summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWenxing Hou <wenxing.hou@intel.com>2023-08-18 15:21:47 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2023-10-12 05:31:19 +0000
commitb26f7dfe2927a276bf5c3238bec363abadd5a52f (patch)
tree9a1cca79269d6430521b943fd09de46187b7a653
parent97f51f2e9b78ce94127c2972841342edaefbcc80 (diff)
downloadedk2-b26f7dfe2927a276bf5c3238bec363abadd5a52f.tar.gz
edk2-b26f7dfe2927a276bf5c3238bec363abadd5a52f.tar.bz2
edk2-b26f7dfe2927a276bf5c3238bec363abadd5a52f.zip
CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
Add .inf files and other support files. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
-rw-r--r--CryptoPkg/CryptoPkg.dec4
-rw-r--r--CryptoPkg/CryptoPkgMbedTls.dsc280
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf81
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf101
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni25
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf92
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni22
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf84
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni17
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf92
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni22
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c75
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c58
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c462
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c198
-rw-r--r--CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf76
-rw-r--r--CryptoPkg/Library/Include/stdint.h19
-rw-r--r--CryptoPkg/Library/Include/stubs-32.h9
-rw-r--r--CryptoPkg/Library/MbedTlsLib/EcSm2Null.c2
19 files changed, 1718 insertions, 1 deletions
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 0c7d16109b..a5fa81a338 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -27,6 +27,10 @@
Library/OpensslLib/openssl/providers/implementations/include
Library/OpensslLib/OpensslGen/include
Library/OpensslLib/OpensslGen/providers/common/include
+ Library/MbedTlsLib/Include
+ Library/MbedTlsLib/mbedtls
+ Library/MbedTlsLib/mbedtls/include
+ Library/MbedTlsLib/mbedtls/include/mbedtls
[LibraryClasses]
## @libraryclass Provides basic library functions for cryptographic primitives.
diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc
new file mode 100644
index 0000000000..5d0ae6ff3f
--- /dev/null
+++ b/CryptoPkg/CryptoPkgMbedTls.dsc
@@ -0,0 +1,280 @@
+## @file
+# Cryptographic Library Package for UEFI Security Implementation.
+# PEIM, DXE Driver, and SMM Driver with all crypto services enabled.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+[Defines]
+ PLATFORM_NAME = CryptoPkg
+ PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
+ PLATFORM_VERSION = 0.98
+ DSC_SPECIFICATION = 0x00010005
+ OUTPUT_DIRECTORY = Build/CryptoPkgMbed
+ SUPPORTED_ARCHITECTURES = IA32|X64|ARM|AARCH64|RISCV64
+ BUILD_TARGETS = DEBUG|RELEASE|NOOPT
+ SKUID_IDENTIFIER = DEFAULT
+
+!ifndef CRYPTO_IMG_TYPE
+ DEFINE CRYPTO_IMG_TYPE = DXE_SMM
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM DXE_SMM"
+!else
+ !error CRYPTO_IMG_TYPE must be set to one of PEI_DEFAULT PEI_PREMEM DXE_SMM.
+!endif
+
+################################################################################
+#
+# Library Class section - list of all Library Classes needed by this Platform.
+#
+################################################################################
+
+!include MdePkg/MdeLibs.dsc.inc
+[LibraryClasses]
+ BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+ DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+ UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+ #
+ # It is not possible to prevent the ARM compiler for generic intrinsic functions.
+ # This library provides the instrinsic functions generate by a given compiler.
+ # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
+ # into all ARM and AARCH64 images.
+ #
+ NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+
+ # Add support for stack protector
+ NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+
+[LibraryClasses.common.PEIM]
+ PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
+ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
+ PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
+ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
+ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+ MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
+ MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
+ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+
+[LibraryClasses]
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+ DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
+ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+ OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+ PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+ UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+ IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
+ MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+
+[LibraryClasses.ARM]
+ ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
+
+[LibraryClasses.common.PEIM]
+ PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+ ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+
+[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]
+ PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
+
+[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM]
+ PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
+
+[LibraryClasses.common.DXE_DRIVER]
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+
+################################################################################
+#
+# Pcd Section - list of all EDK II PCD Entries defined by this Platform
+#
+################################################################################
+[PcdsFixedAtBuild]
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0f
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000
+ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
+
+!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT"
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Final | TRUE
+
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Final | TRUE
+
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Final | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.HashAll | TRUE
+
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Final | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.HashAll | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Duplicate | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Duplicate | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Final | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services.Sha256ExtractAndExpand | TRUE
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_PREMEM"
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Final | TRUE
+
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Final | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.HashAll | TRUE
+
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Update | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Final | TRUE
+!endif
+
+###################################################################################################
+#
+# Components Section - list of the modules and components that will be processed by compilation
+# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
+#
+# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
+# into firmware volume images. This section is just a list of modules to compile from
+# source into UEFI-compliant binaries.
+# It is the FDF file that contains information on combining binary files into firmware
+# volume images, whose concept is beyond UEFI and is described in PI specification.
+# Binary modules do not need to be listed in this section, as they should be
+# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
+# Logo (Logo.bmp), and etc.
+# There may also be modules listed in this section that are not required in the FDF file,
+# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
+# generated for it, but the binary will not be put into any firmware volume.
+#
+###################################################################################################
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM"
+[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ !if "$(CRYPTO_SERVICES)" == "ALL"
+ FILE_GUID = 8DF53C2E-3380-495F-A8B7-370CFE28E1C6
+ !elseif "$(CRYPTO_SERVICES)" == "NONE"
+ FILE_GUID = E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF
+ !elseif "$(CRYPTO_SERVICES)" == "MIN_PEI"
+ FILE_GUID = 0F5827A9-35FD-4F41-8D38-9BAFCE594D31
+ !endif
+ }
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
+[Components.IA32, Components.X64, Components.AARCH64]
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ !if "$(CRYPTO_SERVICES)" == "ALL"
+ FILE_GUID = D9444B06-060D-42C5-9344-F04707BE0169
+ !elseif "$(CRYPTO_SERVICES)" == "NONE"
+ FILE_GUID = C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A
+ !elseif "$(CRYPTO_SERVICES)" == MIN_DXE_MIN_SMM
+ FILE_GUID = DDF5BE9E-159A-4B77-B6D7-82B84B5763A2
+ !endif
+ }
+
+[Components.IA32, Components.X64]
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ !if "$(CRYPTO_SERVICES)" == "ALL"
+ FILE_GUID = A3542CE8-77F7-49DC-A834-45D37D2EC1FA
+ !elseif "$(CRYPTO_SERVICES)" == "NONE"
+ FILE_GUID = 6DCB3127-01E7-4131-A487-DC77A965A541
+ !elseif "$(CRYPTO_SERVICES)" == MIN_DXE_MIN_SMM
+ FILE_GUID = 85F7EA15-3A2B-474A-8875-180542CD6BF3
+ !endif
+ }
+!endif
+
+[BuildOptions]
+ *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
+ MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+ INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+ GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
+ RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
+!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
+ MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096
+ GCC:*_GCC*_*_DLINK_FLAGS = -z common-page-size=0x1000
+!endif
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
new file mode 100644
index 0000000000..16def792c5
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
@@ -0,0 +1,81 @@
+## @file
+# Cryptographic Library Instance for DXE_DRIVER.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BaseCryptLib
+ FILE_GUID = 693C5308-AF95-4CE5-ADE9-CA011C2FC642
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Cipher/CryptAeadAesGcmNull.c
+ Cipher/CryptAes.c
+ Hash/CryptSha256.c
+ Hash/CryptSha512.c
+ Hash/CryptParallelHashNull.c
+ Hash/CryptSm3Null.c
+ Hash/CryptMd5.c
+ Hash/CryptSha1.c
+ Hmac/CryptHmac.c
+ Kdf/CryptHkdf.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptRsaPss.c
+ Pk/CryptRsaPssSignNull.c
+ Bn/CryptBnNull.c
+ Pem/CryptPemNull.c
+ Pk/CryptDhNull.c
+ Pk/CryptEcNull.c
+ Pk/CryptPkcs1OaepNull.c
+ Pk/CryptPkcs5Pbkdf2Null.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7VerifyNull.c
+ Pk/CryptPkcs7VerifyEkuNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pk/CryptTsNull.c
+ Rand/CryptRandNull.c
+ SysCall/CrtWrapper.c
+ SysCall/TimerWrapper.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ UefiRuntimeServicesTableLib
+ DebugLib
+ MbedTlsLib
+ PrintLib
+ IntrinsicLib
+ RngLib
+ SynchronizationLib
+[Protocols]
+ gEfiMpServiceProtocolGuid
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ MSFT:*_*_*_CC_FLAGS = /GL-
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
new file mode 100644
index 0000000000..72b22a24e8
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
@@ -0,0 +1,101 @@
+## @file
+# Cryptographic Library Instance for PEIM.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Note:
+# HMAC-SHA256 functions, AES functions, RSA external
+# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
+# certificate handler functions, authenticode signature verification functions,
+# PEM handler functions, and pseudorandom number generator functions are not
+# supported in this instance.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = PeiCryptLib
+ MODULE_UNI_FILE = PeiCryptLib.uni
+ FILE_GUID = 91E0A3C3-37A7-4AEE-8689-C5B0AD2C8E63
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Hash/CryptMd5.c
+ Hash/CryptSha1.c
+ Hash/CryptSha256.c
+ Hash/CryptSm3Null.c
+ Hash/CryptSha512.c
+ Hash/CryptParallelHashNull.c
+ Hmac/CryptHmac.c
+ Kdf/CryptHkdf.c
+ Cipher/CryptAes.c
+ Cipher/CryptAeadAesGcmNull.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptRsaPss.c
+ Pk/CryptRsaPssSignNull.c
+ Bn/CryptBnNull.c
+ Pem/CryptPemNull.c
+ Pk/CryptDhNull.c
+ Pk/CryptEcNull.c
+ Pk/CryptPkcs1OaepNull.c
+ Pk/CryptPkcs5Pbkdf2Null.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7VerifyNull.c
+ Pk/CryptPkcs7VerifyEkuNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pk/CryptTsNull.c
+ Rand/CryptRandNull.c
+ SysCall/CrtWrapper.c
+ SysCall/ConstantTimeClock.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ DebugLib
+ MbedTlsLib
+ IntrinsicLib
+ PrintLib
+ PeiServicesTablePointerLib
+ PeiServicesLib
+ SynchronizationLib
+
+[Ppis]
+ gEfiPeiMpServicesPpiGuid
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ # C4718: 'function call' : recursive call has no side effects, deleting
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
+
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
+
+ XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
new file mode 100644
index 0000000000..3a6845642d
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
@@ -0,0 +1,25 @@
+// /** @file
+// Cryptographic Library Instance for PEIM.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
+// signature verification functions, PEM handler functions, and pseudorandom number
+// generator functions are not supported in this instance.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
new file mode 100644
index 0000000000..9f17ef00bf
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
@@ -0,0 +1,92 @@
+## @file
+# Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Note: SHA-384 Digest functions, SHA-512 Digest functions,
+# HMAC-SHA256 functions, AES functions, RSA external
+# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+# authenticode signature verification functions are not supported in this instance.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = RuntimeCryptLib
+ MODULE_UNI_FILE = RuntimeCryptLib.uni
+ FILE_GUID = D263B580-D9FC-4DC4-B445-578AAEFF530E
+ MODULE_TYPE = DXE_RUNTIME_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|DXE_RUNTIME_DRIVER
+ CONSTRUCTOR = RuntimeCryptLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Hash/CryptMd5.c
+ Hash/CryptSha1.c
+ Hash/CryptSha256.c
+ Hash/CryptSm3Null.c
+ Hash/CryptSha512.c
+ Hash/CryptParallelHashNull.c
+ Hmac/CryptHmac.c
+ Kdf/CryptHkdf.c
+ Cipher/CryptAes.c
+ Cipher/CryptAeadAesGcmNull.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptRsaPssNull.c
+ Pk/CryptRsaPssSignNull.c
+ Bn/CryptBnNull.c
+ Pem/CryptPemNull.c
+ Pk/CryptDhNull.c
+ Pk/CryptEcNull.c
+ Pk/CryptPkcs1OaepNull.c
+ Pk/CryptPkcs5Pbkdf2Null.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7VerifyNull.c
+ Pk/CryptPkcs7VerifyEkuNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pk/CryptTsNull.c
+ Rand/CryptRandNull.c
+ SysCall/CrtWrapper.c
+ SysCall/TimerWrapper.c
+ SysCall/RuntimeMemAllocation.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ UefiRuntimeServicesTableLib
+ DebugLib
+ MbedTlsLib
+ IntrinsicLib
+ PrintLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ #
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
+
+ XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
new file mode 100644
index 0000000000..b2a2f5ff21
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Diffie-Hellman functions, and authenticode signature verification functions are
+// not supported in this instance.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
new file mode 100644
index 0000000000..6fc073aac6
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
@@ -0,0 +1,84 @@
+## @file
+# Cryptographic Library Instance for SEC.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SecCryptLib
+ MODULE_UNI_FILE = SecCryptLib.uni
+ FILE_GUID = 894C367F-254A-4563-8624-798D46EAD796
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|SEC
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Hash/CryptSha512.c
+
+ Hash/CryptMd5Null.c
+ Hash/CryptSha1Null.c
+ Hash/CryptSha256Null.c
+ Hash/CryptSm3Null.c
+ Hash/CryptParallelHashNull.c
+ Hmac/CryptHmacNull.c
+ Kdf/CryptHkdfNull.c
+ Cipher/CryptAesNull.c
+ Cipher/CryptAeadAesGcmNull.c
+ Pk/CryptRsaBasicNull.c
+ Pk/CryptRsaExtNull.c
+ Bn/CryptBnNull.c
+ Pem/CryptPemNull.c
+ Pk/CryptDhNull.c
+ Pk/CryptEcNull.c
+ Pk/CryptPkcs1OaepNull.c
+ Pk/CryptPkcs5Pbkdf2Null.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7VerifyNull.c
+ Pk/CryptPkcs7VerifyEkuNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pk/CryptTsNull.c
+ Rand/CryptRandNull.c
+ SysCall/CrtWrapper.c
+ SysCall/ConstantTimeClock.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ DebugLib
+ MbedTlsLib
+ IntrinsicLib
+ PrintLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ #
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
+
+ XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
new file mode 100644
index 0000000000..be2fc4067f
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Cryptographic Library Instance for SEC driver.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SEC driver"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
new file mode 100644
index 0000000000..40c56d1b7d
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
@@ -0,0 +1,92 @@
+## @file
+# Cryptographic Library Instance for SMM driver.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Note: SHA-384 Digest functions, SHA-512 Digest functions,
+# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+# authenticode signature verification functions are not supported in this instance.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SmmCryptLib
+ MODULE_UNI_FILE = SmmCryptLib.uni
+ FILE_GUID = CF104633-9901-4504-AD7A-91690926A253
+ MODULE_TYPE = DXE_SMM_DRIVER
+ VERSION_STRING = 1.0
+ PI_SPECIFICATION_VERSION = 0x0001000A
+ LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE MM_STANDALONE
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Hash/CryptMd5.c
+ Hash/CryptSha1.c
+ Hash/CryptSha256.c
+ Hash/CryptSm3Null.c
+ Hash/CryptSha512.c
+ Hash/CryptParallelHashNull.c
+ Hmac/CryptHmac.c
+ Kdf/CryptHkdf.c
+ Cipher/CryptAes.c
+ Cipher/CryptAeadAesGcmNull.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptRsaPss.c
+ Pk/CryptRsaPssSignNull.c
+ Bn/CryptBnNull.c
+ Pem/CryptPemNull.c
+ Pk/CryptDhNull.c
+ Pk/CryptEcNull.c
+ Pk/CryptPkcs1OaepNull.c
+ Pk/CryptPkcs5Pbkdf2Null.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7VerifyNull.c
+ Pk/CryptPkcs7VerifyEkuNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pk/CryptTsNull.c
+ Rand/CryptRandNull.c
+ SysCall/CrtWrapper.c
+ SysCall/ConstantTimeClock.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ MbedTlsLib
+ IntrinsicLib
+ PrintLib
+ MmServicesTableLib
+ SynchronizationLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ #
+
+ XCODE:*_*_*_CC_FLAGS = -mmmx -msse -std=c99
+
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
new file mode 100644
index 0000000000..13948c2f3d
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// Cryptographic Library Instance for SMM driver.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Diffie-Hellman functions, and authenticode signature verification functions are
+// not supported in this instance.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
new file mode 100644
index 0000000000..2ec13ef9d0
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
@@ -0,0 +1,75 @@
+/** @file
+ C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
+ for MbedTLS-based Cryptographic Library.
+
+ This C file implements constant time value for time() and NULL for gmtime()
+ thus should not be used in library instances which require functionality
+ of following APIs which need system time support:
+ 1) RsaGenerateKey
+ 2) RsaCheckKey
+ 3) RsaPkcs1Sign
+ 4) Pkcs7Sign
+ 5) DhGenerateParameter
+ 6) DhGenerateKey
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/BaseMemoryLib.h>
+
+typedef int time_t;
+
+//
+// Structures Definitions
+//
+struct tm {
+ int tm_sec; /* seconds after the minute [0-60] */
+ int tm_min; /* minutes after the hour [0-59] */
+ int tm_hour; /* hours since midnight [0-23] */
+ int tm_mday; /* day of the month [1-31] */
+ int tm_mon; /* months since January [0-11] */
+ int tm_year; /* years since 1900 */
+ int tm_wday; /* days since Sunday [0-6] */
+ int tm_yday; /* days since January 1 [0-365] */
+ int tm_isdst; /* Daylight Savings Time flag */
+ long tm_gmtoff; /* offset from CUT in seconds */
+ char *tm_zone; /* timezone abbreviation */
+};
+
+//
+// -- Time Management Routines --
+//
+
+/**time function. **/
+time_t
+time (
+ time_t *timer
+ )
+{
+ if (timer != NULL) {
+ *timer = 0;
+ }
+
+ return 0;
+}
+
+/**gmtime function. **/
+struct tm *
+gmtime (
+ const time_t *timer
+ )
+{
+ return NULL;
+}
+
+/**_time64 function. **/
+time_t
+_time64 (
+ time_t *t
+ )
+{
+ return time (t);
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
new file mode 100644
index 0000000000..f1d9b9c35c
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
@@ -0,0 +1,58 @@
+/** @file
+ C Run-Time Libraries (CRT) Wrapper Implementation for MbedTLS-based
+ Cryptographic Library.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <stdio.h>
+
+/**dummy mbedtls_printf function. **/
+int
+mbedtls_printf (
+ char const *fmt,
+ ...
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**dummy mbedtls_vsnprintf function. **/
+int
+mbedtls_vsnprintf (
+ char *str,
+ size_t size,
+ const char *format,
+ ...
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**strchr function. **/
+char *
+strchr (
+ const char *str,
+ int ch
+ )
+{
+ return ScanMem8 (str, AsciiStrSize (str), (char)ch);
+}
+
+/**strcmp function. **/
+int
+strcmp (
+ const char *s1,
+ const char *s2
+ )
+{
+ return (int)AsciiStrCmp (s1, s2);
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
new file mode 100644
index 0000000000..51992029a8
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
@@ -0,0 +1,462 @@
+/** @file
+ Light-weight Memory Management Routines for MbedTLS-based Crypto
+ Library at Runtime Phase.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Guid/EventGroup.h>
+
+// ----------------------------------------------------------------
+// Initial version. Needs further optimizations.
+// ----------------------------------------------------------------
+
+//
+// Definitions for Runtime Memory Operations
+//
+#define RT_PAGE_SIZE 0x200
+#define RT_PAGE_MASK 0x1FF
+#define RT_PAGE_SHIFT 9
+
+#define RT_SIZE_TO_PAGES(a) (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MASK) ? 1 : 0))
+#define RT_PAGES_TO_SIZE(a) ((a) << RT_PAGE_SHIFT)
+
+//
+// Page Flag Definitions
+//
+#define RT_PAGE_FREE 0x00000000
+#define RT_PAGE_USED 0x00000001
+
+#define MIN_REQUIRED_BLOCKS 600
+
+//
+// Memory Page Table
+//
+typedef struct {
+ UINTN StartPageOffset; // Offset of the starting page allocated.
+ // Only available for USED pages.
+ UINT32 PageFlag; // Page Attributes.
+} RT_MEMORY_PAGE_ENTRY;
+
+typedef struct {
+ UINTN PageCount;
+ UINTN LastEmptyPageOffset;
+ UINT8 *DataAreaBase; // Pointer to data Area.
+ RT_MEMORY_PAGE_ENTRY Pages[1]; // Page Table Entries.
+} RT_MEMORY_PAGE_TABLE;
+
+//
+// Global Page Table for Runtime Cryptographic Provider.
+//
+RT_MEMORY_PAGE_TABLE *mRTPageTable = NULL;
+
+//
+// Event for Runtime Address Conversion.
+//
+STATIC EFI_EVENT mVirtualAddressChangeEvent;
+
+/**
+ Initializes pre-allocated memory pointed by ScratchBuffer for subsequent
+ runtime use.
+
+ @param[in, out] ScratchBuffer Pointer to user-supplied memory buffer.
+ @param[in] ScratchBufferSize Size of supplied buffer in bytes.
+
+ @retval EFI_SUCCESS Successful initialization.
+
+**/
+EFI_STATUS
+InitializeScratchMemory (
+ IN OUT UINT8 *ScratchBuffer,
+ IN UINTN ScratchBufferSize
+ )
+{
+ UINTN Index;
+ UINTN MemorySize;
+
+ //
+ // Parameters Checking
+ //
+ if (ScratchBuffer == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (ScratchBufferSize < MIN_REQUIRED_BLOCKS * 1024) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ mRTPageTable = (RT_MEMORY_PAGE_TABLE *)ScratchBuffer;
+
+ //
+ // Initialize Internal Page Table for Memory Management
+ //
+ SetMem (mRTPageTable, ScratchBufferSize, 0xFF);
+ MemorySize = ScratchBufferSize - sizeof (RT_MEMORY_PAGE_TABLE) + sizeof (RT_MEMORY_PAGE_ENTRY);
+
+ mRTPageTable->PageCount = MemorySize / (RT_PAGE_SIZE + sizeof (RT_MEMORY_PAGE_ENTRY));
+ mRTPageTable->LastEmptyPageOffset = 0x0;
+
+ for (Index = 0; Index < mRTPageTable->PageCount; Index++) {
+ mRTPageTable->Pages[Index].PageFlag = RT_PAGE_FREE;
+ mRTPageTable->Pages[Index].StartPageOffset = 0;
+ }
+
+ mRTPageTable->DataAreaBase = ScratchBuffer + sizeof (RT_MEMORY_PAGE_TABLE) +
+ (mRTPageTable->PageCount - 1) * sizeof (RT_MEMORY_PAGE_ENTRY);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Look-up Free memory Region for object allocation.
+
+ @param[in] AllocationSize Bytes to be allocated.
+
+ @return Return available page offset for object allocation.
+
+**/
+UINTN
+LookupFreeMemRegion (
+ IN UINTN AllocationSize
+ )
+{
+ UINTN StartPageIndex;
+ UINTN Index;
+ UINTN SubIndex;
+ UINTN ReqPages;
+
+ StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset);
+ ReqPages = RT_SIZE_TO_PAGES (AllocationSize);
+ if (ReqPages > mRTPageTable->PageCount) {
+ //
+ // No enough region for object allocation.
+ //
+ return (UINTN)(-1);
+ }
+
+ //
+ // Look up the free memory region with in current memory map table.
+ //
+ for (Index = StartPageIndex; Index <= (mRTPageTable->PageCount - ReqPages); ) {
+ //
+ // Check consecutive ReqPages pages.
+ //
+ for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) {
+ if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
+ break;
+ }
+ }
+
+ if (SubIndex == ReqPages) {
+ //
+ // Succeed! Return the Starting Offset.
+ //
+ return RT_PAGES_TO_SIZE (Index);
+ }
+
+ //
+ // Failed! Skip current free memory pages and adjacent Used pages
+ //
+ while ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
+ SubIndex++;
+ }
+
+ Index += SubIndex;
+ }
+
+ //
+ // Look up the free memory region from the beginning of the memory table
+ // until the StartCursorOffset
+ //
+ if (ReqPages > StartPageIndex) {
+ //
+ // No enough region for object allocation.
+ //
+ return (UINTN)(-1);
+ }
+
+ for (Index = 0; Index < (StartPageIndex - ReqPages); ) {
+ //
+ // Check Consecutive ReqPages Pages.
+ //
+ for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) {
+ if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
+ break;
+ }
+ }
+
+ if (SubIndex == ReqPages) {
+ //
+ // Succeed! Return the Starting Offset.
+ //
+ return RT_PAGES_TO_SIZE (Index);
+ }
+
+ //
+ // Failed! Skip current adjacent Used pages
+ //
+ while ((SubIndex < (StartPageIndex - ReqPages)) &&
+ ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0))
+ {
+ SubIndex++;
+ }
+
+ Index += SubIndex;
+ }
+
+ //
+ // No available region for object allocation!
+ //
+ return (UINTN)(-1);
+}
+
+/**
+ Allocates a buffer at runtime phase.
+
+ @param[in] AllocationSize Bytes to be allocated.
+
+ @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+RuntimeAllocateMem (
+ IN UINTN AllocationSize
+ )
+{
+ UINT8 *AllocPtr;
+ UINTN ReqPages;
+ UINTN Index;
+ UINTN StartPage;
+ UINTN AllocOffset;
+
+ AllocPtr = NULL;
+ ReqPages = 0;
+
+ //
+ // Look for available consecutive memory region starting from LastEmptyPageOffset.
+ // If no proper memory region found, look up from the beginning.
+ // If still not found, return NULL to indicate failed allocation.
+ //
+ AllocOffset = LookupFreeMemRegion (AllocationSize);
+ if (AllocOffset == (UINTN)(-1)) {
+ return NULL;
+ }
+
+ //
+ // Allocates consecutive memory pages with length of Size. Update the page
+ // table status. Returns the starting address.
+ //
+ ReqPages = RT_SIZE_TO_PAGES (AllocationSize);
+ AllocPtr = mRTPageTable->DataAreaBase + AllocOffset;
+ StartPage = RT_SIZE_TO_PAGES (AllocOffset);
+ Index = 0;
+ while (Index < ReqPages) {
+ mRTPageTable->Pages[StartPage + Index].PageFlag |= RT_PAGE_USED;
+ mRTPageTable->Pages[StartPage + Index].StartPageOffset = AllocOffset;
+
+ Index++;
+ }
+
+ mRTPageTable->LastEmptyPageOffset = AllocOffset + RT_PAGES_TO_SIZE (ReqPages);
+
+ ZeroMem (AllocPtr, AllocationSize);
+
+ //
+ // Returns a VOID pointer to the allocated space
+ //
+ return AllocPtr;
+}
+
+/**
+ Frees a buffer that was previously allocated at runtime phase.
+
+ @param[in] Buffer Pointer to the buffer to free.
+
+**/
+VOID
+RuntimeFreeMem (
+ IN VOID *Buffer
+ )
+{
+ UINTN StartOffset;
+ UINTN StartPageIndex;
+
+ StartOffset = (UINTN)Buffer - (UINTN)mRTPageTable->DataAreaBase;
+ StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset);
+
+ while (StartPageIndex < mRTPageTable->PageCount) {
+ if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
+ (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
+ {
+ //
+ // Free this page
+ //
+ mRTPageTable->Pages[StartPageIndex].PageFlag &= ~RT_PAGE_USED;
+ mRTPageTable->Pages[StartPageIndex].PageFlag |= RT_PAGE_FREE;
+ mRTPageTable->Pages[StartPageIndex].StartPageOffset = 0;
+
+ StartPageIndex++;
+ } else {
+ break;
+ }
+ }
+
+ return;
+}
+
+/**
+ Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
+
+ This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE
+ event. It converts a pointer to a new virtual address.
+
+ @param[in] Event The event whose notification function is being invoked.
+ @param[in] Context The pointer to the notification function's context.
+
+**/
+VOID
+EFIAPI
+RuntimeCryptLibAddressChangeEvent (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ //
+ // Converts a pointer for runtime memory management to a new virtual address.
+ //
+ EfiConvertPointer (0x0, (VOID **)&mRTPageTable->DataAreaBase);
+ EfiConvertPointer (0x0, (VOID **)&mRTPageTable);
+}
+
+/**
+ Constructor routine for runtime crypt library instance.
+
+ The constructor function pre-allocates space for runtime cryptographic operation.
+
+ @param ImageHandle The firmware allocated handle for the EFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The construction succeeded.
+ @retval EFI_OUT_OF_RESOURCE Failed to allocate memory.
+
+**/
+EFI_STATUS
+EFIAPI
+RuntimeCryptLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ VOID *Buffer;
+
+ //
+ // Pre-allocates runtime space for possible cryptographic operations
+ //
+ Buffer = AllocateRuntimePool (MIN_REQUIRED_BLOCKS * 1024);
+ Status = InitializeScratchMemory (Buffer, MIN_REQUIRED_BLOCKS * 1024);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Create address change event
+ //
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ RuntimeCryptLibAddressChangeEvent,
+ NULL,
+ &gEfiEventVirtualAddressChangeGuid,
+ &mVirtualAddressChangeEvent
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ return Status;
+}
+
+//
+// -- Memory-Allocation Routines Wrapper for UEFI-MbedTLS Library --
+//
+
+/** Allocates memory blocks. **/
+VOID *
+malloc (
+ size_t size
+ )
+{
+ return RuntimeAllocateMem ((UINTN)size);
+}
+
+/** Reallocate memory blocks. **/
+VOID *
+realloc (
+ VOID *ptr,
+ size_t size
+ )
+{
+ VOID *NewPtr;
+ UINTN StartOffset;
+ UINTN StartPageIndex;
+ UINTN PageCount;
+
+ if (ptr == NULL) {
+ return malloc (size);
+ }
+
+ //
+ // Get Original Size of ptr
+ //
+ StartOffset = (UINTN)ptr - (UINTN)mRTPageTable->DataAreaBase;
+ StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset);
+ PageCount = 0;
+ while (StartPageIndex < mRTPageTable->PageCount) {
+ if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
+ (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
+ {
+ StartPageIndex++;
+ PageCount++;
+ } else {
+ break;
+ }
+ }
+
+ if (size <= RT_PAGES_TO_SIZE (PageCount)) {
+ //
+ // Return the original pointer, if Caller try to reduce region size;
+ //
+ return ptr;
+ }
+
+ NewPtr = RuntimeAllocateMem ((UINTN)size);
+ if (NewPtr == NULL) {
+ return NULL;
+ }
+
+ CopyMem (NewPtr, ptr, RT_PAGES_TO_SIZE (PageCount));
+
+ RuntimeFreeMem (ptr);
+
+ return NewPtr;
+}
+
+/** Deallocates or frees a memory block. **/
+VOID
+free (
+ VOID *ptr
+ )
+{
+ //
+ // In Standard C, free() handles a null pointer argument transparently. This
+ // is not true of RuntimeFreeMem() below, so protect it.
+ //
+ if (ptr != NULL) {
+ RuntimeFreeMem (ptr);
+ }
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
new file mode 100644
index 0000000000..b7cd4d3181
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
@@ -0,0 +1,198 @@
+/** @file
+ C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
+ for MbedTLS-based Cryptographic Library (used in DXE & RUNTIME).
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+typedef int time_t;
+
+//
+// Structures Definitions
+//
+struct tm {
+ int tm_sec; /* seconds after the minute [0-60] */
+ int tm_min; /* minutes after the hour [0-59] */
+ int tm_hour; /* hours since midnight [0-23] */
+ int tm_mday; /* day of the month [1-31] */
+ int tm_mon; /* months since January [0-11] */
+ int tm_year; /* years since 1900 */
+ int tm_wday; /* days since Sunday [0-6] */
+ int tm_yday; /* days since January 1 [0-365] */
+ int tm_isdst; /* Daylight Savings Time flag */
+ long tm_gmtoff; /* offset from CUT in seconds */
+ char *tm_zone; /* timezone abbreviation */
+};
+
+//
+// -- Time Management Routines --
+//
+
+#define IsLeap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
+#define SECSPERMIN (60)
+#define SECSPERHOUR (60 * 60)
+#define SECSPERDAY (24 * SECSPERHOUR)
+
+//
+// The arrays give the cumulative number of days up to the first of the
+// month number used as the index (1 -> 12) for regular and leap years.
+// The value at index 13 is for the whole year.
+//
+UINTN CumulativeDays[2][14] = {
+ {
+ 0,
+ 0,
+ 31,
+ 31 + 28,
+ 31 + 28 + 31,
+ 31 + 28 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
+ },
+ {
+ 0,
+ 0,
+ 31,
+ 31 + 29,
+ 31 + 29 + 31,
+ 31 + 29 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
+ }
+};
+
+/** Get the system time as seconds elapsed since midnight, January 1, 1970. **/
+time_t
+time (
+ time_t *timer
+ )
+{
+ EFI_STATUS Status;
+ EFI_TIME Time;
+ time_t CalTime;
+ UINTN Year;
+
+ //
+ // Get the current time and date information
+ //
+ Status = gRT->GetTime (&Time, NULL);
+ if (EFI_ERROR (Status) || (Time.Year < 1970)) {
+ return 0;
+ }
+
+ //
+ // Years Handling
+ // UTime should now be set to 00:00:00 on Jan 1 of the current year.
+ //
+ for (Year = 1970, CalTime = 0; Year != Time.Year; Year++) {
+ CalTime = CalTime + (time_t)(CumulativeDays[IsLeap (Year)][13] * SECSPERDAY);
+ }
+
+ //
+ // Add in number of seconds for current Month, Day, Hour, Minute, Seconds, and TimeZone adjustment
+ //
+ CalTime = CalTime +
+ (time_t)((Time.TimeZone != EFI_UNSPECIFIED_TIMEZONE) ? (Time.TimeZone * 60) : 0) +
+ (time_t)(CumulativeDays[IsLeap (Time.Year)][Time.Month] * SECSPERDAY) +
+ (time_t)(((Time.Day > 0) ? Time.Day - 1 : 0) * SECSPERDAY) +
+ (time_t)(Time.Hour * SECSPERHOUR) +
+ (time_t)(Time.Minute * 60) +
+ (time_t)Time.Second;
+
+ if (timer != NULL) {
+ *timer = CalTime;
+ }
+
+ return CalTime;
+}
+
+/** Convert a time value from type time_t to struct tm. **/
+struct tm *
+gmtime (
+ const time_t *timer
+ )
+{
+ struct tm *GmTime;
+ UINT16 DayNo;
+ UINT16 DayRemainder;
+ time_t Year;
+ time_t YearNo;
+ UINT16 TotalDays;
+ UINT16 MonthNo;
+
+ if (timer == NULL) {
+ return NULL;
+ }
+
+ GmTime = AllocateZeroPool (sizeof (struct tm));
+ if (GmTime == NULL) {
+ return NULL;
+ }
+
+ ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm));
+
+ DayNo = (UINT16)(*timer / SECSPERDAY);
+ DayRemainder = (UINT16)(*timer % SECSPERDAY);
+
+ GmTime->tm_sec = (int)(DayRemainder % SECSPERMIN);
+ GmTime->tm_min = (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN);
+ GmTime->tm_hour = (int)(DayRemainder / SECSPERHOUR);
+ GmTime->tm_wday = (int)((DayNo + 4) % 7);
+
+ for (Year = 1970, YearNo = 0; DayNo > 0; Year++) {
+ TotalDays = (UINT16)(IsLeap (Year) ? 366 : 365);
+ if (DayNo >= TotalDays) {
+ DayNo = (UINT16)(DayNo - TotalDays);
+ YearNo++;
+ } else {
+ break;
+ }
+ }
+
+ GmTime->tm_year = (int)(YearNo + (1970 - 1900));
+ GmTime->tm_yday = (int)DayNo;
+
+ for (MonthNo = 12; MonthNo > 1; MonthNo--) {
+ if (DayNo >= CumulativeDays[IsLeap (Year)][MonthNo]) {
+ DayNo = (UINT16)(DayNo - (UINT16)(CumulativeDays[IsLeap (Year)][MonthNo]));
+ break;
+ }
+ }
+
+ GmTime->tm_mon = (int)MonthNo - 1;
+ GmTime->tm_mday = (int)DayNo + 1;
+
+ GmTime->tm_isdst = 0;
+ GmTime->tm_gmtoff = 0;
+ GmTime->tm_zone = NULL;
+
+ return GmTime;
+}
+
+/**_time64 function. **/
+time_t
+_time64 (
+ time_t *t
+ )
+{
+ return time (t);
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
new file mode 100644
index 0000000000..def990b996
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
@@ -0,0 +1,76 @@
+## @file
+# Cryptographic Library Instance for DXE_DRIVER.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - signature.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BaseCryptLib
+ FILE_GUID = 9DD60CFE-9D05-41E2-8B9E-958E2A4C1913
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+ InternalCryptLib.h
+ Cipher/CryptAeadAesGcmNull.c
+ Cipher/CryptAes.c
+ Hash/CryptSha256.c
+ Hash/CryptSha512.c
+ Hash/CryptSm3Null.c
+ Hash/CryptMd5.c
+ Hash/CryptSha1.c
+ Hmac/CryptHmac.c
+ Kdf/CryptHkdf.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptRsaPss.c
+ Pk/CryptRsaPssSignNull.c
+ Bn/CryptBnNull.c
+ Pem/CryptPemNull.c
+ Pk/CryptDhNull.c
+ Pk/CryptEcNull.c
+ Pk/CryptPkcs1OaepNull.c
+ Pk/CryptPkcs5Pbkdf2Null.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7VerifyNull.c
+ Pk/CryptPkcs7VerifyEkuNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pk/CryptTsNull.c
+ Rand/CryptRandNull.c
+ SysCall/CrtWrapper.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ UefiRuntimeServicesTableLib
+ DebugLib
+ MbedTlsLib
+ PrintLib
+ RngLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ MSFT:*_*_*_CC_FLAGS = /GL-
diff --git a/CryptoPkg/Library/Include/stdint.h b/CryptoPkg/Library/Include/stdint.h
new file mode 100644
index 0000000000..17b8c767d7
--- /dev/null
+++ b/CryptoPkg/Library/Include/stdint.h
@@ -0,0 +1,19 @@
+/** @file
+ Include file to support building the third-party cryptographic library.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>
+
+typedef INT8 int8_t;
+typedef UINT8 uint8_t;
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef INT64 int64_t;
+typedef UINT64 uint64_t;
+typedef UINTN uintptr_t;
diff --git a/CryptoPkg/Library/Include/stubs-32.h b/CryptoPkg/Library/Include/stubs-32.h
new file mode 100644
index 0000000000..786d57e8d5
--- /dev/null
+++ b/CryptoPkg/Library/Include/stubs-32.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building the third-party cryptographic library.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c b/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
index c7d5c393a1..1c9cd72b70 100644
--- a/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
+++ b/CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
@@ -12,7 +12,7 @@
#include <mbedtls/ecdh.h>
#include <mbedtls/ecdsa.h>
#include <mbedtls/bignum.h>
-#include <library/bignum_core.h>
+#include <bignum_core.h>
/*
* Get the curve info for the internal identifier