Add interfaces to several library instances of BaseCryptLib.

Signed-off-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13539 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-18 09:32:05 +00:00
parent c31b316c00
commit 532616bbd6
42 changed files with 5340 additions and 59 deletions
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@ -69,7 +69,10 @@ typedef enum {
 /**
  Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for MD4 hash operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -83,11 +86,13 @@ Md4GetContextSize (
  subsequent use.
  If Md4Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  Md4Context  Pointer to MD4 context being initialized.
  @retval TRUE   MD4 context initialization succeeded.
  @retval FALSE  MD4 context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -101,12 +106,14 @@ Md4Init (
  If Md4Context is NULL, then return FALSE.
  If NewMd4Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  Md4Context     Pointer to MD4 context being copied.
  @param[out] NewMd4Context  Pointer to new MD4 context.
  @retval TRUE   MD4 context copy succeeded.
  @retval FALSE  MD4 context copy failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -125,6 +132,7 @@ Md4Duplicate (
  by Md4Final(). Behavior with invalid context is undefined.
  If Md4Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  Md4Context  Pointer to the MD4 context.
  @param[in]       Data        Pointer to the buffer containing the data to be hashed.
@ -132,6 +140,7 @@ Md4Duplicate (
  @retval TRUE   MD4 data digest succeeded.
  @retval FALSE  MD4 data digest failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -153,6 +162,7 @@ Md4Update (
  If Md4Context is NULL, then return FALSE.
  If HashValue is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  Md4Context  Pointer to the MD4 context.
  @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest
@ -160,6 +170,7 @@ Md4Update (
  @retval TRUE   MD4 digest computation succeeded.
  @retval FALSE  MD4 digest computation failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -172,7 +183,10 @@ Md4Final (
 /**
  Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for MD5 hash operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -186,11 +200,13 @@ Md5GetContextSize (
  subsequent use.
  If Md5Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  Md5Context  Pointer to MD5 context being initialized.
  @retval TRUE   MD5 context initialization succeeded.
  @retval FALSE  MD5 context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -204,12 +220,14 @@ Md5Init (
  If Md5Context is NULL, then return FALSE.
  If NewMd5Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  Md5Context     Pointer to MD5 context being copied.
  @param[out] NewMd5Context  Pointer to new MD5 context.
  @retval TRUE   MD5 context copy succeeded.
  @retval FALSE  MD5 context copy failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -228,6 +246,7 @@ Md5Duplicate (
  by Md5Final(). Behavior with invalid context is undefined.
  If Md5Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  Md5Context  Pointer to the MD5 context.
  @param[in]       Data        Pointer to the buffer containing the data to be hashed.
@ -235,6 +254,7 @@ Md5Duplicate (
  @retval TRUE   MD5 data digest succeeded.
  @retval FALSE  MD5 data digest failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -256,6 +276,7 @@ Md5Update (
  If Md5Context is NULL, then return FALSE.
  If HashValue is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  Md5Context  Pointer to the MD5 context.
  @param[out]      HashValue   Pointer to a buffer that receives the MD5 digest
@ -263,6 +284,7 @@ Md5Update (
  @retval TRUE   MD5 digest computation succeeded.
  @retval FALSE  MD5 digest computation failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -275,7 +297,10 @@ Md5Final (
 /**
  Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for SHA-1 hash operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -289,11 +314,13 @@ Sha1GetContextSize (
  subsequent use.
  If Sha1Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  Sha1Context  Pointer to SHA-1 context being initialized.
  @retval TRUE   SHA-1 context initialization succeeded.
  @retval FALSE  SHA-1 context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -307,12 +334,14 @@ Sha1Init (
  If Sha1Context is NULL, then return FALSE.
  If NewSha1Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  Sha1Context     Pointer to SHA-1 context being copied.
  @param[out] NewSha1Context  Pointer to new SHA-1 context.
  @retval TRUE   SHA-1 context copy succeeded.
  @retval FALSE  SHA-1 context copy failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -331,6 +360,7 @@ Sha1Duplicate (
  by Sha1Final(). Behavior with invalid context is undefined.
  If Sha1Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
  @param[in]       Data         Pointer to the buffer containing the data to be hashed.
@ -338,6 +368,7 @@ Sha1Duplicate (
  @retval TRUE   SHA-1 data digest succeeded.
  @retval FALSE  SHA-1 data digest failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -359,6 +390,7 @@ Sha1Update (
  If Sha1Context is NULL, then return FALSE.
  If HashValue is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
  @param[out]      HashValue    Pointer to a buffer that receives the SHA-1 digest
@ -366,6 +398,7 @@ Sha1Update (
  @retval TRUE   SHA-1 digest computation succeeded.
  @retval FALSE  SHA-1 digest computation failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -410,12 +443,14 @@ Sha256Init (
  If Sha256Context is NULL, then return FALSE.
  If NewSha256Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  Sha256Context     Pointer to SHA-256 context being copied.
  @param[out] NewSha256Context  Pointer to new SHA-256 context.
  @retval TRUE   SHA-256 context copy succeeded.
  @retval FALSE  SHA-256 context copy failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -486,7 +521,10 @@ Sha256Final (
 /**
  Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for HMAC-MD5 operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -500,6 +538,7 @@ HmacMd5GetContextSize (
  subsequent use.
  If HmacMd5Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.
  @param[in]   Key             Pointer to the user-supplied key.
@ -507,6 +546,7 @@ HmacMd5GetContextSize (
  @retval TRUE   HMAC-MD5 context initialization succeeded.
  @retval FALSE  HMAC-MD5 context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -522,12 +562,14 @@ HmacMd5Init (
  If HmacMd5Context is NULL, then return FALSE.
  If NewHmacMd5Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.
  @param[out] NewHmacMd5Context  Pointer to new HMAC-MD5 context.
  @retval TRUE   HMAC-MD5 context copy succeeded.
  @retval FALSE  HMAC-MD5 context copy failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -546,6 +588,7 @@ HmacMd5Duplicate (
  finalized by HmacMd5Final(). Behavior with invalid context is undefined.
  If HmacMd5Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
  @param[in]       Data            Pointer to the buffer containing the data to be digested.
@ -553,6 +596,7 @@ HmacMd5Duplicate (
  @retval TRUE   HMAC-MD5 data digest succeeded.
  @retval FALSE  HMAC-MD5 data digest failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -574,6 +618,7 @@ HmacMd5Update (
  If HmacMd5Context is NULL, then return FALSE.
  If HashValue is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
  @param[out]      HashValue       Pointer to a buffer that receives the HMAC-MD5 digest
@ -581,6 +626,7 @@ HmacMd5Update (
  @retval TRUE   HMAC-MD5 digest computation succeeded.
  @retval FALSE  HMAC-MD5 digest computation failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -593,7 +639,10 @@ HmacMd5Final (
 /**
  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -607,6 +656,7 @@ HmacSha1GetContextSize (
  subsequent use.
  If HmacSha1Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.
  @param[in]   Key              Pointer to the user-supplied key.
@ -614,6 +664,7 @@ HmacSha1GetContextSize (
  @retval TRUE   HMAC-SHA1 context initialization succeeded.
  @retval FALSE  HMAC-SHA1 context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -629,12 +680,14 @@ HmacSha1Init (
  If HmacSha1Context is NULL, then return FALSE.
  If NewHmacSha1Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.
  @retval TRUE   HMAC-SHA1 context copy succeeded.
  @retval FALSE  HMAC-SHA1 context copy failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -653,6 +706,7 @@ HmacSha1Duplicate (
  be finalized by HmacSha1Final(). Behavior with invalid context is undefined.
  If HmacSha1Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
  @param[in]       Data            Pointer to the buffer containing the data to be digested.
@ -660,6 +714,7 @@ HmacSha1Duplicate (
  @retval TRUE   HMAC-SHA1 data digest succeeded.
  @retval FALSE  HMAC-SHA1 data digest failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -681,6 +736,7 @@ HmacSha1Update (
  If HmacSha1Context is NULL, then return FALSE.
  If HashValue is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
  @param[out]      HashValue        Pointer to a buffer that receives the HMAC-SHA1 digest
@ -688,6 +744,7 @@ HmacSha1Update (
  @retval TRUE   HMAC-SHA1 digest computation succeeded.
  @retval FALSE  HMAC-SHA1 digest computation failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -705,7 +762,10 @@ HmacSha1Final (
 /**
  Retrieves the size, in bytes, of the context buffer required for TDES operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for TDES operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -728,6 +788,7 @@ TdesGetContextSize (
  If TdesContext is NULL, then return FALSE.
  If Key is NULL, then return FALSE.
  If KeyLength is not valid, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  TdesContext  Pointer to TDES context being initialized.
  @param[in]   Key          Pointer to the user-supplied TDES key.
@ -735,6 +796,7 @@ TdesGetContextSize (
  @retval TRUE   TDES context initialization succeeded.
  @retval FALSE  TDES context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -759,6 +821,7 @@ TdesInit (
  If Input is NULL, then return FALSE.
  If InputSize is not multiple of block size (8 bytes), then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
@ -767,6 +830,7 @@ TdesInit (
  @retval TRUE   TDES encryption succeeded.
  @retval FALSE  TDES encryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -792,6 +856,7 @@ TdesEcbEncrypt (
  If Input is NULL, then return FALSE.
  If InputSize is not multiple of block size (8 bytes), then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be decrypted.
@ -800,6 +865,7 @@ TdesEcbEncrypt (
  @retval TRUE   TDES decryption succeeded.
  @retval FALSE  TDES decryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -827,6 +893,7 @@ TdesEcbDecrypt (
  If InputSize is not multiple of block size (8 bytes), then return FALSE.
  If Ivec is NULL, then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
@ -836,6 +903,7 @@ TdesEcbDecrypt (
  @retval TRUE   TDES encryption succeeded.
  @retval FALSE  TDES encryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -864,6 +932,7 @@ TdesCbcEncrypt (
  If InputSize is not multiple of block size (8 bytes), then return FALSE.
  If Ivec is NULL, then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
@ -873,6 +942,7 @@ TdesCbcEncrypt (
  @retval TRUE   TDES decryption succeeded.
  @retval FALSE  TDES decryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -888,7 +958,10 @@ TdesCbcDecrypt (
 /**
  Retrieves the size, in bytes, of the context buffer required for AES operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for AES operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -908,6 +981,7 @@ AesGetContextSize (
  If AesContext is NULL, then return FALSE.
  If Key is NULL, then return FALSE.
  If KeyLength is not valid, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  AesContext  Pointer to AES context being initialized.
  @param[in]   Key         Pointer to the user-supplied AES key.
@ -915,6 +989,7 @@ AesGetContextSize (
  @retval TRUE   AES context initialization succeeded.
  @retval FALSE  AES context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -939,6 +1014,7 @@ AesInit (
  If Input is NULL, then return FALSE.
  If InputSize is not multiple of block size (16 bytes), then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
@ -947,6 +1023,7 @@ AesInit (
  @retval TRUE   AES encryption succeeded.
  @retval FALSE  AES encryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -972,6 +1049,7 @@ AesEcbEncrypt (
  If Input is NULL, then return FALSE.
  If InputSize is not multiple of block size (16 bytes), then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
@ -980,6 +1058,7 @@ AesEcbEncrypt (
  @retval TRUE   AES decryption succeeded.
  @retval FALSE  AES decryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1007,6 +1086,7 @@ AesEcbDecrypt (
  If InputSize is not multiple of block size (16 bytes), then return FALSE.
  If Ivec is NULL, then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
@ -1016,6 +1096,7 @@ AesEcbDecrypt (
  @retval TRUE   AES encryption succeeded.
  @retval FALSE  AES encryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1044,6 +1125,7 @@ AesCbcEncrypt (
  If InputSize is not multiple of block size (16 bytes), then return FALSE.
  If Ivec is NULL, then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
@ -1053,6 +1135,7 @@ AesCbcEncrypt (
  @retval TRUE   AES decryption succeeded.
  @retval FALSE  AES decryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1068,7 +1151,10 @@ AesCbcDecrypt (
 /**
  Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
  If this interface is not supported, then return zero.
  @return  The size, in bytes, of the context buffer required for ARC4 operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
@ -1087,6 +1173,7 @@ Arc4GetContextSize (
  If Arc4Context is NULL, then return FALSE.
  If Key is NULL, then return FALSE.
  If KeySize does not in the range of [5, 256] bytes, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
  @param[in]   Key          Pointer to the user-supplied ARC4 key.
@ -1094,6 +1181,7 @@ Arc4GetContextSize (
  @retval TRUE   ARC4 context initialization succeeded.
  @retval FALSE  ARC4 context initialization failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1115,6 +1203,7 @@ Arc4Init (
  If Arc4Context is NULL, then return FALSE.
  If Input is NULL, then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   Arc4Context  Pointer to the ARC4 context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
@ -1123,6 +1212,7 @@ Arc4Init (
  @retval TRUE   ARC4 encryption succeeded.
  @retval FALSE  ARC4 encryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1145,6 +1235,7 @@ Arc4Encrypt (
  If Arc4Context is NULL, then return FALSE.
  If Input is NULL, then return FALSE.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]   Arc4Context  Pointer to the ARC4 context.
  @param[in]   Input        Pointer to the buffer containing the data to be decrypted.
@ -1153,6 +1244,7 @@ Arc4Encrypt (
  @retval TRUE   ARC4 decryption succeeded.
  @retval FALSE  ARC4 decryption failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1173,11 +1265,13 @@ Arc4Decrypt (
  should be already correctly initialized by ARC4Init().
  If Arc4Context is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @retval TRUE   ARC4 reset succeeded.
  @retval FALSE  ARC4 reset failed.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1262,6 +1356,7 @@ RsaSetKey (
  If RsaContext is NULL, then return FALSE.
  If BnSize is NULL, then return FALSE.
  If BnSize is large enough but BigNumber is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  RsaContext  Pointer to RSA context being set.
  @param[in]       KeyTag      Tag of RSA key component being set.
@ -1272,6 +1367,7 @@ RsaSetKey (
  @retval  TRUE   RSA key component was retrieved successfully.
  @retval  FALSE  Invalid RSA key component tag.
  @retval  FALSE  BnSize is too small.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1294,6 +1390,7 @@ RsaGetKey (
  initialized by RandomSeed().
  If RsaContext is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  RsaContext           Pointer to RSA context being set.
  @param[in]       ModulusLength        Length of RSA modulus N in bits.
@ -1302,6 +1399,7 @@ RsaGetKey (
  @retval  TRUE   RSA key component was generated successfully.
  @retval  FALSE  Invalid RSA key component tag.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1323,11 +1421,13 @@ RsaGenerateKey (
  - Whether d*e = 1  mod lcm(p-1,q-1)
  If RsaContext is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  RsaContext  Pointer to RSA context to check.
  @retval  TRUE   RSA key components are valid.
  @retval  FALSE  RSA key components are not valid.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1348,6 +1448,7 @@ RsaCheckKey (
  If MessageHash is NULL, then return FALSE.
  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
  If SigSize is large enough but Signature is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]      RsaContext   Pointer to RSA context for signature generation.
  @param[in]      MessageHash  Pointer to octet message hash to be signed.
@ -1359,6 +1460,7 @@ RsaCheckKey (
  @retval  TRUE   Signature successfully generated in PKCS1-v1_5.
  @retval  FALSE  Signature generation failed.
  @retval  FALSE  SigSize is too small.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1403,6 +1505,10 @@ RsaPkcs1Verify (
 /**
  Retrieve the RSA Private Key from the password-protected PEM key data.
  If PemData is NULL, then return FALSE.
  If RsaContext is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.
  @param[in]  PemSize      Size of the PEM key data in bytes.
  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.
@ -1410,11 +1516,10 @@ RsaPkcs1Verify (
                           RSA private key component. Use RsaFree() function to free the
                           resource.
  If PemData is NULL, then return FALSE.
  If RsaContext is NULL, then return FALSE.
  @retval  TRUE   RSA Private Key was retrieved successfully.
  @retval  FALSE  Invalid PEM key data or incorrect password.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1429,17 +1534,19 @@ RsaGetPrivateKeyFromPem (
 /**
  Retrieve the RSA Public Key from one DER-encoded X509 certificate.
  If Cert is NULL, then return FALSE.
  If RsaContext is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  Cert         Pointer to the DER-encoded X509 certificate.
  @param[in]  CertSize     Size of the X509 certificate in bytes.
  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
                           RSA public key component. Use RsaFree() function to free the
                           resource.
  If Cert is NULL, then return FALSE.
  If RsaContext is NULL, then return FALSE.
  @retval  TRUE   RSA Public Key was retrieved successfully.
  @retval  FALSE  Fail to retrieve RSA public key from X509 certificate.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1453,18 +1560,20 @@ RsaGetPublicKeyFromX509 (
 /**
  Retrieve the subject bytes from one X.509 certificate.
  If Cert is NULL, then return FALSE.
  If SubjectSize is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]      Cert         Pointer to the DER-encoded X509 certificate.
  @param[in]      CertSize     Size of the X509 certificate in bytes.
  @param[out]     CertSubject  Pointer to the retrieved certificate subject bytes.
  @param[in, out] SubjectSize  The size in bytes of the CertSubject buffer on input,
                               and the size of buffer returned CertSubject on output.
  If Cert is NULL, then return FALSE.
  If SubjectSize is NULL, then return FALSE.
  @retval  TRUE   The certificate subject retrieved successfully.
  @retval  FALSE  Invalid certificate, or the SubjectSize is too small for the result.
                  The SubjectSize will be updated with the required size.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1479,17 +1588,19 @@ X509GetSubjectName (
 /**
  Verify one X509 certificate was issued by the trusted CA.
  If Cert is NULL, then return FALSE.
  If CACert is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.
  @param[in]      CertSize     Size of the X509 certificate in bytes.
  @param[in]      CACert       Pointer to the DER-encoded trusted CA certificate.
  @param[in]      CACertSize   Size of the CA Certificate in bytes.
  If Cert is NULL, then return FALSE.
  If CACert is NULL, then return FALSE.
  @retval  TRUE   The certificate was issued by the trusted CA.
  @retval  FALSE  Invalid certificate or the certificate was not issued by the given
                  trusted CA.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1506,6 +1617,7 @@ X509VerifyCert (
  If Cert is NULL, then return FALSE.
  If SingleX509Cert is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  Cert            Pointer to the DER-encoded certificate data.
  @param[in]  CertSize        The size of certificate data in bytes.
@ -1513,6 +1625,7 @@ X509VerifyCert (
  @retval     TRUE            The X509 object generation succeeded.
  @retval     FALSE           The operation failed.
  @retval     FALSE           This interface is not supported.
 **/
 BOOLEAN
@ -1527,6 +1640,7 @@ X509ConstructCertificate (
  Construct a X509 stack object from a list of DER-encoded certificate data.
  If X509Stack is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
                              On output, pointer to the X509 stack object with new
@ -1537,6 +1651,7 @@ X509ConstructCertificate (
  @retval     TRUE            The X509 stack construction succeeded.
  @retval     FALSE           The construction operation failed.
  @retval     FALSE           This interface is not supported.
 **/
 BOOLEAN
@ -1549,7 +1664,7 @@ X509ConstructCertificateStack (
 /**
  Release the specified X509 object.
-  If X509Cert is NULL, then return FALSE.
+  If the interface is not supported, then ASSERT().
  @param[in]  X509Cert  Pointer to the X509 object to be released.
@ -1563,7 +1678,7 @@ X509Free (
 /**
  Release the specified X509 stack object.
-  If X509Stack is NULL, then return FALSE.
+  If the interface is not supported, then ASSERT().
  @param[in]  X509Stack  Pointer to the X509 stack object to be released.
@ -1581,6 +1696,7 @@ X509StackFree (
  If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
  return FALSE. If P7Length overflow, then return FAlSE.
  If this interface is not supported, then return FALSE.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
@ -1593,6 +1709,7 @@ X509StackFree (
  @retval  TRUE            The operation is finished successfully.
  @retval  FALSE           Error occurs during the operation.
  @retval  FALSE           This interface is not supported.
 **/
 BOOLEAN
@ -1609,6 +1726,8 @@ Pkcs7GetSigners (
 /**
  Wrap function to use free() to free allocated memory for certificates.
  If this interface is not supported, then ASSERT().
  @param[in]  Certs        Pointer to the certificates to be freed.
 **/
@ -1623,6 +1742,8 @@ Pkcs7FreeSigners (
  Syntax Standard, version 1.5". This interface is only intended to be used for
  application to perform PKCS#7 functionality validation.
  If this interface is not supported, then return FALSE.
  @param[in]  PrivateKey       Pointer to the PEM-formatted private key data for
                               data signing.
  @param[in]  PrivateKeySize   Size of the PEM private key data in bytes.
@ -1639,6 +1760,7 @@ Pkcs7FreeSigners (
  @retval     TRUE             PKCS#7 data signing succeeded.
  @retval     FALSE            PKCS#7 data signing failed.
  @retval     FALSE            This interface is not supported.
 **/
 BOOLEAN
@ -1662,6 +1784,7 @@ Pkcs7Sign (
  If P7Data, TrustedCert or InData is NULL, then return FALSE.
  If P7Length, CertLength or DataLength overflow, then return FAlSE.
  If this interface is not supported, then return FALSE.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
@ -1673,6 +1796,7 @@ Pkcs7Sign (
  @retval  TRUE  The specified PKCS#7 signed data is valid.
  @retval  FALSE Invalid PKCS#7 signed data.
  @retval  FALSE This interface is not supported.
 **/
 BOOLEAN
@ -1692,6 +1816,7 @@ Pkcs7Verify (
  If AuthData is NULL, then return FALSE.
  If ImageHash is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
                           PE/COFF image to be verified.
@ -1706,6 +1831,7 @@ Pkcs7Verify (
  @retval  TRUE   The specified Authenticode Signature is valid.
  @retval  FALSE  Invalid Authenticode Signature.
  @retval  FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1728,6 +1854,7 @@ AuthenticodeVerify (
  @return  Pointer to the Diffie-Hellman Context that has been initialized.
           If the allocations fails, DhNew() returns NULL.
           If the interface is not supported, DhNew() returns NULL.
 **/
 VOID *
@ -1739,7 +1866,7 @@ DhNew (
 /**
  Release the specified DH context.
-  If DhContext is NULL, then return FALSE.
+  If the interface is not supported, then ASSERT().
  @param[in]  DhContext  Pointer to the DH context to be released.
@ -1761,6 +1888,7 @@ DhFree (
  If DhContext is NULL, then return FALSE.
  If Prime is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  DhContext    Pointer to the DH context.
  @param[in]       Generator    Value of generator.
@ -1770,6 +1898,7 @@ DhFree (
  @retval TRUE   DH pamameter generation succeeded.
  @retval FALSE  Value of Generator is not supported.
  @retval FALSE  PRNG fails to generate random prime number with PrimeLength.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1789,6 +1918,7 @@ DhGenerateParameter (
  If DhContext is NULL, then return FALSE.
  If Prime is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  DhContext    Pointer to the DH context.
  @param[in]       Generator    Value of generator.
@ -1800,6 +1930,7 @@ DhGenerateParameter (
  @retval FALSE  Value of Generator is not suitable for the Prime.
  @retval FALSE  Value of Prime is not a prime number.
  @retval FALSE  Value of Prime is not a safe prime number.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1822,6 +1953,7 @@ DhSetParameter (
  If DhContext is NULL, then return FALSE.
  If PublicKeySize is NULL, then return FALSE.
  If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  DhContext      Pointer to the DH context.
  @param[out]      PublicKey      Pointer to the buffer to receive generated public key.
@ -1831,6 +1963,7 @@ DhSetParameter (
  @retval TRUE   DH public key generation succeeded.
  @retval FALSE  DH public key generation failed.
  @retval FALSE  PublicKeySize is not large enough.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1851,6 +1984,7 @@ DhGenerateKey (
  If PeerPublicKey is NULL, then return FALSE.
  If KeySize is NULL, then return FALSE.
  If KeySize is large enough but Key is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[in, out]  DhContext          Pointer to the DH context.
  @param[in]       PeerPublicKey      Pointer to the peer's public key.
@ -1862,6 +1996,7 @@ DhGenerateKey (
  @retval TRUE   DH exchanged key generation succeeded.
  @retval FALSE  DH exchanged key generation failed.
  @retval FALSE  KeySize is not large enough.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1884,6 +2019,7 @@ DhComputeKey (
  This function sets up the seed value for the pseudorandom number generator.
  If Seed is not NULL, then the seed passed in is used.
  If Seed is NULL, then default seed is used.
  If this interface is not supported, then return FALSE.
  @param[in]  Seed      Pointer to seed value.
                        If NULL, default seed is used.
@ -1892,6 +2028,7 @@ DhComputeKey (
  @retval TRUE   Pseudorandom number generator has enough entropy for random generation.
  @retval FALSE  Pseudorandom number generator does not have enough entropy for random generation.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
@ -1905,12 +2042,14 @@ RandomSeed (
  Generates a pseudorandom byte stream of the specified size.
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
  @param[out]  Output  Pointer to buffer to receive random value.
  @param[in]   Size    Size of randome bytes to generate.
  @retval TRUE   Pseudorandom byte stream generated successfully.
  @retval FALSE  Pseudorandom number generator fails to generate due to lack of entropy.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@ -21,9 +21,9 @@
  INF_VERSION                    = 0x00010005
  BASE_NAME                      = BaseCryptLib
  FILE_GUID                      = be3bb803-91b6-4da0-bd91-a8b21c18ca5d
-  MODULE_TYPE                    = BASE
+  MODULE_TYPE                    = DXE_DRIVER
  VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = BaseCryptLib
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
 #
 # The following information is for reference only and not required by the build tools.
@ -42,8 +42,10 @@
  Cipher/CryptAes.c
  Cipher/CryptTdes.c
  Cipher/CryptArc4.c
-  Pk/CryptRsa.c
+  Pk/CryptRsaBasic.c
-  Pk/CryptPkcs7.c
+  Pk/CryptRsaExt.c
  Pk/CryptPkcs7Sign.c
  Pk/CryptPkcs7Verify.c
  Pk/CryptDh.c
  Pk/CryptX509.c
  Pk/CryptAuthenticode.c
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
@ -0,0 +1,165 @@
 /** @file
  AES Wrapper Implementation which does not provide real capabilities.  
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for AES operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 AesGetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory as AES context for subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  AesContext  Pointer to AES context being initialized.
  @param[in]   Key         Pointer to the user-supplied AES key.
  @param[in]   KeyLength   Length of AES key in bits.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesInit (
  OUT  VOID         *AesContext,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeyLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES encryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesEcbEncrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES decryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesEcbDecrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES encryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[in]   Ivec        Pointer to initialization vector.
  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesCbcEncrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES decryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[in]   Ivec        Pointer to initialization vector.
  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesCbcDecrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {  
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
@ -0,0 +1,130 @@
 /** @file 
  ARC4 Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 Arc4GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory as ARC4 context for subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
  @param[in]   Key          Pointer to the user-supplied ARC4 key.
  @param[in]   KeySize      Size of ARC4 key in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Init (
  OUT  VOID         *Arc4Context,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs ARC4 encryption on a data buffer of the specified size.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @param[in]       Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]       InputSize    Size of the Input buffer in bytes.
  @param[out]      Output       Pointer to a buffer that receives the ARC4 encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Encrypt (
  IN OUT  VOID         *Arc4Context,
  IN      CONST UINT8  *Input,
  IN      UINTN        InputSize,
  OUT     UINT8        *Output
  )
 { 
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs ARC4 decryption on a data buffer of the specified size.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @param[in]       Input        Pointer to the buffer containing the data to be decrypted.
  @param[in]       InputSize    Size of the Input buffer in bytes.
  @param[out]      Output       Pointer to a buffer that receives the ARC4 decryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Decrypt (
  IN OUT  VOID   *Arc4Context,
  IN      UINT8  *Input,
  IN      UINTN  InputSize,
  OUT     UINT8  *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Resets the ARC4 context to the initial state.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Reset (
  IN OUT  VOID  *Arc4Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
@ -0,0 +1,166 @@
 /** @file
  TDES Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for TDES operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 TdesGetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory as TDES context for subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  TdesContext  Pointer to TDES context being initialized.
  @param[in]   Key          Pointer to the user-supplied TDES key.
  @param[in]   KeyLength    Length of TDES key in bits.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesInit (
  OUT  VOID         *TdesContext,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeyLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES encryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesEcbEncrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES decryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be decrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[out]  Output       Pointer to a buffer that receives the TDES decryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesEcbDecrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES encryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[in]   Ivec         Pointer to initialization vector.
  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesCbcEncrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES decryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[in]   Ivec         Pointer to initialization vector.
  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesCbcDecrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
@ -0,0 +1,124 @@
 /** @file
  MD4 Digest Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for MD4 hash
  operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 Md4GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
  subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Md4Context  Pointer to MD4 context being initialized.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Init (
  OUT  VOID  *Md4Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing MD4 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Md4Context     Pointer to MD4 context being copied.
  @param[out] NewMd4Context  Pointer to new MD4 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Duplicate (
  IN   CONST VOID  *Md4Context,
  OUT  VOID        *NewMd4Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates MD4 context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Md4Context  Pointer to the MD4 context.
  @param[in]       Data        Pointer to the buffer containing the data to be hashed.
  @param[in]       DataSize    Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Update (
  IN OUT  VOID        *Md4Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the MD4 digest value.
  Return FALSE to indicate this interface is not supported.  
  @param[in, out]  Md4Context  Pointer to the MD4 context.
  @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest
                               value (16 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Final (
  IN OUT  VOID   *Md4Context,
  OUT     UINT8  *HashValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
@ -0,0 +1,127 @@
 /** @file
  HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 HmacMd5GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
  subsequent use. 
  Return FALSE to indicate this interface is not supported.  
  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.
  @param[in]   Key             Pointer to the user-supplied key.
  @param[in]   KeySize         Key size in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Init (
  OUT  VOID         *HmacMd5Context,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing HMAC-MD5 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.
  @param[out] NewHmacMd5Context  Pointer to new HMAC-MD5 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Duplicate (
  IN   CONST VOID  *HmacMd5Context,
  OUT  VOID        *NewHmacMd5Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates HMAC-MD5 context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
  @param[in]       Data            Pointer to the buffer containing the data to be digested.
  @param[in]       DataSize        Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Update (
  IN OUT  VOID        *HmacMd5Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the HMAC-MD5 digest value.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
  @param[out]      HmacValue       Pointer to a buffer that receives the HMAC-MD5 digest
                                   value (16 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Final (
  IN OUT  VOID   *HmacMd5Context,
  OUT     UINT8  *HmacValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
@ -0,0 +1,127 @@
 /** @file
  HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.  
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 HmacSha1GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
  subsequent use.
  Return FALSE to indicate this interface is not supported.  
  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.
  @param[in]   Key              Pointer to the user-supplied key.
  @param[in]   KeySize          Key size in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Init (
  OUT  VOID         *HmacSha1Context,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing HMAC-SHA1 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Duplicate (
  IN   CONST VOID  *HmacSha1Context,
  OUT  VOID        *NewHmacSha1Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates HMAC-SHA1 context.
  Return FALSE to indicate this interface is not supported.  
  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
  @param[in]       Data            Pointer to the buffer containing the data to be digested.
  @param[in]       DataSize        Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Update (
  IN OUT  VOID        *HmacSha1Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the HMAC-SHA1 digest value.
  Return FALSE to indicate this interface is not supported.  
  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest
                                    value (20 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Final (
  IN OUT  VOID   *HmacSha1Context,
  OUT     UINT8  *HmacValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@ -6,6 +6,12 @@
 #  This external input must be validated carefully to avoid security issue like
 #  buffer overflow, integer overflow.
 #
 #  Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
 #  TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
 #  Diffie-Hellman functions, X.509 certificate handler functions, authenticode
 #  signature verification functions, PEM handler functions, pseudorandom number
 #  generator functions are not supported in this instance.
 #
 #  Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -23,7 +29,7 @@
  FILE_GUID                      = 9a2a4375-194c-4e97-9f67-547ec98d96ca
  MODULE_TYPE                    = PEIM
  VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = BaseCryptLib|PEIM PEI_CORE SEC
+  LIBRARY_CLASS                  = BaseCryptLib|PEIM PEI_CORE
 #
 # The following information is for reference only and not required by the build tools.
@ -32,14 +38,32 @@
 #
 [Sources]
  Hash/CryptMd4Null.c
  Hash/CryptMd5.c
  Hash/CryptSha1.c
  Hash/CryptSha256.c
-  Pk/CryptRsa.c
+  Hmac/CryptHmacMd5Null.c
  Hmac/CryptHmacSha1Null.c
  Cipher/CryptAesNull.c
  Cipher/CryptTdesNull.c
  Cipher/CryptArc4Null.c
  Pk/CryptRsaBasic.c
  Pk/CryptRsaExtNull.c
  Pk/CryptPkcs7SignNull.c
  Pk/CryptPkcs7Verify.c
  Pk/CryptDhNull.c
  Pk/CryptX509Null.c
  Pk/CryptAuthenticodeNull.c
  Pem/CryptPemNull.c
  Rand/CryptRandNull.c
  SysCall/CrtWrapper.c
  SysCall/BaseMemAllocation.c
 [Sources.Ia32]
  SysCall/Ia32/MathMultS64x64.c     | MSFT
  SysCall/Ia32/MathDivU64x64.c      | MSFT
--- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c
@ -0,0 +1,44 @@
 /** @file
  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does
  not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieve the RSA Private Key from the password-protected PEM key data.
  Return FALSE to indicate this interface is not supported.
  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.
  @param[in]  PemSize      Size of the PEM key data in bytes.
  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.
  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
                           RSA private key component. Use RsaFree() function to free the
                           resource.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGetPrivateKeyFromPem (
  IN   CONST UINT8  *PemData,
  IN   UINTN        PemSize,
  IN   CONST CHAR8  *Password,
  OUT  VOID         **RsaContext
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticodeNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticodeNull.c
@ -0,0 +1,51 @@
 /** @file
  Authenticode Portable Executable Signature Verification which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
  Authenticode Portable Executable Signature Format".
  Return FALSE to indicate this interface is not supported.
  @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
                           PE/COFF image to be verified.
  @param[in]  DataSize     Size of the Authenticode Signature in bytes.
  @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
                           is used for certificate chain verification.
  @param[in]  CertSize     Size of the trusted certificate in bytes.
  @param[in]  ImageHash    Pointer to the original image file hash value. The procudure
                           for calculating the image hash value is described in Authenticode
                           specification.
  @param[in]  HashSize     Size of Image hash value in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AuthenticodeVerify (
  IN  CONST UINT8  *AuthData,
  IN  UINTN        DataSize,
  IN  CONST UINT8  *TrustedCert,
  IN  UINTN        CertSize,
  IN  CONST UINT8  *ImageHash,
  IN  UINTN        HashSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c
@ -0,0 +1,156 @@
 /** @file
  Diffie-Hellman Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Allocates and Initializes one Diffie-Hellman Context for subsequent use.
  @return  Pointer to the Diffie-Hellman Context that has been initialized.
           If the interface is not supported, DhNew() returns NULL.
 **/
 VOID *
 EFIAPI
 DhNew (
  VOID
  )
 {
  ASSERT (FALSE);
  return NULL;
 }
 /**
  Release the specified DH context.
  If the interface is not supported, then ASSERT().
  @param[in]  DhContext  Pointer to the DH context to be released.
 **/
 VOID
 EFIAPI
 DhFree (
  IN  VOID  *DhContext
  )
 {
  ASSERT (FALSE);
 }
 /**
  Generates DH parameter.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext    Pointer to the DH context.
  @param[in]       Generator    Value of generator.
  @param[in]       PrimeLength  Length in bits of prime to be generated.
  @param[out]      Prime        Pointer to the buffer to receive the generated prime number.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhGenerateParameter (
  IN OUT  VOID   *DhContext,
  IN      UINTN  Generator,
  IN      UINTN  PrimeLength,
  OUT     UINT8  *Prime
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Sets generator and prime parameters for DH.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext    Pointer to the DH context.
  @param[in]       Generator    Value of generator.
  @param[in]       PrimeLength  Length in bits of prime to be generated.
  @param[in]       Prime        Pointer to the prime number.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhSetParameter (
  IN OUT  VOID         *DhContext,
  IN      UINTN        Generator,
  IN      UINTN        PrimeLength,
  IN      CONST UINT8  *Prime
  )
 {
  ASSERT (FALSE);
  return FALSE; 
 }
 /**
  Generates DH public key.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext      Pointer to the DH context.
  @param[out]      PublicKey      Pointer to the buffer to receive generated public key.
  @param[in, out]  PublicKeySize  On input, the size of PublicKey buffer in bytes.
                                  On output, the size of data returned in PublicKey buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhGenerateKey (
  IN OUT  VOID   *DhContext,
  OUT     UINT8  *PublicKey,
  IN OUT  UINTN  *PublicKeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Computes exchanged common key.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext          Pointer to the DH context.
  @param[in]       PeerPublicKey      Pointer to the peer's public key.
  @param[in]       PeerPublicKeySize  Size of peer's public key in bytes.
  @param[out]      Key                Pointer to the buffer to receive generated key.
  @param[in, out]  KeySize            On input, the size of Key buffer in bytes.
                                      On output, the size of data returned in Key buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhComputeKey (
  IN OUT  VOID         *DhContext,
  IN      CONST UINT8  *PeerPublicKey,
  IN      UINTN        PeerPublicKeySize,
  OUT     UINT8        *Key,
  IN OUT  UINTN        *KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
@ -0,0 +1,197 @@
 /** @file
  PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 /**
  Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
  Syntax Standard, version 1.5". This interface is only intended to be used for
  application to perform PKCS#7 functionality validation.
  @param[in]  PrivateKey       Pointer to the PEM-formatted private key data for
                               data signing.
  @param[in]  PrivateKeySize   Size of the PEM private key data in bytes.
  @param[in]  KeyPassword      NULL-terminated passphrase used for encrypted PEM
                               key data.
  @param[in]  InData           Pointer to the content to be signed.
  @param[in]  InDataSize       Size of InData in bytes.
  @param[in]  SignCert         Pointer to signer's DER-encoded certificate to sign with.
  @param[in]  OtherCerts       Pointer to an optional additional set of certificates to
                               include in the PKCS#7 signedData (e.g. any intermediate
                               CAs in the chain).
  @param[out] SignedData       Pointer to output PKCS#7 signedData.
  @param[out] SignedDataSize   Size of SignedData in bytes.
  @retval     TRUE             PKCS#7 data signing succeeded.
  @retval     FALSE            PKCS#7 data signing failed.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7Sign (
  IN   CONST UINT8  *PrivateKey,
  IN   UINTN        PrivateKeySize,
  IN   CONST UINT8  *KeyPassword,
  IN   UINT8        *InData,
  IN   UINTN        InDataSize,
  IN   UINT8        *SignCert,
  IN   UINT8        *OtherCerts      OPTIONAL,
  OUT  UINT8        **SignedData,
  OUT  UINTN        *SignedDataSize
  )
 {
  BOOLEAN   Status;
  EVP_PKEY  *Key;
  BIO       *DataBio;
  PKCS7     *Pkcs7;
  UINT8     *RsaContext;
  UINT8     *P7Data;
  UINTN     P7DataSize;
  UINT8     *Tmp;
  //
  // Check input parameters.
  //
  if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
    SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
    return FALSE;
  }
  RsaContext = NULL;
  Key        = NULL;
  Pkcs7      = NULL;
  DataBio    = NULL;
  Status     = FALSE;
  //
  // Retrieve RSA private key from PEM data.
  //
  Status = RsaGetPrivateKeyFromPem (
             PrivateKey,
             PrivateKeySize,
             (CONST CHAR8 *) KeyPassword,
             (VOID **) &RsaContext
             );
  if (!Status) {
    return Status;
  }
  //
  // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
  //
  EVP_add_digest (EVP_md5());
  EVP_add_digest (EVP_sha1());
  EVP_add_digest (EVP_sha256());
  RandomSeed (NULL, 0);
  //
  // Construct OpenSSL EVP_PKEY for private key.
  //
  Key = EVP_PKEY_new ();
  if (Key == NULL) {
    Status = FALSE;
    goto _Exit;
  }
  Key->save_type = EVP_PKEY_RSA;
  Key->type      = EVP_PKEY_type (EVP_PKEY_RSA);
  Key->pkey.rsa  = (RSA *) RsaContext;
  //
  // Convert the data to be signed to BIO format. 
  //
  DataBio = BIO_new (BIO_s_mem ());
  BIO_write (DataBio, InData, (int) InDataSize);
  //
  // Create the PKCS#7 signedData structure.
  //
  Pkcs7 = PKCS7_sign (
            (X509 *) SignCert,
            Key,
            (STACK_OF(X509) *) OtherCerts,
            DataBio,
            PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
            );
  if (Pkcs7 == NULL) {
    Status = FALSE;
    goto _Exit;
  }
  //
  // Convert PKCS#7 signedData structure into DER-encoded buffer.
  //
  P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
  if (P7DataSize <= 19) {
    Status = FALSE;
    goto _Exit;
  }
  P7Data     = malloc (P7DataSize);
  if (P7Data == NULL) {
    Status = FALSE;
    goto _Exit;
  }
  Tmp        = P7Data;
  P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
  //
  // Strip ContentInfo to content only for signeddata. The data be trimmed off
  // is totally 19 bytes.
  //
  *SignedDataSize = P7DataSize - 19;
  *SignedData     = malloc (*SignedDataSize);
  if (*SignedData == NULL) {
    Status = FALSE;
    OPENSSL_free (P7Data);
    goto _Exit;
  }
  CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
  OPENSSL_free (P7Data);
  Status = TRUE;
 _Exit:
  //
  // Release Resources
  //
  if (RsaContext != NULL) {
    RsaFree (RsaContext);
    if (Key != NULL) {
      Key->pkey.rsa = NULL;
    }
  }
  if (Key != NULL) {
    EVP_PKEY_free (Key);
  }
  if (DataBio != NULL) {
    BIO_free (DataBio);
  }
  if (Pkcs7 != NULL) {
    PKCS7_free (Pkcs7);
  }
  return Status;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c
@ -0,0 +1,59 @@
 /** @file
  PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
  capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
  Syntax Standard, version 1.5". This interface is only intended to be used for
  application to perform PKCS#7 functionality validation.
  Return FALSE to indicate this interface is not supported.
  @param[in]  PrivateKey       Pointer to the PEM-formatted private key data for
                               data signing.
  @param[in]  PrivateKeySize   Size of the PEM private key data in bytes.
  @param[in]  KeyPassword      NULL-terminated passphrase used for encrypted PEM
                               key data.
  @param[in]  InData           Pointer to the content to be signed.
  @param[in]  InDataSize       Size of InData in bytes.
  @param[in]  SignCert         Pointer to signer's DER-encoded certificate to sign with.
  @param[in]  OtherCerts       Pointer to an optional additional set of certificates to
                               include in the PKCS#7 signedData (e.g. any intermediate
                               CAs in the chain).
  @param[out] SignedData       Pointer to output PKCS#7 signedData.
  @param[out] SignedDataSize   Size of SignedData in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7Sign (
  IN   CONST UINT8  *PrivateKey,
  IN   UINTN        PrivateKeySize,
  IN   CONST UINT8  *KeyPassword,
  IN   UINT8        *InData,
  IN   UINTN        InDataSize,
  IN   UINT8        *SignCert,
  IN   UINT8        *OtherCerts      OPTIONAL,
  OUT  UINT8        **SignedData,
  OUT  UINTN        *SignedDataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@ -0,0 +1,577 @@
 /** @file
  PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
  Caution: This module requires additional review when modified.
  This library will have external input - signature (e.g. UEFI Authenticated
  Variable). It may by input in SMM mode.
  This external input must be validated carefully to avoid security issue like
  buffer overflow, integer overflow.
  WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
  Variable and will do basic check for data structure.
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
 /**
  Verification callback function to override any existing callbacks in OpenSSL
  for intermediate certificate supports.
  @param[in]  Status   Original status before calling this callback.
  @param[in]  Context  X509 store context.
  @retval     1        Current X509 certificate is verified successfully.
  @retval     0        Verification failed.
 **/
 int
 X509VerifyCb (
  IN int            Status,
  IN X509_STORE_CTX *Context
  )
 {
  X509_OBJECT  *Obj;
  INTN         Error;
  INTN         Index;
  INTN         Count;
  Obj   = NULL;
  Error = (INTN) X509_STORE_CTX_get_error (Context);
  //
  // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_
  // CERT_LOCALLY mean a X509 certificate is not self signed and its issuer
  // can not be found in X509_verify_cert of X509_vfy.c.
  // In order to support intermediate certificate node, we override the
  // errors if the certification is obtained from X509 store, i.e. it is
  // a trusted ceritifcate node that is enrolled by user.
  // Besides,X509_V_ERR_CERT_UNTRUSTED and X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
  // are also ignored to enable such feature.
  //
  if ((Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
      (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)) {
    Obj = (X509_OBJECT *) malloc (sizeof (X509_OBJECT));
    if (Obj == NULL) {
      return 0;
    }
    Obj->type      = X509_LU_X509;
    Obj->data.x509 = Context->current_cert;
    CRYPTO_w_lock (CRYPTO_LOCK_X509_STORE);
    if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
      Status = 1;
    } else {
      //
      // If any certificate in the chain is enrolled as trusted certificate,
      // pass the certificate verification.
      //
      if (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
        Count = (INTN) sk_X509_num (Context->chain);
        for (Index = 0; Index < Count; Index++) {
          Obj->data.x509 = sk_X509_value (Context->chain, (int) Index);
          if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
            Status = 1;
            break;
          }
        }
      }
    }
    CRYPTO_w_unlock (CRYPTO_LOCK_X509_STORE);
  }
  if ((Error == X509_V_ERR_CERT_UNTRUSTED) ||
      (Error == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) {
    Status = 1;
  }
  if (Obj != NULL) {
    OPENSSL_free (Obj);
  }
  return Status;
 }
 /**
  Check input P7Data is a wrapped ContentInfo structure or not. If not construct
  a new structure to wrap P7Data.
  Caution: This function may receive untrusted input.
  UEFI Authenticated Variable is external input, so this function will do basic
  check for PKCS#7 data structure.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
  @param[out] WrapFlag     If TRUE P7Data is a ContentInfo structure, otherwise
                           return FALSE.
  @param[out] WrapData     If return status of this function is TRUE: 
                           1) when WrapFlag is TRUE, pointer to P7Data.
                           2) when WrapFlag is FALSE, pointer to a new ContentInfo
                           structure. It's caller's responsibility to free this
                           buffer.
  @param[out] WrapDataSize Length of ContentInfo structure in bytes.
  @retval     TRUE         The operation is finished successfully.
  @retval     FALSE        The operation is failed due to lack of resources.
 **/
 BOOLEAN
 WrapPkcs7Data (
  IN  CONST UINT8  *P7Data,
  IN  UINTN        P7Length,
  OUT BOOLEAN      *WrapFlag,
  OUT UINT8        **WrapData,
  OUT UINTN        *WrapDataSize
  )
 {
  BOOLEAN          Wrapped;
  UINT8            *SignedData;
  //
  // Check whether input P7Data is a wrapped ContentInfo structure or not.
  //
  Wrapped = FALSE;
  if ((P7Data[4] == 0x06) && (P7Data[5] == 0x09)) {
    if (CompareMem (P7Data + 6, mOidValue, sizeof (mOidValue)) == 0) {
      if ((P7Data[15] == 0xA0) && (P7Data[16] == 0x82)) {
        Wrapped = TRUE;
      }
    }
  }
  if (Wrapped) {
    *WrapData     = (UINT8 *) P7Data;
    *WrapDataSize = P7Length;
  } else {
    //
    // Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes.
    //
    *WrapDataSize = P7Length + 19;
    *WrapData     = malloc (*WrapDataSize);
    if (*WrapData == NULL) {
      *WrapFlag = Wrapped;
      return FALSE;
    }
    SignedData = *WrapData;
    //
    // Part1: 0x30, 0x82.
    //
    SignedData[0] = 0x30;
    SignedData[1] = 0x82;
    //
    // Part2: Length1 = P7Length + 19 - 4, in big endian.
    //
    SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);
    SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);
    //
    // Part3: 0x06, 0x09.
    //
    SignedData[4] = 0x06;
    SignedData[5] = 0x09;
    //
    // Part4: OID value -- 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x07 0x02.
    //
    CopyMem (SignedData + 6, mOidValue, sizeof (mOidValue));
    //
    // Part5: 0xA0, 0x82.
    //
    SignedData[15] = 0xA0;
    SignedData[16] = 0x82;
    //
    // Part6: Length2 = P7Length, in big endian.
    //
    SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);
    SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);
    //
    // Part7: P7Data.
    //
    CopyMem (SignedData + 19, P7Data, P7Length);
  }
  *WrapFlag = Wrapped;
  return TRUE;
 }
 /**
  Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
  Cryptographic Message Syntax Standard". The input signed data could be wrapped
  in a ContentInfo structure.
  If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
  return FALSE. If P7Length overflow, then return FAlSE.
  Caution: This function may receive untrusted input.
  UEFI Authenticated Variable is external input, so this function will do basic
  check for PKCS#7 data structure.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
  @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.
                           It's caller's responsiblity to free the buffer.
  @param[out] StackLength  Length of signer's certificates in bytes.
  @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.
                           It's caller's responsiblity to free the buffer.
  @param[out] CertLength   Length of the trusted certificate in bytes.
  @retval  TRUE            The operation is finished successfully.
  @retval  FALSE           Error occurs during the operation.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7GetSigners (
  IN  CONST UINT8  *P7Data,
  IN  UINTN        P7Length,
  OUT UINT8        **CertStack,
  OUT UINTN        *StackLength,
  OUT UINT8        **TrustedCert,
  OUT UINTN        *CertLength
  )
 {
  PKCS7            *Pkcs7;
  BOOLEAN          Status;
  UINT8            *SignedData;
  UINT8            *Temp;
  UINTN            SignedDataSize;
  BOOLEAN          Wrapped;
  STACK_OF(X509)   *Stack;
  UINT8            Index;
  UINT8            *CertBuf;
  UINT8            *OldBuf;
  UINTN            BufferSize;
  UINTN            OldSize;
  UINT8            *SingleCert;
  UINTN            SingleCertSize;
  if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
      (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
    return FALSE;
  }
  Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
  if (!Status) {
    return Status;
  }
  Status     = FALSE;
  Pkcs7      = NULL;
  Stack      = NULL;
  CertBuf    = NULL;
  OldBuf     = NULL;
  SingleCert = NULL;
  //
  // Retrieve PKCS#7 Data (DER encoding)
  //
  if (SignedDataSize > INT_MAX) {
    goto _Exit;
  }
  Temp = SignedData;
  Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
  if (Pkcs7 == NULL) {
    goto _Exit;
  }
  //
  // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
  //
  if (!PKCS7_type_is_signed (Pkcs7)) {
    goto _Exit;
  }
  Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);
  if (Stack == NULL) {
    goto _Exit;
  }
  //
  // Convert CertStack to buffer in following format:
  // UINT8  CertNumber;
  // UINT32 Cert1Length;
  // UINT8  Cert1[];
  // UINT32 Cert2Length;
  // UINT8  Cert2[];
  // ...
  // UINT32 CertnLength;
  // UINT8  Certn[];
  //
  BufferSize = sizeof (UINT8);
  OldSize    = BufferSize;
  for (Index = 0; ; Index++) {
    Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize);
    if (!Status) {
      break;
    }
    OldSize    = BufferSize;
    OldBuf     = CertBuf;
    BufferSize = OldSize + SingleCertSize + sizeof (UINT32);
    CertBuf    = malloc (BufferSize);
    if (CertBuf == NULL) {
      goto _Exit;
    }
    if (OldBuf != NULL) {
      CopyMem (CertBuf, OldBuf, OldSize);
      free (OldBuf);
      OldBuf = NULL;
    }
    WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);
    CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);
    free (SingleCert);
    SingleCert = NULL;
  }
  if (CertBuf != NULL) {
    //
    // Update CertNumber.
    //
    CertBuf[0] = Index;
    *CertLength = BufferSize - OldSize - sizeof (UINT32);
    *TrustedCert = malloc (*CertLength);
    if (*TrustedCert == NULL) {
      goto _Exit;
    }
    CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);
    *CertStack   = CertBuf;
    *StackLength = BufferSize;
    Status = TRUE;
  } 
 _Exit:
  //
  // Release Resources
  //
  if (!Wrapped) {
    free (SignedData);
  }
  if (Pkcs7 != NULL) {
    PKCS7_free (Pkcs7);
  }
  if (Stack != NULL) {
    sk_X509_pop_free(Stack, X509_free);
  }
  if (SingleCert !=  NULL) {
    free (SingleCert);
  }
  if (!Status && (CertBuf != NULL)) {
    free (CertBuf);
    *CertStack = NULL;
  }
  if (OldBuf != NULL) {
    free (OldBuf);
  }
  return Status;
 }
 /**
  Wrap function to use free() to free allocated memory for certificates.
  @param[in]  Certs        Pointer to the certificates to be freed.
 **/
 VOID
 EFIAPI
 Pkcs7FreeSigners (
  IN  UINT8        *Certs
  )
 {
  if (Certs == NULL) {
    return;
  }
  free (Certs);
 }
 /**
  Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
  Cryptographic Message Syntax Standard". The input signed data could be wrapped
  in a ContentInfo structure.
  If P7Data, TrustedCert or InData is NULL, then return FALSE.
  If P7Length, CertLength or DataLength overflow, then return FAlSE.
  Caution: This function may receive untrusted input.
  UEFI Authenticated Variable is external input, so this function will do basic
  check for PKCS#7 data structure.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
  @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
                           is used for certificate chain verification.
  @param[in]  CertLength   Length of the trusted certificate in bytes.
  @param[in]  InData       Pointer to the content to be verified.
  @param[in]  DataLength   Length of InData in bytes.
  @retval  TRUE  The specified PKCS#7 signed data is valid.
  @retval  FALSE Invalid PKCS#7 signed data.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7Verify (
  IN  CONST UINT8  *P7Data,
  IN  UINTN        P7Length,
  IN  CONST UINT8  *TrustedCert,
  IN  UINTN        CertLength,
  IN  CONST UINT8  *InData,
  IN  UINTN        DataLength
  )
 {
  PKCS7       *Pkcs7;
  BIO         *CertBio;
  BIO         *DataBio;
  BOOLEAN     Status;
  X509        *Cert;
  X509_STORE  *CertStore;
  UINT8       *SignedData;
  UINT8       *Temp;
  UINTN       SignedDataSize;
  BOOLEAN     Wrapped;
  //
  // Check input parameters.
  //
  if (P7Data == NULL || TrustedCert == NULL || InData == NULL || 
    P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
    return FALSE;
  }
  Pkcs7     = NULL;
  CertBio   = NULL;
  DataBio   = NULL;
  Cert      = NULL;
  CertStore = NULL;
  //
  // Register & Initialize necessary digest algorithms for PKCS#7 Handling
  //
  EVP_add_digest (EVP_md5());
  EVP_add_digest (EVP_sha1());
  EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA);
  EVP_add_digest (EVP_sha256());
  Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
  if (!Status) {
    return Status;
  }
  Status = FALSE;
  //
  // Retrieve PKCS#7 Data (DER encoding)
  //
  if (SignedDataSize > INT_MAX) {
    goto _Exit;
  }
  Temp = SignedData;
  Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
  if (Pkcs7 == NULL) {
    goto _Exit;
  }
  //
  // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
  //
  if (!PKCS7_type_is_signed (Pkcs7)) {
    goto _Exit;
  }
  //
  // Read DER-encoded root certificate and Construct X509 Certificate
  //
  CertBio = BIO_new (BIO_s_mem ());
  BIO_write (CertBio, TrustedCert, (int)CertLength);
  if (CertBio == NULL) {
    goto _Exit;
  }
  Cert = d2i_X509_bio (CertBio, NULL);
  if (Cert == NULL) {
    goto _Exit;
  }
  //
  // Setup X509 Store for trusted certificate
  //
  CertStore = X509_STORE_new ();
  if (CertStore == NULL) {
    goto _Exit;
  }
  if (!(X509_STORE_add_cert (CertStore, Cert))) {
    goto _Exit;
  }
  //
  // Register customized X509 verification callback function to support
  // trusted intermediate certificate anchor.
  //
  CertStore->verify_cb = X509VerifyCb;
  //
  // For generic PKCS#7 handling, InData may be NULL if the content is present
  // in PKCS#7 structure. So ignore NULL checking here.
  //
  DataBio = BIO_new (BIO_s_mem ());
  BIO_write (DataBio, InData, (int)DataLength);
  //
  // Verifies the PKCS#7 signedData structure
  //
  Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
 _Exit:
  //
  // Release Resources
  //
  BIO_free (DataBio);
  BIO_free (CertBio);
  X509_free (Cert);
  X509_STORE_free (CertStore);
  PKCS7_free (Pkcs7);
  if (!Wrapped) {
    OPENSSL_free (SignedData);
  }
  return Status;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c
@ -0,0 +1,100 @@
 /** @file
  PKCS#7 SignedData Verification Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
  Cryptographic Message Syntax Standard". The input signed data could be wrapped
  in a ContentInfo structure.
  Return FALSE to indicate this interface is not supported.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
  @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.
                           It's caller's responsiblity to free the buffer.
  @param[out] StackLength  Length of signer's certificates in bytes.
  @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.
                           It's caller's responsiblity to free the buffer.
  @param[out] CertLength   Length of the trusted certificate in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7GetSigners (
  IN  CONST UINT8  *P7Data,
  IN  UINTN        P7Length,
  OUT UINT8        **CertStack,
  OUT UINTN        *StackLength,
  OUT UINT8        **TrustedCert,
  OUT UINTN        *CertLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Wrap function to use free() to free allocated memory for certificates.
  If the interface is not supported, then ASSERT().
  @param[in]  Certs        Pointer to the certificates to be freed.
 **/
 VOID
 EFIAPI
 Pkcs7FreeSigners (
  IN  UINT8        *Certs
  )
 {
  ASSERT (FALSE);
 }
 /**
  Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
  Cryptographic Message Syntax Standard". The input signed data could be wrapped
  in a ContentInfo structure.
  Return FALSE to indicate this interface is not supported.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
  @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
                           is used for certificate chain verification.
  @param[in]  CertLength   Length of the trusted certificate in bytes.
  @param[in]  InData       Pointer to the content to be verified.
  @param[in]  DataLength   Length of InData in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7Verify (
  IN  CONST UINT8  *P7Data,
  IN  UINTN        P7Length,
  IN  CONST UINT8  *TrustedCert,
  IN  UINTN        CertLength,
  IN  CONST UINT8  *InData,
  IN  UINTN        DataLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
@ -0,0 +1,319 @@
 /** @file
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
  This file implements following APIs which provide basic capabilities for RSA:
  1) RsaNew
  2) RsaFree
  3) RsaSetKey
  4) RsaPkcs1Verify
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 #include <openssl/rsa.h>
 #include <openssl/err.h>
 /**
  Allocates and initializes one RSA context for subsequent use.
  @return  Pointer to the RSA context that has been initialized.
           If the allocations fails, RsaNew() returns NULL.
 **/
 VOID *
 EFIAPI
 RsaNew (
  VOID
  )
 {
  //
  // Allocates & Initializes RSA Context by OpenSSL RSA_new()
  //
  return (VOID *)RSA_new ();
 }
 /**
  Release the specified RSA context.
  @param[in]  RsaContext  Pointer to the RSA context to be released.
 **/
 VOID
 EFIAPI
 RsaFree (
  IN  VOID  *RsaContext
  )
 {
  //
  // Free OpenSSL RSA Context
  //
  RSA_free ((RSA *)RsaContext);
 }
 /**
  Sets the tag-designated key component into the established RSA context.
  This function sets the tag-designated RSA key component into the established
  RSA context from the user-specified non-negative integer (octet string format
  represented in RSA PKCS#1).
  If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
  If RsaContext is NULL, then return FALSE.
  @param[in, out]  RsaContext  Pointer to RSA context being set.
  @param[in]       KeyTag      Tag of RSA key component being set.
  @param[in]       BigNumber   Pointer to octet integer buffer.
                               If NULL, then the specified key componenet in RSA
                               context is cleared.
  @param[in]       BnSize      Size of big number buffer in bytes.
                               If BigNumber is NULL, then it is ignored.
  @retval  TRUE   RSA key component was set successfully.
  @retval  FALSE  Invalid RSA key component tag.
 **/
 BOOLEAN
 EFIAPI
 RsaSetKey (
  IN OUT  VOID         *RsaContext,
  IN      RSA_KEY_TAG  KeyTag,
  IN      CONST UINT8  *BigNumber,
  IN      UINTN        BnSize
  )
 {
  RSA  *RsaKey;
  //
  // Check input parameters.
  //
  if (RsaContext == NULL) {
    return FALSE;
  }
  RsaKey = (RSA *)RsaContext;
  //
  // Set RSA Key Components by converting octet string to OpenSSL BN representation.
  // NOTE: For RSA public key (used in signature verification), only public components
  //       (N, e) are needed.
  //
  switch (KeyTag) {
  //
  // RSA Public Modulus (N)
  //
  case RsaKeyN:
    if (RsaKey->n != NULL) {
      BN_free (RsaKey->n);
    }
    RsaKey->n = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
    break;
  //
  // RSA Public Exponent (e)
  //
  case RsaKeyE:
    if (RsaKey->e != NULL) {
      BN_free (RsaKey->e);
    }
    RsaKey->e = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
    break;
  //
  // RSA Private Exponent (d)
  //
  case RsaKeyD:
    if (RsaKey->d != NULL) {
      BN_free (RsaKey->d);
    }
    RsaKey->d = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
    break;
  //
  // RSA Secret Prime Factor of Modulus (p)
  //
  case RsaKeyP:
    if (RsaKey->p != NULL) {
      BN_free (RsaKey->p);
    }
    RsaKey->p = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
    break;
  //
  // RSA Secret Prime Factor of Modules (q)
  //
  case RsaKeyQ:
    if (RsaKey->q != NULL) {
      BN_free (RsaKey->q);
    }
    RsaKey->q = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
    break;
  //
  // p's CRT Exponent (== d mod (p - 1))
  //
  case RsaKeyDp:
    if (RsaKey->dmp1 != NULL) {
      BN_free (RsaKey->dmp1);
    }
    RsaKey->dmp1 = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
    break;
  //
  // q's CRT Exponent (== d mod (q - 1))
  //
  case RsaKeyDq:
    if (RsaKey->dmq1 != NULL) {
      BN_free (RsaKey->dmq1);
    }
    RsaKey->dmq1 = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
    break;
  //
  // The CRT Coefficient (== 1/q mod p)
  //
  case RsaKeyQInv:
    if (RsaKey->iqmp != NULL) {
      BN_free (RsaKey->iqmp);
    }
    RsaKey->iqmp = NULL;
    if (BigNumber == NULL) {
      break;
    }
    RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
    break;
  default:
    return FALSE;
  }
  return TRUE;
 }
 /**
  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
  RSA PKCS#1.
  If RsaContext is NULL, then return FALSE.
  If MessageHash is NULL, then return FALSE.
  If Signature is NULL, then return FALSE.
  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
  @param[in]  RsaContext   Pointer to RSA context for signature verification.
  @param[in]  MessageHash  Pointer to octet message hash to be checked.
  @param[in]  HashSize     Size of the message hash in bytes.
  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.
  @param[in]  SigSize      Size of signature in bytes.
  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.
  @retval  FALSE  Invalid signature or invalid RSA context.
 **/
 BOOLEAN
 EFIAPI
 RsaPkcs1Verify (
  IN  VOID         *RsaContext,
  IN  CONST UINT8  *MessageHash,
  IN  UINTN        HashSize,
  IN  UINT8        *Signature,
  IN  UINTN        SigSize
  )
 {
  INTN     Length;
  //
  // Check input parameters.
  //
  if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
    return FALSE;
  }
  //
  // Check for unsupported hash size:
  //    Only MD5, SHA-1 or SHA-256 digest size is supported
  //
  if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {
    return FALSE;
  }
  //
  // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
  //
  Length = RSA_public_decrypt (
             (UINT32) SigSize,
             Signature,
             Signature,
             RsaContext,
             RSA_PKCS1_PADDING
             );
  //
  // Invalid RSA Key or PKCS#1 Padding Checking Failed (if Length < 0)
  // NOTE: Length should be the addition of HashSize and some DER value.
  //       Ignore more strict length checking here.
  //
  if (Length < (INTN) HashSize) {
    return FALSE;
  }
  //
  // Validate the MessageHash and Decoded Signature
  // NOTE: The decoded Signature should be the DER encoding of the DigestInfo value
  //       DigestInfo ::= SEQUENCE {
  //           digestAlgorithm AlgorithmIdentifier
  //           digest OCTET STRING
  //       }
  //       Then Memory Comparing should skip the DER value of the underlying SEQUENCE
  //       type and AlgorithmIdentifier.
  //
  if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
    //
    // Valid RSA PKCS#1 Signature
    //
    return TRUE;
  } else {
    //
    // Failed to verification
    //
    return FALSE;
  }
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
@ -0,0 +1,432 @@
 /** @file
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
  This file implements following APIs which provide more capabilities for RSA:
  1) RsaGetKey
  2) RsaGenerateKey
  3) RsaCheckKey
  4) RsaPkcs1Sign
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 #include <openssl/rsa.h>
 #include <openssl/err.h>
 //
 // ASN.1 value for Hash Algorithm ID with the Distringuished Encoding Rules (DER)
 // Refer to Section 9.2 of PKCS#1 v2.1
 //                           
 CONST UINT8  Asn1IdMd5[] = {
  0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
  0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
  };
 CONST UINT8  Asn1IdSha1[] = {
  0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
  0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
  };
 CONST UINT8  Asn1IdSha256[] = {
  0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
  0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
  0x00, 0x04, 0x20
  };
 /**
  Gets the tag-designated RSA key component from the established RSA context.
  This function retrieves the tag-designated RSA key component from the
  established RSA context as a non-negative integer (octet string format
  represented in RSA PKCS#1).
  If specified key component has not been set or has been cleared, then returned
  BnSize is set to 0.
  If the BigNumber buffer is too small to hold the contents of the key, FALSE
  is returned and BnSize is set to the required buffer size to obtain the key.
  If RsaContext is NULL, then return FALSE.
  If BnSize is NULL, then return FALSE.
  If BnSize is large enough but BigNumber is NULL, then return FALSE.
  @param[in, out]  RsaContext  Pointer to RSA context being set.
  @param[in]       KeyTag      Tag of RSA key component being set.
  @param[out]      BigNumber   Pointer to octet integer buffer.
  @param[in, out]  BnSize      On input, the size of big number buffer in bytes.
                               On output, the size of data returned in big number buffer in bytes.
  @retval  TRUE   RSA key component was retrieved successfully.
  @retval  FALSE  Invalid RSA key component tag.
  @retval  FALSE  BnSize is too small.
 **/
 BOOLEAN
 EFIAPI
 RsaGetKey (
  IN OUT  VOID         *RsaContext,
  IN      RSA_KEY_TAG  KeyTag,
  OUT     UINT8        *BigNumber,
  IN OUT  UINTN        *BnSize
  )
 {
  RSA    *RsaKey;
  BIGNUM *BnKey;
  UINTN  Size;
  //
  // Check input parameters.
  //
  if (RsaContext == NULL || BnSize == NULL) {
    return FALSE;
  }
  RsaKey  = (RSA *) RsaContext;
  Size    = *BnSize;
  *BnSize = 0;
  switch (KeyTag) {
  //
  // RSA Public Modulus (N)
  //
  case RsaKeyN:
    if (RsaKey->n == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->n;
    break;
  //
  // RSA Public Exponent (e)
  //
  case RsaKeyE:
    if (RsaKey->e == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->e;
    break;
  //
  // RSA Private Exponent (d)
  //
  case RsaKeyD:
    if (RsaKey->d == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->d;
    break;
  //
  // RSA Secret Prime Factor of Modulus (p)
  //
  case RsaKeyP:
    if (RsaKey->p == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->p;
    break;
  //
  // RSA Secret Prime Factor of Modules (q)
  //
  case RsaKeyQ:
    if (RsaKey->q == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->q;
    break;
  //
  // p's CRT Exponent (== d mod (p - 1))
  //
  case RsaKeyDp:
    if (RsaKey->dmp1 == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->dmp1;
    break;
  //
  // q's CRT Exponent (== d mod (q - 1))
  //
  case RsaKeyDq:
    if (RsaKey->dmq1 == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->dmq1;
    break;
  //
  // The CRT Coefficient (== 1/q mod p)
  //
  case RsaKeyQInv:
    if (RsaKey->iqmp == NULL) {
      return TRUE;
    }
    BnKey = RsaKey->iqmp;
    break;
  default:
    return FALSE;
  }
  *BnSize = Size;
  Size    = BN_num_bytes (BnKey);
  if (*BnSize < Size) {
    *BnSize = Size;
    return FALSE;
  }
  if (BigNumber == NULL) {
    return FALSE;
  }
  *BnSize = BN_bn2bin (BnKey, BigNumber) ;
  return TRUE;
 }
 /**
  Generates RSA key components.
  This function generates RSA key components. It takes RSA public exponent E and
  length in bits of RSA modulus N as input, and generates all key components.
  If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
  Before this function can be invoked, pseudorandom number generator must be correctly
  initialized by RandomSeed().
  If RsaContext is NULL, then return FALSE.
  @param[in, out]  RsaContext           Pointer to RSA context being set.
  @param[in]       ModulusLength        Length of RSA modulus N in bits.
  @param[in]       PublicExponent       Pointer to RSA public exponent.
  @param[in]       PublicExponentSize   Size of RSA public exponent buffer in bytes. 
  @retval  TRUE   RSA key component was generated successfully.
  @retval  FALSE  Invalid RSA key component tag.
 **/
 BOOLEAN
 EFIAPI
 RsaGenerateKey (
  IN OUT  VOID         *RsaContext,
  IN      UINTN        ModulusLength,
  IN      CONST UINT8  *PublicExponent,
  IN      UINTN        PublicExponentSize
  )
 {
  BIGNUM   *KeyE;
  BOOLEAN  RetVal;
  //
  // Check input parameters.
  //
  if (RsaContext == NULL) {
    return FALSE;
  }
  KeyE = BN_new ();
  if (PublicExponent == NULL) {
    BN_set_word (KeyE, 0x10001);
  } else {
    BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);
  }
  RetVal = FALSE;
  if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
   RetVal = TRUE;
  }
  BN_free (KeyE);
  return RetVal;
 }
 /**
  Validates key components of RSA context.
  This function validates key compoents of RSA context in following aspects:
  - Whether p is a prime
  - Whether q is a prime
  - Whether n = p * q
  - Whether d*e = 1  mod lcm(p-1,q-1)
  If RsaContext is NULL, then return FALSE.
  @param[in]  RsaContext  Pointer to RSA context to check.
  @retval  TRUE   RSA key components are valid.
  @retval  FALSE  RSA key components are not valid.
 **/
 BOOLEAN
 EFIAPI
 RsaCheckKey (
  IN  VOID  *RsaContext
  )
 {
  UINTN  Reason;
  //
  // Check input parameters.
  //
  if (RsaContext == NULL) {
    return FALSE;
  }
  if  (RSA_check_key ((RSA *) RsaContext) != 1) {
    Reason = ERR_GET_REASON (ERR_peek_last_error ());
    if (Reason == RSA_R_P_NOT_PRIME ||
        Reason == RSA_R_Q_NOT_PRIME ||
        Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
        Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
      return FALSE;
    }
  }
  return TRUE;
 }
 /**
  Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.
  @param  Message      Message buffer to be encoded.
  @param  MessageSize  Size of message buffer in bytes.
  @param  DigestInfo   Pointer to buffer of digest info for output.
  @return  Size of DigestInfo in bytes.
 **/  
 UINTN
 DigestInfoEncoding (
  IN   CONST UINT8  *Message,
  IN   UINTN        MessageSize,
  OUT  UINT8        *DigestInfo
  )
 {
  CONST UINT8  *HashDer;
  UINTN        DerSize;
  //
  // Check input parameters.
  //
  if (Message == NULL || DigestInfo == NULL) {
    return FALSE;
  }
  //
  // The original message length is used to determine the hash algorithm since
  // message is digest value hashed by the specified algorithm.
  //
  switch (MessageSize) {
  case MD5_DIGEST_SIZE:
    HashDer = Asn1IdMd5;
    DerSize = sizeof (Asn1IdMd5);
    break;
  case SHA1_DIGEST_SIZE:
    HashDer = Asn1IdSha1;
    DerSize = sizeof (Asn1IdSha1);
    break;
  case SHA256_DIGEST_SIZE:
    HashDer = Asn1IdSha256;
    DerSize = sizeof (Asn1IdSha256);
    break;
  default:
    return FALSE;
  }
  CopyMem (DigestInfo, HashDer, DerSize);
  CopyMem (DigestInfo + DerSize, Message, MessageSize);
  return (DerSize + MessageSize);
 }
 /**
  Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
  This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
  RSA PKCS#1.
  If the Signature buffer is too small to hold the contents of signature, FALSE
  is returned and SigSize is set to the required buffer size to obtain the signature.
  If RsaContext is NULL, then return FALSE.
  If MessageHash is NULL, then return FALSE.
  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
  If SigSize is large enough but Signature is NULL, then return FALSE.
  @param[in]       RsaContext   Pointer to RSA context for signature generation.
  @param[in]       MessageHash  Pointer to octet message hash to be signed.
  @param[in]       HashSize     Size of the message hash in bytes.
  @param[out]      Signature    Pointer to buffer to receive RSA PKCS1-v1_5 signature.
  @param[in, out]  SigSize      On input, the size of Signature buffer in bytes.
                                On output, the size of data returned in Signature buffer in bytes.
  @retval  TRUE   Signature successfully generated in PKCS1-v1_5.
  @retval  FALSE  Signature generation failed.
  @retval  FALSE  SigSize is too small.
 **/
 BOOLEAN
 EFIAPI
 RsaPkcs1Sign (
  IN      VOID         *RsaContext,
  IN      CONST UINT8  *MessageHash,
  IN      UINTN        HashSize,
  OUT     UINT8        *Signature,
  IN OUT  UINTN        *SigSize
  )
 {
  RSA      *Rsa;
  UINTN    Size;
  INTN     ReturnVal;
  //
  // Check input parameters.
  //
  if (RsaContext == NULL || MessageHash == NULL ||
    (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE)) {
    return FALSE;
  }
  Rsa = (RSA *) RsaContext;
  Size = BN_num_bytes (Rsa->n);
  if (*SigSize < Size) {
    *SigSize = Size;
    return FALSE;
  }
  if (Signature == NULL) {
    return FALSE;
  }
  Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
  ReturnVal = RSA_private_encrypt (
                (UINT32) Size,
                Signature,
                Signature,
                Rsa,
                RSA_PKCS1_PADDING
                );
  if (ReturnVal < (INTN) Size) {
    return FALSE;
  }
  *SigSize = (UINTN)ReturnVal;
  return TRUE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c
@ -0,0 +1,125 @@
 /** @file
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
  This file does not provide real capabilities for following APIs in RSA handling:
  1) RsaGetKey
  2) RsaGenerateKey
  3) RsaCheckKey
  4) RsaPkcs1Sign
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Gets the tag-designated RSA key component from the established RSA context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  RsaContext  Pointer to RSA context being set.
  @param[in]       KeyTag      Tag of RSA key component being set.
  @param[out]      BigNumber   Pointer to octet integer buffer.
  @param[in, out]  BnSize      On input, the size of big number buffer in bytes.
                               On output, the size of data returned in big number buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGetKey (
  IN OUT  VOID         *RsaContext,
  IN      RSA_KEY_TAG  KeyTag,
  OUT     UINT8        *BigNumber,
  IN OUT  UINTN        *BnSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Generates RSA key components.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  RsaContext           Pointer to RSA context being set.
  @param[in]       ModulusLength        Length of RSA modulus N in bits.
  @param[in]       PublicExponent       Pointer to RSA public exponent.
  @param[in]       PublicExponentSize   Size of RSA public exponent buffer in bytes. 
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGenerateKey (
  IN OUT  VOID         *RsaContext,
  IN      UINTN        ModulusLength,
  IN      CONST UINT8  *PublicExponent,
  IN      UINTN        PublicExponentSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Validates key components of RSA context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  RsaContext  Pointer to RSA context to check.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaCheckKey (
  IN  VOID  *RsaContext
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
  Return FALSE to indicate this interface is not supported.
  @param[in]       RsaContext   Pointer to RSA context for signature generation.
  @param[in]       MessageHash  Pointer to octet message hash to be signed.
  @param[in]       HashSize     Size of the message hash in bytes.
  @param[out]      Signature    Pointer to buffer to receive RSA PKCS1-v1_5 signature.
  @param[in, out]  SigSize      On input, the size of Signature buffer in bytes.
                                On output, the size of data returned in Signature buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaPkcs1Sign (
  IN      VOID         *RsaContext,
  IN      CONST UINT8  *MessageHash,
  IN      UINTN        HashSize,
  OUT     UINT8        *Signature,
  IN OUT  UINTN        *SigSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
@ -0,0 +1,180 @@
 /** @file
  X.509 Certificate Handler Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Construct a X509 object from DER-encoded certificate data.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Cert            Pointer to the DER-encoded certificate data.
  @param[in]  CertSize        The size of certificate data in bytes.
  @param[out] SingleX509Cert  The generated X509 object.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509ConstructCertificate (
  IN   CONST UINT8  *Cert,
  IN   UINTN        CertSize,
  OUT  UINT8        **SingleX509Cert
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Construct a X509 stack object from a list of DER-encoded certificate data.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
                              On output, pointer to the X509 stack object with new
                              inserted X509 certificate.
  @param           ...        A list of DER-encoded single certificate data followed
                              by certificate size. A NULL terminates the list. The
                              pairs are the arguments to X509ConstructCertificate().
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509ConstructCertificateStack (
  IN OUT  UINT8  **X509Stack,
  ...  
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Release the specified X509 object.
  If the interface is not supported, then ASSERT().
  @param[in]  X509Cert  Pointer to the X509 object to be released.
 **/
 VOID
 EFIAPI
 X509Free (
  IN  VOID  *X509Cert
  )
 { 
  ASSERT (FALSE);
 }
 /**
  Release the specified X509 stack object.
  If the interface is not supported, then ASSERT().
  @param[in]  X509Stack  Pointer to the X509 stack object to be released.
 **/
 VOID
 EFIAPI
 X509StackFree (
  IN  VOID  *X509Stack
  )
 {
  ASSERT (FALSE);
 }
 /**
  Retrieve the subject bytes from one X.509 certificate.
  Return FALSE to indicate this interface is not supported.
  @param[in]      Cert         Pointer to the DER-encoded X509 certificate.
  @param[in]      CertSize     Size of the X509 certificate in bytes.
  @param[out]     CertSubject  Pointer to the retrieved certificate subject bytes.
  @param[in, out] SubjectSize  The size in bytes of the CertSubject buffer on input,
                               and the size of buffer returned CertSubject on output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509GetSubjectName (
  IN      CONST UINT8  *Cert,
  IN      UINTN        CertSize,
  OUT     UINT8        *CertSubject,
  IN OUT  UINTN        *SubjectSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Retrieve the RSA Public Key from one DER-encoded X509 certificate.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Cert         Pointer to the DER-encoded X509 certificate.
  @param[in]  CertSize     Size of the X509 certificate in bytes.
  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
                           RSA public key component. Use RsaFree() function to free the
                           resource.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGetPublicKeyFromX509 (
  IN   CONST UINT8  *Cert,
  IN   UINTN        CertSize,
  OUT  VOID         **RsaContext
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Verify one X509 certificate was issued by the trusted CA.
  Return FALSE to indicate this interface is not supported.
  @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.
  @param[in]      CertSize     Size of the X509 certificate in bytes.
  @param[in]      CACert       Pointer to the DER-encoded trusted CA certificate.
  @param[in]      CACertSize   Size of the CA Certificate in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509VerifyCert (
  IN  CONST UINT8  *Cert,
  IN  UINTN        CertSize,
  IN  CONST UINT8  *CACert,
  IN  UINTN        CACertSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandNull.c
@ -0,0 +1,63 @@
 /** @file
  Pseudorandom Number Generator Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Sets up the seed value for the pseudorandom number generator.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Seed      Pointer to seed value.
                        If NULL, default seed is used.
  @param[in]  SeedSize  Size of seed value.
                        If Seed is NULL, this parameter is ignored.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RandomSeed (
  IN  CONST  UINT8  *Seed  OPTIONAL,
  IN  UINTN         SeedSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Generates a pseudorandom byte stream of the specified size.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Output  Pointer to buffer to receive random value.
  @param[in]   Size    Size of randome bytes to generate.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RandomBytes (
  OUT  UINT8  *Output,
  IN   UINTN  Size
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@ -6,6 +6,11 @@
 #  This external input must be validated carefully to avoid security issue like
 #  buffer overflow, integer overflow.
 #
 #  Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
 #  TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
 #  Diffie-Hellman functions, authenticode signature verification functions are
 #  not supported in this instance.
 #
 #  Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -23,7 +28,7 @@
  FILE_GUID                      = 78189cc0-727d-46a4-84ea-f7dd860de64a
  MODULE_TYPE                    = DXE_RUNTIME_DRIVER
  VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = BaseCryptLib
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_RUNTIME_DRIVER
  CONSTRUCTOR                    = RuntimeCryptLibConstructor
 #
@ -33,12 +38,22 @@
 #
 [Sources]
  Hash/CryptMd4Null.c
  Hash/CryptMd5.c
  Hash/CryptSha1.c
  Hash/CryptSha256.c
-  Pk/CryptRsa.c
+  Hmac/CryptHmacMd5Null.c
-  Pk/CryptPkcs7.c
+  Hmac/CryptHmacSha1Null.c
  Cipher/CryptAesNull.c
  Cipher/CryptTdesNull.c
  Cipher/CryptArc4Null.c
  Pk/CryptRsaBasic.c
  Pk/CryptRsaExtNull.c
  Pk/CryptPkcs7SignNull.c
  Pk/CryptPkcs7Verify.c 
  Pk/CryptDhNull.c
  Pk/CryptX509.c
  Pk/CryptAuthenticodeNull.c
  Pem/CryptPem.c
  SysCall/CrtWrapper.c
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@ -1,20 +1,16 @@
 ## @file
 #  Cryptographic Library Instance for SMM driver.
 #
 #  This library instance uses ConstantTimeClock.c thus does not provide
 #  functionality for following APIs which need system time support:
 #  1) RsaGenerateKey
 #  2) RsaCheckKey
 #  3) RsaPkcs1Sign
 #  4) Pkcs7Sign
 #  5) DhGenerateParameter
 #  6) DhGenerateKey
 #
 #  Caution: This module requires additional review when modified.
 #  This library will have external input - signature.
 #  This external input must be validated carefully to avoid security issue like
 #  buffer overflow, integer overflow.
 #
 #  Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
 #  TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
 #  Diffie-Hellman functions, authenticode signature verification functions are
 #  not supported in this instance.
 #
 #  Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -42,12 +38,22 @@
 #
 [Sources]
  Hash/CryptMd4Null.c
  Hash/CryptMd5.c
  Hash/CryptSha1.c
  Hash/CryptSha256.c
-  Pk/CryptRsa.c
+  Hmac/CryptHmacMd5Null.c
-  Pk/CryptPkcs7.c
+  Hmac/CryptHmacSha1Null.c
  Cipher/CryptAesNull.c
  Cipher/CryptTdesNull.c
  Cipher/CryptArc4Null.c
  Pk/CryptRsaBasic.c
  Pk/CryptRsaExtNull.c
  Pk/CryptPkcs7SignNull.c
  Pk/CryptPkcs7Verify.c
  Pk/CryptDhNull.c
  Pk/CryptX509.c
  Pk/CryptAuthenticodeNull.c
  Pem/CryptPem.c
  SysCall/CrtWrapper.c
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
@ -2,7 +2,14 @@
 #  Cryptographic Library Instance based on Runtime Crypt Protocol.
 #  This instance will be only used by the Authenticated Variable driver for IPF.
 #
-#  Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+#  Note: MD4/MD5/SHA1 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, 
 #  AES/TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign/verify
 #  functions, Diffie-Hellman functions, X.509 certificate handler functions,
 #  authenticode signature verification functions, PEM handler functions,
 #  pseudorandom number generator functions, Sha256Duplicate() are not supported
 #  in this instance.
 #
 #  Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@ -31,6 +38,23 @@
 [Sources]
  RuntimeDxeIpfCryptLib.c
  Hash/CryptMd4Null.c
  Hash/CryptMd5Null.c
  Hash/CryptSha1Null.c
  Hmac/CryptHmacMd5Null.c
  Hmac/CryptHmacSha1Null.c
  Cipher/CryptAesNull.c
  Cipher/CryptTdesNull.c
  Cipher/CryptArc4Null.c
  Pk/CryptRsaExtNull.c
  Pk/CryptPkcs7SignNull.c
  Pk/CryptPkcs7VerifyNull.c
  Pk/CryptDhNull.c
  Pk/CryptX509Null.c
  Pk/CryptAuthenticodeNull.c
  Pem/CryptPemNull.c
  Rand/CryptRandNull.c
 [Packages]
  MdePkg/MdePkg.dec
  CryptoPkg/CryptoPkg.dec
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptAesNull.c
@ -0,0 +1,165 @@
 /** @file
  AES Wrapper Implementation which does not provide real capabilities.  
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for AES operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 AesGetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory as AES context for subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  AesContext  Pointer to AES context being initialized.
  @param[in]   Key         Pointer to the user-supplied AES key.
  @param[in]   KeyLength   Length of AES key in bits.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesInit (
  OUT  VOID         *AesContext,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeyLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES encryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesEcbEncrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES decryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesEcbDecrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES encryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[in]   Ivec        Pointer to initialization vector.
  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesCbcEncrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs AES decryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   AesContext  Pointer to the AES context.
  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize   Size of the Input buffer in bytes.
  @param[in]   Ivec        Pointer to initialization vector.
  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AesCbcDecrypt (
  IN   VOID         *AesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {  
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptArc4Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptArc4Null.c
@ -0,0 +1,130 @@
 /** @file 
  ARC4 Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 Arc4GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory as ARC4 context for subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
  @param[in]   Key          Pointer to the user-supplied ARC4 key.
  @param[in]   KeySize      Size of ARC4 key in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Init (
  OUT  VOID         *Arc4Context,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs ARC4 encryption on a data buffer of the specified size.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @param[in]       Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]       InputSize    Size of the Input buffer in bytes.
  @param[out]      Output       Pointer to a buffer that receives the ARC4 encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Encrypt (
  IN OUT  VOID         *Arc4Context,
  IN      CONST UINT8  *Input,
  IN      UINTN        InputSize,
  OUT     UINT8        *Output
  )
 { 
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs ARC4 decryption on a data buffer of the specified size.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @param[in]       Input        Pointer to the buffer containing the data to be decrypted.
  @param[in]       InputSize    Size of the Input buffer in bytes.
  @param[out]      Output       Pointer to a buffer that receives the ARC4 decryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Decrypt (
  IN OUT  VOID   *Arc4Context,
  IN      UINT8  *Input,
  IN      UINTN  InputSize,
  OUT     UINT8  *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Resets the ARC4 context to the initial state.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Arc4Reset (
  IN OUT  VOID  *Arc4Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptTdesNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptTdesNull.c
@ -0,0 +1,166 @@
 /** @file
  TDES Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for TDES operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 TdesGetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory as TDES context for subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  TdesContext  Pointer to TDES context being initialized.
  @param[in]   Key          Pointer to the user-supplied TDES key.
  @param[in]   KeyLength    Length of TDES key in bits.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesInit (
  OUT  VOID         *TdesContext,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeyLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES encryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesEcbEncrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES decryption on a data buffer of the specified size in ECB mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be decrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[out]  Output       Pointer to a buffer that receives the TDES decryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesEcbDecrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES encryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[in]   Ivec         Pointer to initialization vector.
  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesCbcEncrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs TDES decryption on a data buffer of the specified size in CBC mode.
  Return FALSE to indicate this interface is not supported.
  @param[in]   TdesContext  Pointer to the TDES context.
  @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]   InputSize    Size of the Input buffer in bytes.
  @param[in]   Ivec         Pointer to initialization vector.
  @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 TdesCbcDecrypt (
  IN   VOID         *TdesContext,
  IN   CONST UINT8  *Input,
  IN   UINTN        InputSize,
  IN   CONST UINT8  *Ivec,
  OUT  UINT8        *Output
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd4Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd4Null.c
@ -0,0 +1,124 @@
 /** @file
  MD4 Digest Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for MD4 hash
  operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 Md4GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
  subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Md4Context  Pointer to MD4 context being initialized.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Init (
  OUT  VOID  *Md4Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing MD4 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Md4Context     Pointer to MD4 context being copied.
  @param[out] NewMd4Context  Pointer to new MD4 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Duplicate (
  IN   CONST VOID  *Md4Context,
  OUT  VOID        *NewMd4Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates MD4 context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Md4Context  Pointer to the MD4 context.
  @param[in]       Data        Pointer to the buffer containing the data to be hashed.
  @param[in]       DataSize    Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Update (
  IN OUT  VOID        *Md4Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the MD4 digest value.
  Return FALSE to indicate this interface is not supported.  
  @param[in, out]  Md4Context  Pointer to the MD4 context.
  @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest
                               value (16 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md4Final (
  IN OUT  VOID   *Md4Context,
  OUT     UINT8  *HashValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd5Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd5Null.c
@ -0,0 +1,125 @@
 /** @file
  MD5 Digest Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 Md5GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
  subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Md5Context  Pointer to MD5 context being initialized.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md5Init (
  OUT  VOID  *Md5Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing MD5 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Md5Context     Pointer to MD5 context being copied.
  @param[out] NewMd5Context  Pointer to new MD5 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md5Duplicate (
  IN   CONST VOID  *Md5Context,
  OUT  VOID        *NewMd5Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates MD5 context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Md5Context  Pointer to the MD5 context.
  @param[in]       Data        Pointer to the buffer containing the data to be hashed.
  @param[in]       DataSize    Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md5Update (
  IN OUT  VOID        *Md5Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the MD5 digest value.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Md5Context  Pointer to the MD5 context.
  @param[out]      HashValue   Pointer to a buffer that receives the MD5 digest
                               value (16 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Md5Final (
  IN OUT  VOID   *Md5Context,
  OUT     UINT8  *HashValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptSha1Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptSha1Null.c
@ -0,0 +1,125 @@
 /** @file
  SHA-1 Digest Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
  Return zero to indicate this interface is not supported.
  @return  The size, in bytes, of the context buffer required for SHA-1 hash operations.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 Sha1GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;  
 }
 /**
  Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for
  subsequent use.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Sha1Context  Pointer to SHA-1 context being initialized.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Sha1Init (
  OUT  VOID  *Sha1Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing SHA-1 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Sha1Context     Pointer to SHA-1 context being copied.
  @param[out] NewSha1Context  Pointer to new SHA-1 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Sha1Duplicate (
  IN   CONST VOID  *Sha1Context,
  OUT  VOID        *NewSha1Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates SHA-1 context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
  @param[in]       Data         Pointer to the buffer containing the data to be hashed.
  @param[in]       DataSize     Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Sha1Update (
  IN OUT  VOID        *Sha1Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the SHA-1 digest value.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
  @param[out]      HashValue    Pointer to a buffer that receives the SHA-1 digest
                                value (20 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Sha1Final (
  IN OUT  VOID   *Sha1Context,
  OUT     UINT8  *HashValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacMd5Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacMd5Null.c
@ -0,0 +1,127 @@
 /** @file
  HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 HmacMd5GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
  subsequent use. 
  Return FALSE to indicate this interface is not supported.  
  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.
  @param[in]   Key             Pointer to the user-supplied key.
  @param[in]   KeySize         Key size in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Init (
  OUT  VOID         *HmacMd5Context,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing HMAC-MD5 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.
  @param[out] NewHmacMd5Context  Pointer to new HMAC-MD5 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Duplicate (
  IN   CONST VOID  *HmacMd5Context,
  OUT  VOID        *NewHmacMd5Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates HMAC-MD5 context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
  @param[in]       Data            Pointer to the buffer containing the data to be digested.
  @param[in]       DataSize        Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Update (
  IN OUT  VOID        *HmacMd5Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the HMAC-MD5 digest value.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
  @param[out]      HmacValue       Pointer to a buffer that receives the HMAC-MD5 digest
                                   value (16 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacMd5Final (
  IN OUT  VOID   *HmacMd5Context,
  OUT     UINT8  *HmacValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacSha1Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacSha1Null.c
@ -0,0 +1,127 @@
 /** @file
  HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.  
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
  Return zero to indicate this interface is not supported.
  @retval  0   This interface is not supported.
 **/
 UINTN
 EFIAPI
 HmacSha1GetContextSize (
  VOID
  )
 {
  ASSERT (FALSE);
  return 0;
 }
 /**
  Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
  subsequent use.
  Return FALSE to indicate this interface is not supported.  
  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.
  @param[in]   Key              Pointer to the user-supplied key.
  @param[in]   KeySize          Key size in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Init (
  OUT  VOID         *HmacSha1Context,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Makes a copy of an existing HMAC-SHA1 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Duplicate (
  IN   CONST VOID  *HmacSha1Context,
  OUT  VOID        *NewHmacSha1Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Digests the input data and updates HMAC-SHA1 context.
  Return FALSE to indicate this interface is not supported.  
  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
  @param[in]       Data            Pointer to the buffer containing the data to be digested.
  @param[in]       DataSize        Size of Data buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Update (
  IN OUT  VOID        *HmacSha1Context,
  IN      CONST VOID  *Data,
  IN      UINTN       DataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Completes computation of the HMAC-SHA1 digest value.
  Return FALSE to indicate this interface is not supported.  
  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest
                                    value (20 bytes).
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 HmacSha1Final (
  IN OUT  VOID   *HmacSha1Context,
  OUT     UINT8  *HmacValue
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
@ -0,0 +1,33 @@
 /** @file  
  Internal include file for BaseCryptLibRuntimeCryptProtocol.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #ifndef __INTERNAL_CRYPT_LIB_H__
 #define __INTERNAL_CRYPT_LIB_H__
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 //
 // Environment Setting for OpenSSL-based UEFI Crypto Library.
 //
 #ifndef OPENSSL_SYSNAME_UWIN
 #define OPENSSL_SYSNAME_UWIN
 #endif
 #endif
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pem/CryptPemNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pem/CryptPemNull.c
@ -0,0 +1,44 @@
 /** @file
  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does
  not provide real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Retrieve the RSA Private Key from the password-protected PEM key data.
  Return FALSE to indicate this interface is not supported.
  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.
  @param[in]  PemSize      Size of the PEM key data in bytes.
  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.
  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
                           RSA private key component. Use RsaFree() function to free the
                           resource.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGetPrivateKeyFromPem (
  IN   CONST UINT8  *PemData,
  IN   UINTN        PemSize,
  IN   CONST CHAR8  *Password,
  OUT  VOID         **RsaContext
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptAuthenticodeNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptAuthenticodeNull.c
@ -0,0 +1,51 @@
 /** @file
  Authenticode Portable Executable Signature Verification which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
  Authenticode Portable Executable Signature Format".
  Return FALSE to indicate this interface is not supported.
  @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
                           PE/COFF image to be verified.
  @param[in]  DataSize     Size of the Authenticode Signature in bytes.
  @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
                           is used for certificate chain verification.
  @param[in]  CertSize     Size of the trusted certificate in bytes.
  @param[in]  ImageHash    Pointer to the original image file hash value. The procudure
                           for calculating the image hash value is described in Authenticode
                           specification.
  @param[in]  HashSize     Size of Image hash value in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 AuthenticodeVerify (
  IN  CONST UINT8  *AuthData,
  IN  UINTN        DataSize,
  IN  CONST UINT8  *TrustedCert,
  IN  UINTN        CertSize,
  IN  CONST UINT8  *ImageHash,
  IN  UINTN        HashSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptDhNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptDhNull.c
@ -0,0 +1,156 @@
 /** @file
  Diffie-Hellman Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Allocates and Initializes one Diffie-Hellman Context for subsequent use.
  @return  Pointer to the Diffie-Hellman Context that has been initialized.
           If the interface is not supported, DhNew() returns NULL.
 **/
 VOID *
 EFIAPI
 DhNew (
  VOID
  )
 {
  ASSERT (FALSE);
  return NULL;
 }
 /**
  Release the specified DH context.
  If the interface is not supported, then ASSERT().
  @param[in]  DhContext  Pointer to the DH context to be released.
 **/
 VOID
 EFIAPI
 DhFree (
  IN  VOID  *DhContext
  )
 {
  ASSERT (FALSE);
 }
 /**
  Generates DH parameter.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext    Pointer to the DH context.
  @param[in]       Generator    Value of generator.
  @param[in]       PrimeLength  Length in bits of prime to be generated.
  @param[out]      Prime        Pointer to the buffer to receive the generated prime number.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhGenerateParameter (
  IN OUT  VOID   *DhContext,
  IN      UINTN  Generator,
  IN      UINTN  PrimeLength,
  OUT     UINT8  *Prime
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Sets generator and prime parameters for DH.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext    Pointer to the DH context.
  @param[in]       Generator    Value of generator.
  @param[in]       PrimeLength  Length in bits of prime to be generated.
  @param[in]       Prime        Pointer to the prime number.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhSetParameter (
  IN OUT  VOID         *DhContext,
  IN      UINTN        Generator,
  IN      UINTN        PrimeLength,
  IN      CONST UINT8  *Prime
  )
 {
  ASSERT (FALSE);
  return FALSE; 
 }
 /**
  Generates DH public key.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext      Pointer to the DH context.
  @param[out]      PublicKey      Pointer to the buffer to receive generated public key.
  @param[in, out]  PublicKeySize  On input, the size of PublicKey buffer in bytes.
                                  On output, the size of data returned in PublicKey buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhGenerateKey (
  IN OUT  VOID   *DhContext,
  OUT     UINT8  *PublicKey,
  IN OUT  UINTN  *PublicKeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Computes exchanged common key.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  DhContext          Pointer to the DH context.
  @param[in]       PeerPublicKey      Pointer to the peer's public key.
  @param[in]       PeerPublicKeySize  Size of peer's public key in bytes.
  @param[out]      Key                Pointer to the buffer to receive generated key.
  @param[in, out]  KeySize            On input, the size of Key buffer in bytes.
                                      On output, the size of data returned in Key buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 DhComputeKey (
  IN OUT  VOID         *DhContext,
  IN      CONST UINT8  *PeerPublicKey,
  IN      UINTN        PeerPublicKeySize,
  OUT     UINT8        *Key,
  IN OUT  UINTN        *KeySize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7SignNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7SignNull.c
@ -0,0 +1,59 @@
 /** @file
  PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
  capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
  Syntax Standard, version 1.5". This interface is only intended to be used for
  application to perform PKCS#7 functionality validation.
  Return FALSE to indicate this interface is not supported.
  @param[in]  PrivateKey       Pointer to the PEM-formatted private key data for
                               data signing.
  @param[in]  PrivateKeySize   Size of the PEM private key data in bytes.
  @param[in]  KeyPassword      NULL-terminated passphrase used for encrypted PEM
                               key data.
  @param[in]  InData           Pointer to the content to be signed.
  @param[in]  InDataSize       Size of InData in bytes.
  @param[in]  SignCert         Pointer to signer's DER-encoded certificate to sign with.
  @param[in]  OtherCerts       Pointer to an optional additional set of certificates to
                               include in the PKCS#7 signedData (e.g. any intermediate
                               CAs in the chain).
  @param[out] SignedData       Pointer to output PKCS#7 signedData.
  @param[out] SignedDataSize   Size of SignedData in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7Sign (
  IN   CONST UINT8  *PrivateKey,
  IN   UINTN        PrivateKeySize,
  IN   CONST UINT8  *KeyPassword,
  IN   UINT8        *InData,
  IN   UINTN        InDataSize,
  IN   UINT8        *SignCert,
  IN   UINT8        *OtherCerts      OPTIONAL,
  OUT  UINT8        **SignedData,
  OUT  UINTN        *SignedDataSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c
@ -0,0 +1,100 @@
 /** @file
  PKCS#7 SignedData Verification Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
  Cryptographic Message Syntax Standard". The input signed data could be wrapped
  in a ContentInfo structure.
  Return FALSE to indicate this interface is not supported.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
  @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.
                           It's caller's responsiblity to free the buffer.
  @param[out] StackLength  Length of signer's certificates in bytes.
  @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.
                           It's caller's responsiblity to free the buffer.
  @param[out] CertLength   Length of the trusted certificate in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7GetSigners (
  IN  CONST UINT8  *P7Data,
  IN  UINTN        P7Length,
  OUT UINT8        **CertStack,
  OUT UINTN        *StackLength,
  OUT UINT8        **TrustedCert,
  OUT UINTN        *CertLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Wrap function to use free() to free allocated memory for certificates.
  If the interface is not supported, then ASSERT().
  @param[in]  Certs        Pointer to the certificates to be freed.
 **/
 VOID
 EFIAPI
 Pkcs7FreeSigners (
  IN  UINT8        *Certs
  )
 {
  ASSERT (FALSE);
 }
 /**
  Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
  Cryptographic Message Syntax Standard". The input signed data could be wrapped
  in a ContentInfo structure.
  Return FALSE to indicate this interface is not supported.
  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
  @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
                           is used for certificate chain verification.
  @param[in]  CertLength   Length of the trusted certificate in bytes.
  @param[in]  InData       Pointer to the content to be verified.
  @param[in]  DataLength   Length of InData in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Pkcs7Verify (
  IN  CONST UINT8  *P7Data,
  IN  UINTN        P7Length,
  IN  CONST UINT8  *TrustedCert,
  IN  UINTN        CertLength,
  IN  CONST UINT8  *InData,
  IN  UINTN        DataLength
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptRsaExtNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptRsaExtNull.c
@ -0,0 +1,125 @@
 /** @file
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
  This file does not provide real capabilities for following APIs in RSA handling:
  1) RsaGetKey
  2) RsaGenerateKey
  3) RsaCheckKey
  4) RsaPkcs1Sign
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Gets the tag-designated RSA key component from the established RSA context.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  RsaContext  Pointer to RSA context being set.
  @param[in]       KeyTag      Tag of RSA key component being set.
  @param[out]      BigNumber   Pointer to octet integer buffer.
  @param[in, out]  BnSize      On input, the size of big number buffer in bytes.
                               On output, the size of data returned in big number buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGetKey (
  IN OUT  VOID         *RsaContext,
  IN      RSA_KEY_TAG  KeyTag,
  OUT     UINT8        *BigNumber,
  IN OUT  UINTN        *BnSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Generates RSA key components.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  RsaContext           Pointer to RSA context being set.
  @param[in]       ModulusLength        Length of RSA modulus N in bits.
  @param[in]       PublicExponent       Pointer to RSA public exponent.
  @param[in]       PublicExponentSize   Size of RSA public exponent buffer in bytes. 
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGenerateKey (
  IN OUT  VOID         *RsaContext,
  IN      UINTN        ModulusLength,
  IN      CONST UINT8  *PublicExponent,
  IN      UINTN        PublicExponentSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Validates key components of RSA context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  RsaContext  Pointer to RSA context to check.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaCheckKey (
  IN  VOID  *RsaContext
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
  Return FALSE to indicate this interface is not supported.
  @param[in]       RsaContext   Pointer to RSA context for signature generation.
  @param[in]       MessageHash  Pointer to octet message hash to be signed.
  @param[in]       HashSize     Size of the message hash in bytes.
  @param[out]      Signature    Pointer to buffer to receive RSA PKCS1-v1_5 signature.
  @param[in, out]  SigSize      On input, the size of Signature buffer in bytes.
                                On output, the size of data returned in Signature buffer in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaPkcs1Sign (
  IN      VOID         *RsaContext,
  IN      CONST UINT8  *MessageHash,
  IN      UINTN        HashSize,
  OUT     UINT8        *Signature,
  IN OUT  UINTN        *SigSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c
@ -0,0 +1,180 @@
 /** @file
  X.509 Certificate Handler Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Construct a X509 object from DER-encoded certificate data.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Cert            Pointer to the DER-encoded certificate data.
  @param[in]  CertSize        The size of certificate data in bytes.
  @param[out] SingleX509Cert  The generated X509 object.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509ConstructCertificate (
  IN   CONST UINT8  *Cert,
  IN   UINTN        CertSize,
  OUT  UINT8        **SingleX509Cert
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Construct a X509 stack object from a list of DER-encoded certificate data.
  Return FALSE to indicate this interface is not supported.
  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
                              On output, pointer to the X509 stack object with new
                              inserted X509 certificate.
  @param           ...        A list of DER-encoded single certificate data followed
                              by certificate size. A NULL terminates the list. The
                              pairs are the arguments to X509ConstructCertificate().
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509ConstructCertificateStack (
  IN OUT  UINT8  **X509Stack,
  ...  
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Release the specified X509 object.
  If the interface is not supported, then ASSERT().
  @param[in]  X509Cert  Pointer to the X509 object to be released.
 **/
 VOID
 EFIAPI
 X509Free (
  IN  VOID  *X509Cert
  )
 { 
  ASSERT (FALSE);
 }
 /**
  Release the specified X509 stack object.
  If the interface is not supported, then ASSERT().
  @param[in]  X509Stack  Pointer to the X509 stack object to be released.
 **/
 VOID
 EFIAPI
 X509StackFree (
  IN  VOID  *X509Stack
  )
 {
  ASSERT (FALSE);
 }
 /**
  Retrieve the subject bytes from one X.509 certificate.
  Return FALSE to indicate this interface is not supported.
  @param[in]      Cert         Pointer to the DER-encoded X509 certificate.
  @param[in]      CertSize     Size of the X509 certificate in bytes.
  @param[out]     CertSubject  Pointer to the retrieved certificate subject bytes.
  @param[in, out] SubjectSize  The size in bytes of the CertSubject buffer on input,
                               and the size of buffer returned CertSubject on output.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509GetSubjectName (
  IN      CONST UINT8  *Cert,
  IN      UINTN        CertSize,
  OUT     UINT8        *CertSubject,
  IN OUT  UINTN        *SubjectSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Retrieve the RSA Public Key from one DER-encoded X509 certificate.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Cert         Pointer to the DER-encoded X509 certificate.
  @param[in]  CertSize     Size of the X509 certificate in bytes.
  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
                           RSA public key component. Use RsaFree() function to free the
                           resource.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RsaGetPublicKeyFromX509 (
  IN   CONST UINT8  *Cert,
  IN   UINTN        CertSize,
  OUT  VOID         **RsaContext
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Verify one X509 certificate was issued by the trusted CA.
  Return FALSE to indicate this interface is not supported.
  @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.
  @param[in]      CertSize     Size of the X509 certificate in bytes.
  @param[in]      CACert       Pointer to the DER-encoded trusted CA certificate.
  @param[in]      CACertSize   Size of the CA Certificate in bytes.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 X509VerifyCert (
  IN  CONST UINT8  *Cert,
  IN  UINTN        CertSize,
  IN  CONST UINT8  *CACert,
  IN  UINTN        CACertSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Rand/CryptRandNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Rand/CryptRandNull.c
@ -0,0 +1,63 @@
 /** @file
  Pseudorandom Number Generator Wrapper Implementation which does not provide
  real capabilities.
 Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "InternalCryptLib.h"
 /**
  Sets up the seed value for the pseudorandom number generator.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Seed      Pointer to seed value.
                        If NULL, default seed is used.
  @param[in]  SeedSize  Size of seed value.
                        If Seed is NULL, this parameter is ignored.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RandomSeed (
  IN  CONST  UINT8  *Seed  OPTIONAL,
  IN  UINTN         SeedSize
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Generates a pseudorandom byte stream of the specified size.
  Return FALSE to indicate this interface is not supported.
  @param[out]  Output  Pointer to buffer to receive random value.
  @param[in]   Size    Size of randome bytes to generate.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 RandomBytes (
  OUT  UINT8  *Output,
  IN   UINTN  Size
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
@ -217,6 +217,29 @@ Sha256Init (
 }
 /**
  Makes a copy of an existing SHA-256 context.
  Return FALSE to indicate this interface is not supported.
  @param[in]  Sha256Context     Pointer to SHA-256 context being copied.
  @param[out] NewSha256Context  Pointer to new SHA-256 context.
  @retval FALSE  This interface is not supported.
 **/
 BOOLEAN
 EFIAPI
 Sha256Duplicate (
  IN   CONST VOID  *Sha256Context,
  OUT  VOID        *NewSha256Context
  )
 {
  ASSERT (FALSE);
  return FALSE;
 }
 /**
  Performs SHA-256 digest on a data buffer of the specified length. This function can
  be called multiple times to compute the digest of long or discontinuous data streams.
@ -277,9 +300,9 @@ Sha256Final (
 }
 /**
-  Allocates and Initializes one RSA Context for subsequent use.
+  Allocates and initializes one RSA context for subsequent use.
-  @return  Pointer to the RSA Context that has been initialized.
+  @return  Pointer to the RSA context that has been initialized.
           If the allocations fails, RsaNew() returns NULL.
 **/
@ -297,7 +320,7 @@ RsaNew (
 }
 /**
-  Release the specified RSA Context.
+  Release the specified RSA context.
  @param[in]  RsaContext  Pointer to the RSA context to be released.
@ -316,35 +339,41 @@ RsaFree (
 }
 /**
-  Sets the tag-designated RSA key component into the established RSA context from
+  Sets the tag-designated key component into the established RSA context.
-  the user-specified nonnegative integer (octet string format represented in RSA
+
-  PKCS#1).
+  This function sets the tag-designated RSA key component into the established
  RSA context from the user-specified non-negative integer (octet string format
  represented in RSA PKCS#1).
  If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
  If RsaContext is NULL, then return FALSE.
  @param[in, out]  RsaContext  Pointer to RSA context being set.
  @param[in]       KeyTag      Tag of RSA key component being set.
  @param[in]       BigNumber   Pointer to octet integer buffer.
-  @param[in]       BnLength    Length of big number buffer in bytes.
+                               If NULL, then the specified key componenet in RSA
                               context is cleared.
  @param[in]       BnSize      Size of big number buffer in bytes.
                               If BigNumber is NULL, then it is ignored.
-  @return  TRUE   RSA key component was set successfully.
+  @retval  TRUE   RSA key component was set successfully.
-  @return  FALSE  Invalid RSA key component tag.
+  @retval  FALSE  Invalid RSA key component tag.
 **/
 BOOLEAN
 EFIAPI
 RsaSetKey (
-  IN OUT VOID         *RsaContext,
+  IN OUT  VOID         *RsaContext,
-  IN     RSA_KEY_TAG  KeyTag,
+  IN      RSA_KEY_TAG  KeyTag,
-  IN     CONST UINT8  *BigNumber,
+  IN      CONST UINT8  *BigNumber,
-  IN     UINTN        BnLength
+  IN      UINTN        BnSize
  )
 {
  if (!InternalIsCryptServiveAvailable ()) {
    return FALSE;
  }
-  return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnLength);
+  return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnSize);
 }
 /**
@ -354,16 +383,16 @@ RsaSetKey (
  If RsaContext is NULL, then return FALSE.
  If MessageHash is NULL, then return FALSE.
  If Signature is NULL, then return FALSE.
-  If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
  @param[in]  RsaContext   Pointer to RSA context for signature verification.
  @param[in]  MessageHash  Pointer to octet message hash to be checked.
-  @param[in]  HashLength   Length of the message hash in bytes.
+  @param[in]  HashSize     Size of the message hash in bytes.
  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.
-  @param[in]  SigLength    Length of signature in bytes.
+  @param[in]  SigSize      Size of signature in bytes.
-  @return  TRUE   Valid signature encoded in PKCS1-v1_5.
+  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.
-  @return  FALSE  Invalid signature or invalid RSA context.
+  @retval  FALSE  Invalid signature or invalid RSA context.
 **/
 BOOLEAN
@ -371,9 +400,9 @@ EFIAPI
 RsaPkcs1Verify (
  IN  VOID         *RsaContext,
  IN  CONST UINT8  *MessageHash,
-  IN  UINTN        HashLength,
+  IN  UINTN        HashSize,
  IN  UINT8        *Signature,
-  IN  UINTN        SigLength
+  IN  UINTN        SigSize
  )
 {
  if (!InternalIsCryptServiveAvailable ()) {
@ -383,8 +412,8 @@ RsaPkcs1Verify (
  return mCryptProtocol->RsaPkcs1Verify (
                           RsaContext,
                           MessageHash,
-                           HashLength,
+                           HashSize,
                           Signature,
-                           SigLength
+                           SigSize
                           );
 }