuthData, DataSize,

> > > > TrustedCert, CertSize, ImageH= ash, HashSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= AuthenticodeVerify, (AuthData, DataSize,

> > > > TrustedCert, CertSize, ImageH= ash, HashSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3143,7 +3147,7 @@ ImageTi= mestampVerify (

> > > >    OUT EFI_TIM= E     *SigningTime

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= ImageTimestampVerify, (AuthData, DataSize,

> > > > TsaCert, CertSize, SigningTim= e), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= ImageTimestampVerify, (AuthData, DataSize,

> > > > TsaCert, CertSize, SigningTim= e), FALSE, 7);

> > > >  }

> > > >

> > > >  //

> > > >

> > >

> >

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

> > > > @@ -3164,7 +3168,7 @@ DhNew (=

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= DhNew, (), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= DhNew, (), NULL, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3181,7 +3185,7 @@ DhFree = (

> > > >    IN  VO= ID  *DhContext

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (DhFree, (DhContext));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (DhFree, (DhContext), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3217,7 +3221,7 @@ DhGener= ateParameter (

> > > >    OUT &n= bsp;   UINT8  *Prime

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= DhGenerateParameter, (DhContext,

> Generator,

> > > > PrimeLength, Prime), FALSE);<= o:p>

> > > > +  CALL_CRYPTO_SERVICE (= DhGenerateParameter, (DhContext,

> Generator,

> > > > PrimeLength, Prime), FALSE, 7= );

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3252,7 +3256,7 @@ DhSetPa= rameter (

> > > >    IN &nb= sp;    CONST UINT8  *Prime

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= DhSetParameter, (DhContext, Generator,

> > > > PrimeLength, Prime), FALSE);<= o:p>

> > > > +  CALL_CRYPTO_SERVICE (= DhSetParameter, (DhContext, Generator,

> > > > PrimeLength, Prime), FALSE, 7= );

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3287,7 +3291,7 @@ DhGener= ateKey (

> > > >    IN OUT = ; UINTN  *PublicKeySize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= DhGenerateKey, (DhContext, PublicKey,

> > > > PublicKeySize), FALSE);<= /o:p>

> > > > +  CALL_CRYPTO_SERVICE (= DhGenerateKey, (DhContext, PublicKey,

> > > > PublicKeySize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3326,7 +3330,7 @@ DhCompu= teKey (

> > > >    IN OUT = ; UINTN        *KeySize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= DhComputeKey, (DhContext, PeerPublicKey,

> > > > PeerPublicKeySize, Key, KeySi= ze), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= DhComputeKey, (DhContext, PeerPublicKey,

> > > > PeerPublicKeySize, Key, KeySi= ze), FALSE, 7);

> > > >  }

> > > >

> > > >  //

> > > >

> > >

> >

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

> > > > @@ -3358,7 +3362,7 @@ RandomS= eed (

> > > >    IN  UI= NTN         SeedSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RandomSeed, (Seed, SeedSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RandomSeed, (Seed, SeedSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3382,7 +3386,7 @@ RandomB= ytes (

> > > >    IN &nb= sp; UINTN  Size

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= RandomBytes, (Output, Size), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= RandomBytes, (Output, Size), FALSE, 7);

> > > >  }

> > > >

> > > >  //

> > > >

> > >

> >

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

> > > > @@ -3418,7 +3422,7 @@ HkdfSha= 256ExtractAndExpand (

> > > >    IN &nb= sp; UINTN        OutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HkdfSha256ExtractAndExpand, (Key, KeySize,

> > > Salt,

> > > > SaltSize, Info, InfoSize, Out= , OutSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HkdfSha256ExtractAndExpand, (Key, KeySize,

> > > Salt,

> > > > SaltSize, Info, InfoSize, Out= , OutSize), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3446,7 +3450,7 @@ HkdfSha= 256Extract (

> > > >    UINTN =           PrkOutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HkdfSha256Extract, (Key, KeySize, Salt,

> SaltSize,

> > > > PrkOut, PrkOutSize), FALSE);<= o:p>

> > > > +  CALL_CRYPTO_SERVICE (= HkdfSha256Extract, (Key, KeySize, Salt,

> SaltSize,

> > > > PrkOut, PrkOutSize), FALSE, 1= 0);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3474,7 +3478,7 @@ HkdfSha= 256Expand (

> > > >    IN &nb= sp; UINTN        OutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HkdfSha256Expand, (Prk, PrkSize, Info,

> InfoSize,

> > > > Out, OutSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HkdfSha256Expand, (Prk, PrkSize, Info,

> > InfoSize,

> > > > Out, OutSize), FALSE, 10);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3506,7 +3510,7 @@ HkdfSha= 384ExtractAndExpand (

> > > >    IN &nb= sp; UINTN        OutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HkdfSha384ExtractAndExpand, (Key, KeySize,

> > > Salt,

> > > > SaltSize, Info, InfoSize, Out= , OutSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HkdfSha384ExtractAndExpand, (Key, KeySize,

> > > Salt,

> > > > SaltSize, Info, InfoSize, Out= , OutSize), FALSE, 10);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3534,7 +3538,7 @@ HkdfSha= 384Extract (

> > > >    UINTN =           PrkOutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HkdfSha384Extract, (Key, KeySize, Salt,

> SaltSize,

> > > > PrkOut, PrkOutSize), FALSE);<= o:p>

> > > > +  CALL_CRYPTO_SERVICE (= HkdfSha384Extract, (Key, KeySize, Salt,

> SaltSize,

> > > > PrkOut, PrkOutSize), FALSE, 1= 0);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3562,7 +3566,7 @@ HkdfSha= 384Expand (

> > > >    IN &nb= sp; UINTN        OutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= HkdfSha384Expand, (Prk, PrkSize, Info,

> InfoSize,

> > > > Out, OutSize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= HkdfSha384Expand, (Prk, PrkSize, Info,

> > InfoSize,

> > > > Out, OutSize), FALSE, 10);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3582,7 +3586,7 @@ TlsInit= ialize (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsInitialize, (), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= TlsInitialize, (), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3597,7 +3601,7 @@ TlsCtxF= ree (

> > > >    IN &nb= sp; VOID  *TlsCtx

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (TlsCtxFree, (TlsCtx));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (TlsCtxFree, (TlsCtx), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3618,7 +3622,7 @@ TlsCtxN= ew (

> > > >    IN &nb= sp;   UINT8  MinorVer

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsCtxNew, (MajorVer, MinorVer), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= TlsCtxNew, (MajorVer, MinorVer), NULL, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3636,7 +3640,7 @@ TlsFree= (

> > > >    IN &nb= sp;   VOID  *Tls

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (TlsFree, (Tls));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (TlsFree, (Tls), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3658,7 +3662,7 @@ TlsNew = (

> > > >    IN &nb= sp;   VOID  *TlsCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsNew, (TlsCtx), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= TlsNew, (TlsCtx), NULL, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3678,7 +3682,7 @@ TlsInHa= ndshake (

> > > >    IN &nb= sp;   VOID  *Tls

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsInHandshake, (Tls), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= TlsInHandshake, (Tls), FALSE, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3717,7 +3721,7 @@ TlsDoHa= ndshake (

> > > >    IN OUT UINT= N  *BufferOutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsDoHandshake, (Tls, BufferIn, BufferInSize,

> > > > BufferOut, BufferOutSize), EF= I_UNSUPPORTED);

> > > > +  CALL_CRYPTO_SERVICE (= TlsDoHandshake, (Tls, BufferIn, BufferInSize,

> > > > BufferOut, BufferOutSize), EF= I_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3755,7 +3759,7 @@ TlsHand= leAlert (

> > > >    IN OUT UINT= N  *BufferOutSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsHandleAlert, (Tls, BufferIn, BufferInSize,

> > > > BufferOut, BufferOutSize), EF= I_UNSUPPORTED);

> > > > +  CALL_CRYPTO_SERVICE (= TlsHandleAlert, (Tls, BufferIn, BufferInSize,

> > > > BufferOut, BufferOutSize), EF= I_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3784,7 +3788,7 @@ TlsClos= eNotify (

> > > >    IN OUT UINT= N  *BufferSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsCloseNotify, (Tls, Buffer, BufferSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsCloseNotify, (Tls, Buffer, BufferSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3809,7 +3813,7 @@ TlsCtrl= TrafficOut (

> > > >    IN &nb= sp;   UINTN  BufferSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsCtrlTrafficOut, (Tls, Buffer, BufferSize), 0);

> > > > +  CALL_CRYPTO_SERVICE (= TlsCtrlTrafficOut, (Tls, Buffer, BufferSize), 0,

> 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3834,7 +3838,7 @@ TlsCtrl= TrafficIn (

> > > >    IN &nb= sp;   UINTN  BufferSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsCtrlTrafficIn, (Tls, Buffer, BufferSize), 0);

> > > > +  CALL_CRYPTO_SERVICE (= TlsCtrlTrafficIn, (Tls, Buffer, BufferSize), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3860,7 +3864,7 @@ TlsRead= (

> > > >    IN &nb= sp;   UINTN  BufferSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsRead, (Tls, Buffer, BufferSize), 0);

> > > > +  CALL_CRYPTO_SERVICE (= TlsRead, (Tls, Buffer, BufferSize), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3886,7 +3890,7 @@ TlsWrit= e (

> > > >    IN &nb= sp;   UINTN  BufferSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsWrite, (Tls, Buffer, BufferSize), 0);

> > > > +  CALL_CRYPTO_SERVICE (= TlsWrite, (Tls, Buffer, BufferSize), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3908,7 +3912,7 @@ TlsShut= down (

> > > >    IN &nb= sp;   VOID  *Tls

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsShutdown, (Tls), EFI_UNSUPPORTED);

> > > > +  CALL_CRYPTO_SERVICE (= TlsShutdown, (Tls), EFI_UNSUPPORTED, 14);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3933,7 +3937,7 @@ TlsSetV= ersion (

> > > >    IN &nb= sp;   UINT8  MinorVer

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetVersion, (Tls, MajorVer, MinorVer),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetVersion, (Tls, MajorVer, MinorVer),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3956,7 +3960,7 @@ TlsSetC= onnectionEnd (

> > > >    IN &nb= sp;   BOOLEAN  IsServer

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetConnectionEnd, (Tls, IsServer),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetConnectionEnd, (Tls, IsServer),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -3985,7 +3989,7 @@ TlsSetC= ipherList (

> > > >    IN &nb= sp;   UINTN   CipherNum

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetCipherList, (Tls, CipherId, CipherNum),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetCipherList, (Tls, CipherId, CipherNum),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4006,7 +4010,7 @@ TlsSetC= ompressionMethod (

> > > >    IN &nb= sp;   UINT8  CompMethod

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetCompressionMethod, (CompMethod),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetCompressionMethod, (CompMethod),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4025,7 +4029,7 @@ TlsSetV= erify (

> > > >    IN &nb= sp;   UINT32  VerifyMode

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (TlsSetVerify, (Tls, VerifyMode));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (TlsSetVerify, (Tls, VerifyMode), 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4048,7 +4052,7 @@ TlsSetV= erifyHost (

> > > >    IN &nb= sp;   CHAR8   *HostName

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetVerifyHost, (Tls, Flags, HostName),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetVerifyHost, (Tls, Flags, HostName),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4074,7 +4078,7 @@ TlsSetS= essionId (

> > > >    IN &nb= sp;   UINT16  SessionIdLen

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetSessionId, (Tls, SessionId, SessionIdLen),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetSessionId, (Tls, SessionId,

> SessionIdLen),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4102,7 +4106,7 @@ TlsSetC= aCertificate (

> > > >    IN &nb= sp;   UINTN  DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetCaCertificate, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetCaCertificate, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4130,7 +4134,7 @@ TlsSetH= ostPublicCert (

> > > >    IN &nb= sp;   UINTN  DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetHostPublicCert, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetHostPublicCert, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4160,7 +4164,7 @@ TlsSetH= ostPrivateKeyEx (

> > > >    IN &nb= sp;   VOID   *Password  OPTIONAL

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetHostPrivateKeyEx, (Tls, Data, DataSize,

> > > > Password), EFI_UNSUPPORTED);<= o:p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetHostPrivateKeyEx, (Tls, Data, DataSize,

> > > > Password), EFI_UNSUPPORTED, 1= 4);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4187,7 +4191,7 @@ TlsSetH= ostPrivateKey (

> > > >    IN &nb= sp;   UINTN  DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetHostPrivateKey, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetHostPrivateKey, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 14);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4211,7 +4215,7 @@ TlsSetC= ertRevocationList (

> > > >    IN &nb= sp;   UINTN  DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetCertRevocationList, (Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetCertRevocationList, (Data, DataSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4239,7 +4243,7 @@ TlsSetS= ignatureAlgoList (

> > > >    IN &nb= sp;   UINTN  DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetSignatureAlgoList, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetSignatureAlgoList, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 14);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4264,7 +4268,7 @@ TlsSetE= cCurve (

> > > >    IN &nb= sp;   UINTN  DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsSetSignatureAlgoList, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsSetEcCurve, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 14);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4286,7 +4290,7 @@ TlsGetV= ersion (

> > > >    IN &nb= sp;   VOID  *Tls

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetVersion, (Tls), 0);

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetVersion, (Tls), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4308,7 +4312,7 @@ TlsGetC= onnectionEnd (

> > > >    IN &nb= sp;   VOID  *Tls

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetConnectionEnd, (Tls), 0);

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetConnectionEnd, (Tls), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4332,7 +4336,7 @@ TlsGetC= urrentCipher (

> > > >    IN OUT UINT= 16  *CipherId

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetCurrentCipher, (Tls, CipherId),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetCurrentCipher, (Tls, CipherId),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4358,7 +4362,7 @@ TlsGetC= urrentCompressionId (

> > > >    IN OUT UINT= 8  *CompressionId

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetCurrentCompressionId, (Tls,

> > > CompressionId),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetCurrentCompressionId, (Tls,

> > > > CompressionId), EFI_UNSUPPORT= ED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4380,7 +4384,7 @@ TlsGetV= erify (

> > > >    IN &nb= sp;   VOID  *Tls

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetVerify, (Tls), 0);

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetVerify, (Tls), 0, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4406,7 +4410,7 @@ TlsGetS= essionId (

> > > >    IN OUT UINT= 16  *SessionIdLen

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetSessionId, (Tls, SessionId,

> SessionIdLen),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetSessionId, (Tls, SessionId,

> SessionIdLen),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4427,7 +4431,7 @@ TlsGetC= lientRandom (

> > > >    IN OUT UINT= 8  *ClientRandom

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (TlsGetClientRandom, (Tls,

> > ClientRandom));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (TlsGetClientRandom, (Tls,

> > ClientRandom),

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4448,7 +4452,7 @@ TlsGetS= erverRandom (

> > > >    IN OUT UINT= 8  *ServerRandom

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (TlsGetServerRandom, (Tls,

> > > ServerRandom));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (TlsGetServerRandom, (Tls,

> > > ServerRandom),

> > > > 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4472,7 +4476,7 @@ TlsGetK= eyMaterial (

> > > >    IN OUT UINT= 8  *KeyMaterial

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetKeyMaterial, (Tls, KeyMaterial),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetKeyMaterial, (Tls, KeyMaterial),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4499,7 +4503,7 @@ TlsGetC= aCertificate (

> > > >    IN OUT UINT= N  *DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetCaCertificate, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetCaCertificate, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4527,7 +4531,7 @@ TlsGetH= ostPublicCert (

> > > >    IN OUT UINT= N  *DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetHostPublicCert, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetHostPublicCert, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4554,7 +4558,7 @@ TlsGetH= ostPrivateKey (

> > > >    IN OUT UINT= N  *DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetHostPrivateKey, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetHostPrivateKey, (Tls, Data, DataSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4579,7 +4583,7 @@ TlsGetC= ertRevocationList (

> > > >    IN OUT UINT= N  *DataSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= TlsGetCertRevocationList, (Data, DataSize),

> > > > EFI_UNSUPPORTED);<= /p>

> > > > +  CALL_CRYPTO_SERVICE (= TlsGetCertRevocationList, (Data, DataSize),

> > > > EFI_UNSUPPORTED, 7);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4615,7 +4619,8 @@ TlsGetE= xportKey (

> > > >     = TlsGetExportKey,

> > > >     = (Tls, Label, Context, ContextLen,

> > > >     =   KeyBuffer, KeyBufferLen),

> > > > -    EFI_UNSUP= PORTED

> > > > +    EFI_UNSUP= PORTED,

> > > > +    14

> > > >     = );

> > > >  }

> > > >

> > > > @@ -4634,7 +4639,7 @@ BigNumI= nit (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumInit, (), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumInit, (), NULL, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4652,7 +4657,7 @@ BigNumF= romBin (

> > > >    IN UINTN&nb= sp;       Len

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumFromBin, (Buf, Len), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumFromBin, (Buf, Len), NULL, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4671,7 +4676,7 @@ BigNumT= oBin (

> > > >    OUT UINT8&n= bsp;     *Buf

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumToBin, (Bn, Buf), -1);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumToBin, (Bn, Buf), -1, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4687,7 +4692,7 @@ BigNumF= ree (

> > > >    IN BOOLEAN&= nbsp; Clear

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (BigNumFree, (Bn, Clear));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (BigNumFree, (Bn, Clear), 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4710,7 +4715,7 @@ BigNumA= dd (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumAdd, (BnA, BnB, BnRes), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumAdd, (BnA, BnB, BnRes), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4733,7 +4738,7 @@ BigNumS= ub (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumSub, (BnA, BnB, BnRes), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumSub, (BnA, BnB, BnRes), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4756,7 +4761,7 @@ BigNumM= od (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumMod, (BnA, BnB, BnRes), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumMod, (BnA, BnB, BnRes), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4781,7 +4786,7 @@ BigNumE= xpMod (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumExpMod, (BnA, BnP, BnM, BnRes),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumExpMod, (BnA, BnP, BnM, BnRes),

> > FALSE,

> > > > 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4804,7 +4809,7 @@ BigNumI= nverseMod (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumInverseMod, (BnA, BnM, BnRes),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumInverseMod, (BnA, BnM, BnRes),

> FALSE,

> > > > 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4827,7 +4832,7 @@ BigNumD= iv (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumDiv, (BnA, BnB, BnRes), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumDiv, (BnA, BnB, BnRes), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4852,7 +4857,7 @@ BigNumM= ulMod (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumMulMod, (BnA, BnB, BnM, BnRes),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumMulMod, (BnA, BnB, BnM, BnRes),

> > FALSE,

> > > > 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4872,7 +4877,7 @@ BigNumC= mp (

> > > >    IN CONST VO= ID  *BnB

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumCmp, (BnA, BnB), 0);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumCmp, (BnA, BnB), 0, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4888,7 +4893,7 @@ BigNumB= its (

> > > >    IN CONST VO= ID  *Bn

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumBits, (Bn), 0);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumBits, (Bn), 0, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4904,7 +4909,7 @@ BigNumB= ytes (

> > > >    IN CONST VO= ID  *Bn

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumBytes, (Bn), 0);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumBytes, (Bn), 0, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4923,7 +4928,7 @@ BigNumI= sWord (

> > > >    IN UINTN&nb= sp;      Num

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumIsWord, (Bn, Num), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumIsWord, (Bn, Num), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4940,7 +4945,7 @@ BigNumI= sOdd (

> > > >    IN CONST VO= ID  *Bn

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumIsOdd, (Bn), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumIsOdd, (Bn), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4959,7 +4964,7 @@ BigNumC= opy (

> > > >    IN CONST VO= ID  *BnSrc

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumCopy, (BnDst, BnSrc), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumCopy, (BnDst, BnSrc), NULL, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4974,7 +4979,7 @@ BigNumV= alueOne (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumValueOne, (), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumValueOne, (), NULL, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -4997,7 +5002,7 @@ BigNumR= Shift (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumRShift, (Bn, N, BnRes), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumRShift, (Bn, N, BnRes), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5013,7 +5018,7 @@ BigNumC= onstTime (

> > > >    IN VOID&nbs= p; *Bn

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (BigNumConstTime, (Bn));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (BigNumConstTime, (Bn), 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5036,7 +5041,7 @@ BigNumS= qrMod (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumSqrMod, (BnA, BnM, BnRes), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumSqrMod, (BnA, BnM, BnRes), FALSE,

> > 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5052,7 +5057,7 @@ BigNumN= ewContext (

> > > >    VOID

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumNewContext, (), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumNewContext, (), NULL, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5066,7 +5071,7 @@ BigNumC= ontextFree (

> > > >    IN VOID&nbs= p; *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (BigNumContextFree, (BnCtx));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (BigNumContextFree, (BnCtx), 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5085,7 +5090,7 @@ BigNumS= etUint (

> > > >    IN UINTN&nb= sp; Val

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumSetUint, (Bn, Val), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumSetUint, (Bn, Val), FALSE, 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5108,7 +5113,7 @@ BigNumA= ddMod (

> > > >    OUT VOID&nb= sp;      *BnRes

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= BigNumAddMod, (BnA, BnB, BnM, BnRes),

> > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= BigNumAddMod, (BnA, BnB, BnM, BnRes),

> > > FALSE,

> > > > 12);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5128,7 +5133,7 @@ EcGroup= Init (

> > > >    IN UINTN&nb= sp; CryptoNid

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcGroupInit, (CryptoNid), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= EcGroupInit, (CryptoNid), NULL, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5156,7 +5161,7 @@ EcGroup= GetCurve (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcGroupGetCurve, (EcGroup, BnPrime, BnA,

> > BnB,

> > > > BnCtx), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcGroupGetCurve, (EcGroup, BnPrime, BnA,

> > BnB,

> > > > BnCtx), FALSE, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5178,7 +5183,7 @@ EcGroup= GetOrder (

> > > >    OUT VOID&nb= sp; *BnOrder

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcGroupGetOrder, (EcGroup, BnOrder),

> FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcGroupGetOrder, (EcGroup, BnOrder),

> FALSE,

> > > 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5192,7 +5197,7 @@ EcGroup= Free (

> > > >    IN VOID&nbs= p; *EcGroup

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (EcGroupFree, (EcGroup));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (EcGroupFree, (EcGroup), 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5210,7 +5215,7 @@ EcPoint= Init (

> > > >    IN CONST VO= ID  *EcGroup

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointInit, (EcGroup), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointInit, (EcGroup), NULL, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5226,7 +5231,7 @@ EcPoint= DeInit (

> > > >    IN BOOLEAN&= nbsp; Clear

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (EcPointDeInit, (EcPoint, Clear));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (EcPointDeInit, (EcPoint, Clear), 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5254,7 +5259,7 @@ EcPoint= GetAffineCoordinates (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointGetAffineCoordinates, (EcGroup,

> > EcPoint,

> > > > BnX, BnY, BnCtx), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointGetAffineCoordinates, (EcGroup,

> > EcPoint,

> > > > BnX, BnY, BnCtx), FALSE, 13);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5279,7 +5284,7 @@ EcPoint= SetAffineCoordinates (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointSetAffineCoordinates, (EcGroup,

> > EcPoint,

> > > > BnX, BnY, BnCtx), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointSetAffineCoordinates, (EcGroup,

> > EcPoint,

> > > > BnX, BnY, BnCtx), FALSE, 13);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5305,7 +5310,7 @@ EcPoint= Add (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointAdd, (EcGroup, EcPointResult,

> EcPointA,

> > > > EcPointB, BnCtx), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointAdd, (EcGroup, EcPointResult,

> EcPointA,

> > > > EcPointB, BnCtx), FALSE, 13);=

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5331,7 +5336,7 @@ EcPoint= Mul (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointMul, (EcGroup, EcPointResult, EcPoint,

> > > > BnPScalar, BnCtx), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointMul, (EcGroup, EcPointResult, EcPoint,

> > > > BnPScalar, BnCtx), FALSE, 13)= ;

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5352,7 +5357,7 @@ EcPoint= Invert (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointInvert, (EcGroup, EcPoint, BnCtx),

> > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointInvert, (EcGroup, EcPoint, BnCtx),

> > FALSE,

> > > > 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5373,7 +5378,7 @@ EcPoint= IsOnCurve (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointIsOnCurve, (EcGroup, EcPoint, BnCtx),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointIsOnCurve, (EcGroup, EcPoint, BnCtx),

> > > > FALSE, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5392,7 +5397,7 @@ EcPoint= IsAtInfinity (

> > > >    IN CONST VO= ID  *EcPoint

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointIsAtInfinity, (EcGroup, EcPoint),

> FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointIsAtInfinity, (EcGroup, EcPoint), FALSE,

> > > 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5415,7 +5420,7 @@ EcPoint= Equal (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointEqual, (EcGroup, EcPointA, EcPointB,

> > > > BnCtx), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointEqual, (EcGroup, EcPointA, EcPointB,

> > > > BnCtx), FALSE, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5445,7 +5450,7 @@ EcPoint= SetCompressedCoordinates (

> > > >    IN VOID&nbs= p;       *BnCtx

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcPointSetCompressedCoordinates, (EcGroup,

> > > > EcPoint, BnX, YBit, BnCtx), F= ALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcPointSetCompressedCoordinates,

> (EcGroup,

> > > > EcPoint, BnX, YBit, BnCtx), F= ALSE, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5462,7 +5467,7 @@ EcNewBy= Nid (

> > > >    IN UINTN&nb= sp; Nid

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcNewByNid, (Nid), NULL);

> > > > +  CALL_CRYPTO_SERVICE (= EcNewByNid, (Nid), NULL, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5476,7 +5481,7 @@ EcFree = (

> > > >    IN  VO= ID  *EcContext

> > > >    )

> > > >  {

> > > > -  CALL_VOID_CRYPTO_SERV= ICE (EcFree, (EcContext));

> > > > +  CALL_VOID_CRYPTO_SERV= ICE (EcFree, (EcContext), 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5513,7 +5518,7 @@ EcGener= ateKey (

> > > >    IN OUT = ; UINTN  *PublicKeySize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcGenerateKey, (EcContext, PublicKey,

> > > > PublicKeySize), FALSE);<= /o:p>

> > > > +  CALL_CRYPTO_SERVICE (= EcGenerateKey, (EcContext, PublicKey,

> > > > PublicKeySize), FALSE, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5538,7 +5543,7 @@ EcGetPu= bKey (

> > > >    IN OUT = ; UINTN  *PublicKeySize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcGetPubKey, (EcContext, PublicKey,

> > > PublicKeySize),

> > > > FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcGetPubKey, (EcContext, PublicKey,

> > > > PublicKeySize), FALSE, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5577,7 +5582,7 @@ EcDhCom= puteKey (

> > > >    IN OUT = ; UINTN        *KeySize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcDhComputeKey, (EcContext, PeerPublic,

> > > > PeerPublicSize, CompressFlag,= Key, KeySize), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcDhComputeKey, (EcContext, PeerPublic,

> > > > PeerPublicSize, CompressFlag,= Key, KeySize), FALSE, 13);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5604,7 +5609,7 @@ EcGetPu= blicKeyFromX509 (

> > > >    OUT  V= OID         **EcContext<= /p>

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcGetPublicKeyFromX509, (Cert, CertSize,

> > > > EcContext), FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcGetPublicKeyFromX509, (Cert, CertSize,

> > > > EcContext), FALSE, 15);<= /o:p>

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5633,7 +5638,7 @@ EcGetPr= ivateKeyFromPem (

> > > >    OUT  V= OID         **EcContext<= /p>

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcGetPrivateKeyFromPem, (PemData,

> PemSize,

> > > > Password, EcContext), FALSE);=

> > > > +  CALL_CRYPTO_SERVICE (= EcGetPrivateKeyFromPem, (PemData,

> PemSize,

> > > > Password, EcContext), FALSE, = 15);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5676,7 +5681,7 @@ EcDsaSi= gn (

> > > >    IN OUT = ; UINTN        *SigSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcDsaSign, (EcContext, HashNid,

> MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcDsaSign, (EcContext, HashNid,

> MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE, 15);

> > > >  }

> > > >

> > > >  /**

> > > > @@ -5713,5 +5718,5 @@ EcDsaVe= rify (

> > > >    IN  UI= NTN        SigSize

> > > >    )

> > > >  {

> > > > -  CALL_CRYPTO_SERVICE (= EcDsaVerify, (EcContext, HashNid,

> > MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE);

> > > > +  CALL_CRYPTO_SERVICE (= EcDsaVerify, (EcContext, HashNid,

> > MessageHash,

> > > > HashSize, Signature, SigSize)= , FALSE, 15);

> > > >  }

> > > > diff --git a/CryptoPkg/Librar= y/BaseCryptLibOnProtocolPpi/DxeCryptLib.c

> > > > b/CryptoPkg/Library/BaseCrypt= LibOnProtocolPpi/DxeCryptLib.c

> > > > index dc7527bb01..fe9cdc0d4d = 100644

> > > > --- a/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/DxeCryptLib.c

> > > > +++ b/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/DxeCryptLib.c

> > > > @@ -49,7 +49,6 @@ DxeCryptLib= Constructor (

> > > >    )

> > > >  {

> > > >    EFI_STATUS&= nbsp; Status;

> > > > -  UINTN  &nbs= p;    Version;

> > > >

> > > >    Status =3D = gBS->LocateProtocol (

> > > >     =             &nb= sp;  &gEdkiiCryptoProtocolGuid,

> > > > @@ -65,13 +64,5 @@ DxeCryptLi= bConstructor (

> > > >     = return EFI_NOT_FOUND;

> > > >    }

> > > >

> > > > -  Version =3D mCryptoPr= otocol->GetVersion ();

> > > > -  if (Version < EDKI= I_CRYPTO_VERSION) {

> > > > -    DEBUG ((D= EBUG_ERROR, "[DxeCryptLib] Crypto Protocol

> unsupported

> > > > version %d\n", Version))= ;

> > > > -    ASSERT (V= ersion >=3D EDKII_CRYPTO_VERSION);

> > > > -    mCryptoPr= otocol =3D NULL;

> > > > -    return EF= I_NOT_FOUND;

> > > > -  }

> > > > -

> > > >    return EFI_= SUCCESS;

> > > >  }

> > > > diff --git a/CryptoPkg/Librar= y/BaseCryptLibOnProtocolPpi/PeiCryptLib.c

> > > > b/CryptoPkg/Library/BaseCrypt= LibOnProtocolPpi/PeiCryptLib.c

> > > > index 51f858302f..6ad1d3afe0 = 100644

> > > > --- a/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/PeiCryptLib.c

> > > > +++ b/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/PeiCryptLib.c

> > > > @@ -30,7 +30,6 @@ GetCryptoSe= rvices (

> > > >  {

> > > >    EFI_STATUS&= nbsp;       Status;

> > > >    EDKII_CRYPT= O_PPI  *CryptoPpi;

> > > > -  UINTN  &nbs= p;          Version;

> > > >

> > > >    CryptoPpi = =3D NULL;

> > > >    Status = ;   =3D PeiServicesLocatePpi (

> > > > @@ -46,12 +45,5 @@ GetCryptoS= ervices (

> > > >     = return NULL;

> > > >    }

> > > >

> > > > -  Version =3D CryptoPpi= ->GetVersion ();

> > > > -  if (Version < EDKI= I_CRYPTO_VERSION) {

> > > > -    DEBUG ((D= EBUG_ERROR, "[PeiCryptLib] Crypto PPI unsupported

> > > > version %d\n", Version))= ;

> > > > -    ASSERT (V= ersion >=3D EDKII_CRYPTO_VERSION);

> > > > -    return NU= LL;

> > > > -  }

> > > > -

> > > >    return (VOI= D *)CryptoPpi;

> > > >  }

> > > > diff --git

> a/CryptoPkg/Library/BaseCryptLibOnProtocolPp= i/SmmCryptLib.c

> > > > b/CryptoPkg/Library/BaseCrypt= LibOnProtocolPpi/SmmCryptLib.c

> > > > index be0f44e63b..6c7c75c8a7 = 100644

> > > > --- a/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/SmmCryptLib.c

> > > > +++ b/CryptoPkg/Library/BaseC= ryptLibOnProtocolPpi/SmmCryptLib.c

> > > > @@ -52,7 +52,6 @@ SmmCryptLib= Constructor (

> > > >    )

> > > >  {

> > > >    EFI_STATUS&= nbsp; Status;

> > > > -  UINTN  &nbs= p;    Version;

> > > >

> > > >    Status =3D = gSmst->SmmLocateProtocol (

> > > >     =             &nb= sp;    &gEdkiiSmmCryptoProtocolGuid,

> > > > @@ -67,13 +66,5 @@ SmmCryptLi= bConstructor (

> > > >     = return EFI_NOT_FOUND;

> > > >    }

> > > >

> > > > -  Version =3D mSmmCrypt= oProtocol->GetVersion ();

> > > > -  if (Version < EDKI= I_CRYPTO_VERSION) {

> > > > -    DEBUG ((D= EBUG_ERROR, "[SmmCryptLib] Crypto SMM Protocol

> > > > unsupported version %d\n"= ;, Version));

> > > > -    ASSERT (V= ersion >=3D EDKII_CRYPTO_VERSION);

> > > > -    mSmmCrypt= oProtocol =3D NULL;

> > > > -    return EF= I_NOT_FOUND;

> > > > -  }

> > > > -

> > > >    return EFI_= SUCCESS;

> > > >  }

> > > > --

> > > > 2.31.1.windows.1

> > > >

> > > >

> > > >

> > > >

> > > >

> >

> >

> >

> >

> >

 

--_000_SJ1PR11MB62271C043A341470AF6A12F0C5FB9SJ1PR11MB6227namp_--