* New upstream release.debian/15+1533136590.3beb971-1

  - debian/patches/second-stage-path: dropped; the default loader path now
    includes an arch suffix.
  - debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
  - debian/copyright: Update upstream source location.
  - debian/control: add a Build-Depends on libelf-dev.
  - Enable arm64 build.
  - debian/patches/fixup_git.patch: don't run git in clean; we're not
    really in a git tree.
  - debian/rules, debian/shim.install: use the upstream install target as
    intended, and move files to the target directory using dh_install.
  - define RELEASE and COMMIT_ID for the snapshot.
  - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
    options: set MAKELEVEL.
  - Define an EFI_ARCH variable, and use that for paths to shim. This
    makes it possible to build a shim for other architectures than amd64.
  - Set EFIDIR=$distro for dh_auto_install; that will let files be installed
    in the "right" final directories, and makes boot.csv for us.
  - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
    at compile-time for MokManager and fallback.
  - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
    and MokManager.

5 files changed, 495 insertions, 394 deletions

diff --git a/Cryptlib/Hmac/CryptHmacMd5.c b/Cryptlib/Hmac/CryptHmacMd5.c
deleted file mode 100644
index 693cd322..00000000
--- a/Cryptlib/Hmac/CryptHmacMd5.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/** @file

-  HMAC-MD5 Wrapper Implementation over OpenSSL.

-

-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#include "InternalCryptLib.h"

-#include <openssl/hmac.h>

-

-/**

-  Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.

-

-  @return  The size, in bytes, of the context buffer required for HMAC-MD5 operations.

-

-**/

-UINTN

-EFIAPI

-HmacMd5GetContextSize (

-  VOID

-  )

-{

-  //

-  // Retrieves the OpenSSL HMAC-MD5 Context Size

-  //

-  return (UINTN) (sizeof (HMAC_CTX));

-}

-

-/**

-  Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for

-  subsequent use.

-

-  If HmacMd5Context is NULL, then return FALSE.

-

-  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.

-  @param[in]   Key             Pointer to the user-supplied key.

-  @param[in]   KeySize         Key size in bytes.

-

-  @retval TRUE   HMAC-MD5 context initialization succeeded.

-  @retval FALSE  HMAC-MD5 context initialization failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacMd5Init (

-  OUT  VOID         *HmacMd5Context,

-  IN   CONST UINT8  *Key,

-  IN   UINTN        KeySize

-  )

-{

-  //

-  // Check input parameters.

-  //

-  if (HmacMd5Context == NULL || KeySize > INT_MAX) {

-    return FALSE;

-  }

-

-  //

-  // OpenSSL HMAC-MD5 Context Initialization

-  //

-  HMAC_CTX_init (HmacMd5Context);

-  HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL);

-

-  return TRUE;

-}

-

-/**

-  Makes a copy of an existing HMAC-MD5 context.

-

-  If HmacMd5Context is NULL, then return FALSE.

-  If NewHmacMd5Context is NULL, then return FALSE.

-

-  @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.

-  @param[out] NewHmacMd5Context  Pointer to new HMAC-MD5 context.

-

-  @retval TRUE   HMAC-MD5 context copy succeeded.

-  @retval FALSE  HMAC-MD5 context copy failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacMd5Duplicate (

-  IN   CONST VOID  *HmacMd5Context,

-  OUT  VOID        *NewHmacMd5Context

-  )

-{

-  //

-  // Check input parameters.

-  //

-  if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) {

-    return FALSE;

-  }

-  

-  CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX));

-

-  return TRUE;

-}

-

-/**

-  Digests the input data and updates HMAC-MD5 context.

-

-  This function performs HMAC-MD5 digest on a data buffer of the specified size.

-  It can be called multiple times to compute the digest of long or discontinuous data streams.

-  HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be

-  finalized by HmacMd5Final(). Behavior with invalid context is undefined.

-

-  If HmacMd5Context is NULL, then return FALSE.

-

-  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.

-  @param[in]       Data            Pointer to the buffer containing the data to be digested.

-  @param[in]       DataSize        Size of Data buffer in bytes.

-

-  @retval TRUE   HMAC-MD5 data digest succeeded.

-  @retval FALSE  HMAC-MD5 data digest failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacMd5Update (

-  IN OUT  VOID        *HmacMd5Context,

-  IN      CONST VOID  *Data,

-  IN      UINTN       DataSize

-  )

-{

-  //

-  // Check input parameters.

-  //

-  if (HmacMd5Context == NULL) {

-    return FALSE;

-  }

-

-  //

-  // Check invalid parameters, in case that only DataLength was checked in OpenSSL

-  //

-  if (Data == NULL && DataSize != 0) {

-    return FALSE;

-  }

-

-  //

-  // OpenSSL HMAC-MD5 digest update

-  //

-  HMAC_Update (HmacMd5Context, Data, DataSize);

-

-  return TRUE;

-}

-

-/**

-  Completes computation of the HMAC-MD5 digest value.

-

-  This function completes HMAC-MD5 digest computation and retrieves the digest value into

-  the specified memory. After this function has been called, the HMAC-MD5 context cannot

-  be used again.

-  HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be

-  finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.

-

-  If HmacMd5Context is NULL, then return FALSE.

-  If HmacValue is NULL, then return FALSE.

-

-  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.

-  @param[out]      HmacValue       Pointer to a buffer that receives the HMAC-MD5 digest

-                                   value (16 bytes).

-

-  @retval TRUE   HMAC-MD5 digest computation succeeded.

-  @retval FALSE  HMAC-MD5 digest computation failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacMd5Final (

-  IN OUT  VOID   *HmacMd5Context,

-  OUT     UINT8  *HmacValue

-  )

-{

-  UINT32  Length;

-

-  //

-  // Check input parameters.

-  //

-  if (HmacMd5Context == NULL || HmacValue == NULL) {

-    return FALSE;

-  }

-

-  //

-  // OpenSSL HMAC-MD5 digest finalization

-  //

-  HMAC_Final (HmacMd5Context, HmacValue, &Length);

-  HMAC_CTX_cleanup (HmacMd5Context);

-

-  return TRUE;

-}

diff --git a/Cryptlib/Hmac/CryptHmacMd5Null.c b/Cryptlib/Hmac/CryptHmacMd5Null.c
new file mode 100644
index 00000000..bfe68ab9
--- /dev/null
+++ b/Cryptlib/Hmac/CryptHmacMd5Null.c
@@ -0,0 +1,165 @@
+/** @file

+  HMAC-MD5 Wrapper Implementation which does not provide real capabilities.

+

+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials

+are licensed and made available under the terms and conditions of the BSD License

+which accompanies this distribution.  The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include "InternalCryptLib.h"

+

+/**

+  Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.

+  (NOTE: This API is deprecated.

+         Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)

+

+  Return zero to indicate this interface is not supported.

+

+  @retval  0   This interface is not supported.

+

+**/

+UINTN

+EFIAPI

+HmacMd5GetContextSize (

+  VOID

+  )

+{

+  ASSERT (FALSE);

+  return 0;

+}

+

+/**

+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.

+

+  Return NULL to indicate this interface is not supported.

+

+  @retval NULL  This interface is not supported.

+

+**/

+VOID *

+EFIAPI

+HmacMd5New (

+  VOID

+  )

+{

+  ASSERT (FALSE);

+  return NULL;

+}

+

+/**

+  Release the specified HMAC_CTX context.

+

+  This function will do nothing.

+

+  @param[in]  HmacMd5Ctx  Pointer to the HMAC_CTX context to be released.

+

+**/

+VOID

+EFIAPI

+HmacMd5Free (

+  IN  VOID  *HmacMd5Ctx

+  )

+{

+  ASSERT (FALSE);

+  return;

+}

+

+/**

+  Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for

+  subsequent use. 

+

+  Return FALSE to indicate this interface is not supported.  

+

+  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.

+  @param[in]   Key             Pointer to the user-supplied key.

+  @param[in]   KeySize         Key size in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacMd5Init (

+  OUT  VOID         *HmacMd5Context,

+  IN   CONST UINT8  *Key,

+  IN   UINTN        KeySize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Makes a copy of an existing HMAC-MD5 context.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.

+  @param[out] NewHmacMd5Context  Pointer to new HMAC-MD5 context.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacMd5Duplicate (

+  IN   CONST VOID  *HmacMd5Context,

+  OUT  VOID        *NewHmacMd5Context

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Digests the input data and updates HMAC-MD5 context.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.

+  @param[in]       Data            Pointer to the buffer containing the data to be digested.

+  @param[in]       DataSize        Size of Data buffer in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacMd5Update (

+  IN OUT  VOID        *HmacMd5Context,

+  IN      CONST VOID  *Data,

+  IN      UINTN       DataSize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Completes computation of the HMAC-MD5 digest value.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.

+  @param[out]      HmacValue       Pointer to a buffer that receives the HMAC-MD5 digest

+                                   value (16 bytes).

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacMd5Final (

+  IN OUT  VOID   *HmacMd5Context,

+  OUT     UINT8  *HmacValue

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

diff --git a/Cryptlib/Hmac/CryptHmacSha1.c b/Cryptlib/Hmac/CryptHmacSha1.c
deleted file mode 100644
index 881d26cf..00000000
--- a/Cryptlib/Hmac/CryptHmacSha1.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/** @file

-  HMAC-SHA1 Wrapper Implementation over OpenSSL.

-

-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#include "InternalCryptLib.h"

-#include <openssl/hmac.h>

-

-/**

-  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.

-

-  @return  The size, in bytes, of the context buffer required for HMAC-SHA1 operations.

-

-**/

-UINTN

-EFIAPI

-HmacSha1GetContextSize (

-  VOID

-  )

-{

-  //

-  // Retrieves the OpenSSL HMAC-SHA1 Context Size

-  //

-  return (UINTN) (sizeof (HMAC_CTX));

-}

-

-/**

-  Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for

-  subsequent use.

-

-  If HmacSha1Context is NULL, then return FALSE.

-

-  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.

-  @param[in]   Key              Pointer to the user-supplied key.

-  @param[in]   KeySize          Key size in bytes.

-

-  @retval TRUE   HMAC-SHA1 context initialization succeeded.

-  @retval FALSE  HMAC-SHA1 context initialization failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1Init (

-  OUT  VOID         *HmacSha1Context,

-  IN   CONST UINT8  *Key,

-  IN   UINTN        KeySize

-  )

-{

-  //

-  // Check input parameters.

-  //

-  if (HmacSha1Context == NULL || KeySize > INT_MAX) {

-    return FALSE;

-  }

-

-  //

-  // OpenSSL HMAC-SHA1 Context Initialization

-  //

-  HMAC_CTX_init (HmacSha1Context);

-  HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL);

-

-  return TRUE;

-}

-

-/**

-  Makes a copy of an existing HMAC-SHA1 context.

-

-  If HmacSha1Context is NULL, then return FALSE.

-  If NewHmacSha1Context is NULL, then return FALSE.

-

-  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.

-  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.

-

-  @retval TRUE   HMAC-SHA1 context copy succeeded.

-  @retval FALSE  HMAC-SHA1 context copy failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1Duplicate (

-  IN   CONST VOID  *HmacSha1Context,

-  OUT  VOID        *NewHmacSha1Context

-  )

-{

-  //

-  // Check input parameters.

-  //

-  if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) {

-    return FALSE;

-  }

-

-  CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX));

-

-  return TRUE;

-}

-

-/**

-  Digests the input data and updates HMAC-SHA1 context.

-

-  This function performs HMAC-SHA1 digest on a data buffer of the specified size.

-  It can be called multiple times to compute the digest of long or discontinuous data streams.

-  HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not

-  be finalized by HmacSha1Final(). Behavior with invalid context is undefined.

-

-  If HmacSha1Context is NULL, then return FALSE.

-

-  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.

-  @param[in]       Data            Pointer to the buffer containing the data to be digested.

-  @param[in]       DataSize        Size of Data buffer in bytes.

-

-  @retval TRUE   HMAC-SHA1 data digest succeeded.

-  @retval FALSE  HMAC-SHA1 data digest failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1Update (

-  IN OUT  VOID        *HmacSha1Context,

-  IN      CONST VOID  *Data,

-  IN      UINTN       DataSize

-  )

-{

-  //

-  // Check input parameters.

-  //

-  if (HmacSha1Context == NULL) {

-    return FALSE;

-  }

-

-  //

-  // Check invalid parameters, in case that only DataLength was checked in OpenSSL

-  //

-  if (Data == NULL && DataSize != 0) {

-    return FALSE;

-  }

-

-  //

-  // OpenSSL HMAC-SHA1 digest update

-  //

-  HMAC_Update (HmacSha1Context, Data, DataSize);

-

-  return TRUE;

-}

-

-/**

-  Completes computation of the HMAC-SHA1 digest value.

-

-  This function completes HMAC-SHA1 digest computation and retrieves the digest value into

-  the specified memory. After this function has been called, the HMAC-SHA1 context cannot

-  be used again.

-  HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should

-  not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.

-

-  If HmacSha1Context is NULL, then return FALSE.

-  If HmacValue is NULL, then return FALSE.

-

-  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.

-  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest

-                                    value (20 bytes).

-

-  @retval TRUE   HMAC-SHA1 digest computation succeeded.

-  @retval FALSE  HMAC-SHA1 digest computation failed.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1Final (

-  IN OUT  VOID   *HmacSha1Context,

-  OUT     UINT8  *HmacValue

-  )

-{

-  UINT32  Length;

-

-  //

-  // Check input parameters.

-  //

-  if (HmacSha1Context == NULL || HmacValue == NULL) {

-    return FALSE;

-  }

-

-  //

-  // OpenSSL HMAC-SHA1 digest finalization

-  //

-  HMAC_Final (HmacSha1Context, HmacValue, &Length);

-  HMAC_CTX_cleanup (HmacSha1Context);

-

-  return TRUE;

-}

diff --git a/Cryptlib/Hmac/CryptHmacSha1Null.c b/Cryptlib/Hmac/CryptHmacSha1Null.c
new file mode 100644
index 00000000..466c4885
--- /dev/null
+++ b/Cryptlib/Hmac/CryptHmacSha1Null.c
@@ -0,0 +1,165 @@
+/** @file

+  HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.  

+

+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials

+are licensed and made available under the terms and conditions of the BSD License

+which accompanies this distribution.  The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include "InternalCryptLib.h"

+

+/**

+  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.

+  (NOTE: This API is deprecated.

+         Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)

+

+  Return zero to indicate this interface is not supported.

+

+  @retval  0   This interface is not supported.

+

+**/

+UINTN

+EFIAPI

+HmacSha1GetContextSize (

+  VOID

+  )

+{

+  ASSERT (FALSE);

+  return 0;

+}

+

+/**

+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.

+

+  Return NULL to indicate this interface is not supported.

+

+  @return  NULL  This interface is not supported..

+

+**/

+VOID *

+EFIAPI

+HmacSha1New (

+  VOID

+  )

+{

+  ASSERT (FALSE);

+  return NULL;

+}

+

+/**

+  Release the specified HMAC_CTX context.

+

+  This function will do nothing.

+

+  @param[in]  HmacSha1Ctx  Pointer to the HMAC_CTX context to be released.

+

+**/

+VOID

+EFIAPI

+HmacSha1Free (

+  IN  VOID  *HmacSha1Ctx

+  )

+{

+  ASSERT (FALSE);

+  return;

+}

+

+/**

+  Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for

+  subsequent use.

+

+  Return FALSE to indicate this interface is not supported.  

+

+  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.

+  @param[in]   Key              Pointer to the user-supplied key.

+  @param[in]   KeySize          Key size in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha1Init (

+  OUT  VOID         *HmacSha1Context,

+  IN   CONST UINT8  *Key,

+  IN   UINTN        KeySize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Makes a copy of an existing HMAC-SHA1 context.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.

+  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha1Duplicate (

+  IN   CONST VOID  *HmacSha1Context,

+  OUT  VOID        *NewHmacSha1Context

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Digests the input data and updates HMAC-SHA1 context.

+

+  Return FALSE to indicate this interface is not supported.  

+

+  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.

+  @param[in]       Data            Pointer to the buffer containing the data to be digested.

+  @param[in]       DataSize        Size of Data buffer in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha1Update (

+  IN OUT  VOID        *HmacSha1Context,

+  IN      CONST VOID  *Data,

+  IN      UINTN       DataSize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Completes computation of the HMAC-SHA1 digest value.

+

+  Return FALSE to indicate this interface is not supported.  

+

+  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.

+  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest

+                                    value (20 bytes).

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha1Final (

+  IN OUT  VOID   *HmacSha1Context,

+  OUT     UINT8  *HmacValue

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

diff --git a/Cryptlib/Hmac/CryptHmacSha256Null.c b/Cryptlib/Hmac/CryptHmacSha256Null.c
new file mode 100644
index 00000000..1696fa1e
--- /dev/null
+++ b/Cryptlib/Hmac/CryptHmacSha256Null.c
@@ -0,0 +1,165 @@
+/** @file

+  HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.

+

+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials

+are licensed and made available under the terms and conditions of the BSD License

+which accompanies this distribution.  The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include "InternalCryptLib.h"

+

+/**

+  Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.

+  (NOTE: This API is deprecated.

+         Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)

+

+  Return zero to indicate this interface is not supported.

+

+  @retval  0   This interface is not supported.

+

+**/

+UINTN

+EFIAPI

+HmacSha256GetContextSize (

+  VOID

+  )

+{

+  ASSERT (FALSE);

+  return 0;

+}

+

+/**

+  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.

+

+  Return NULL to indicate this interface is not supported.

+

+  @return  NULL  This interface is not supported..

+

+**/

+VOID *

+EFIAPI

+HmacSha256New (

+  VOID

+  )

+{

+  ASSERT (FALSE);

+  return NULL;

+}

+

+/**

+  Release the specified HMAC_CTX context.

+

+  This function will do nothing.

+

+  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.

+

+**/

+VOID

+EFIAPI

+HmacSha256Free (

+  IN  VOID  *HmacSha256Ctx

+  )

+{

+  ASSERT (FALSE);

+  return;

+}

+

+/**

+  Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for

+  subsequent use.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.

+  @param[in]   Key                Pointer to the user-supplied key.

+  @param[in]   KeySize            Key size in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha256Init (

+  OUT  VOID         *HmacSha256Context,

+  IN   CONST UINT8  *Key,

+  IN   UINTN        KeySize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Makes a copy of an existing HMAC-SHA256 context.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.

+  @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha256Duplicate (

+  IN   CONST VOID  *HmacSha256Context,

+  OUT  VOID        *NewHmacSha256Context

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Digests the input data and updates HMAC-SHA256 context.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.

+  @param[in]       Data              Pointer to the buffer containing the data to be digested.

+  @param[in]       DataSize          Size of Data buffer in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha256Update (

+  IN OUT  VOID        *HmacSha256Context,

+  IN      CONST VOID  *Data,

+  IN      UINTN       DataSize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Completes computation of the HMAC-SHA256 digest value.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.

+  @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest

+                                      value (32 bytes).

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+HmacSha256Final (

+  IN OUT  VOID   *HmacSha256Context,

+  OUT     UINT8  *HmacValue

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}