tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix several issues in BaseCryptLib: 

1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
tye1 2012-08-02 02:49:24 +00:00
parent a08dcb2ab1
commit dda39f3a58
20 changed files with 276 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -1978,12 +1978,13 @@ DhGenerateKey (
Computes exchanged common key.
Given peer's public key, this function computes the exchanged common key, based on its own
context including value of prime modulus and random secret exponent.
context including value of prime modulus and random secret exponent.
If DhContext is NULL, then return FALSE.
If PeerPublicKey is NULL, then return FALSE.
If KeySize is NULL, then return FALSE.
If KeySize is large enough but Key is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize is not large enough, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] DhContext Pointer to the DH context.

1
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
View File

@ -93,6 +93,7 @@
BaseLib
BaseMemoryLib
MemoryAllocationLib
UefiRuntimeServicesTableLib
DebugLib
OpensslLib
IntrinsicLib

12
CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
View File

@ -241,7 +241,11 @@ AesCbcEncrypt (
//
// Check input parameters.
//
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
@ -299,7 +303,11 @@ AesCbcDecrypt (
//
// Check input parameters.
//
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}

4
CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
View File

@ -115,7 +115,7 @@ Arc4Encrypt (
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL) {
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
@ -161,7 +161,7 @@ Arc4Decrypt (
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL) {
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}

12
CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
View File

@ -275,7 +275,11 @@ TdesCbcEncrypt (
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
@ -339,7 +343,11 @@ TdesCbcDecrypt (
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}

2
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
View File

@ -58,7 +58,7 @@ HmacMd5Init (
//
// Check input parameters.
//
if (HmacMd5Context == NULL) {
if (HmacMd5Context == NULL || KeySize > INT_MAX) {
return FALSE;
}

2
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
View File

@ -58,7 +58,7 @@ HmacSha1Init (
//
// Check input parameters.
//
if (HmacSha1Context == NULL) {
if (HmacSha1Context == NULL || KeySize > INT_MAX) {
return FALSE;
}

2
CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
View File

@ -21,6 +21,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include "OpenSslSupport.h"
//
// Environment Setting for OpenSSL-based UEFI Crypto Library.
//

21
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
View File

@ -86,17 +86,24 @@ RsaGetPrivateKeyFromPem (
return FALSE;
}
Status = FALSE;
PemBio = NULL;
//
// Add possible block-cipher descriptor for PEM data decryption.
// NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
//
EVP_add_cipher (EVP_des_ede3_cbc ());
EVP_add_cipher (EVP_aes_128_cbc ());
EVP_add_cipher (EVP_aes_192_cbc ());
EVP_add_cipher (EVP_aes_256_cbc ());
if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
return FALSE;
}
Status = FALSE;
//
// Read encrypted PEM Data.

84
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
View File

@ -91,7 +91,7 @@ DhGenerateParameter (
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL) {
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
return FALSE;
}
@ -139,12 +139,13 @@ DhSetParameter (
IN CONST UINT8 *Prime
)
{
DH *Dh;
DH *Dh;
BIGNUM *Bn;
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL) {
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
return FALSE;
}
@ -152,14 +153,46 @@ DhSetParameter (
return FALSE;
}
Dh = (DH *) DhContext;
Dh->p = BN_new();
Dh->g = BN_new();
Bn = NULL;
BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
BN_set_word (Dh->g, (UINT32) Generator);
Dh = (DH *) DhContext;
Dh->g = NULL;
Dh->p = BN_new ();
if (Dh->p == NULL) {
goto Error;
}
Dh->g = BN_new ();
if (Dh->g == NULL) {
goto Error;
}
Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
if (Bn == NULL) {
goto Error;
}
if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {
goto Error;
}
return TRUE;
Error:
if (Dh->p != NULL) {
BN_free (Dh->p);
}
if (Dh->g != NULL) {
BN_free (Dh->g);
}
if (Bn != NULL) {
BN_free (Bn);
}
return FALSE;
}
/**
@ -194,6 +227,7 @@ DhGenerateKey (
{
BOOLEAN RetVal;
DH *Dh;
INTN Size;
//
// Check input parameters.
@ -207,12 +241,17 @@ DhGenerateKey (
}
Dh = (DH *) DhContext;
*PublicKeySize = 0;
RetVal = (BOOLEAN) DH_generate_key (DhContext);
if (RetVal) {
Size = BN_num_bytes (Dh->pub_key);
if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
*PublicKeySize = Size;
return FALSE;
}
BN_bn2bin (Dh->pub_key, PublicKey);
*PublicKeySize = BN_num_bytes (Dh->pub_key);
*PublicKeySize = Size;
}
return RetVal;
@ -227,7 +266,8 @@ DhGenerateKey (
If DhContext is NULL, then return FALSE.
If PeerPublicKey is NULL, then return FALSE.
If KeySize is NULL, then return FALSE.
If KeySize is large enough but Key is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize is not large enough, then return FALSE.
@param[in, out] DhContext Pointer to the DH context.
@param[in] PeerPublicKey Pointer to the peer's public key.
@ -252,23 +292,37 @@ DhComputeKey (
)
{
BIGNUM *Bn;
INTN Size;
//
// Check input parameters.
//
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) {
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
return FALSE;
}
if (Key == NULL && *KeySize != 0) {
if (PeerPublicKeySize > INT_MAX) {
return FALSE;
}
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
if (Bn == NULL) {
return FALSE;
}
*KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);
Size = DH_compute_key (Key, Bn, DhContext);
if (Size < 0) {
BN_free (Bn);
return FALSE;
}
if (*KeySize < (UINTN) Size) {
*KeySize = Size;
BN_free (Bn);
return FALSE;
}
*KeySize = Size;
BN_free (Bn);
return TRUE;
}

20
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
View File

@ -92,12 +92,21 @@ Pkcs7Sign (
return Status;
}
Status = FALSE;
//
// Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
//
EVP_add_digest (EVP_md5());
EVP_add_digest (EVP_sha1());
EVP_add_digest (EVP_sha256());
if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
RandomSeed (NULL, 0);
//
@ -105,7 +114,6 @@ Pkcs7Sign (
//
Key = EVP_PKEY_new ();
if (Key == NULL) {
Status = FALSE;
goto _Exit;
}
Key->save_type = EVP_PKEY_RSA;
@ -129,7 +137,6 @@ Pkcs7Sign (
PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
);
if (Pkcs7 == NULL) {
Status = FALSE;
goto _Exit;
}
@ -138,13 +145,11 @@ Pkcs7Sign (
//
P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
if (P7DataSize <= 19) {
Status = FALSE;
goto _Exit;
}
P7Data = malloc (P7DataSize);
if (P7Data == NULL) {
Status = FALSE;
goto _Exit;
}
@ -158,7 +163,6 @@ Pkcs7Sign (
*SignedDataSize = P7DataSize - 19;
*SignedData = malloc (*SignedDataSize);
if (*SignedData == NULL) {
Status = FALSE;
OPENSSL_free (P7Data);
goto _Exit;
}

17
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
View File

@ -485,10 +485,19 @@ Pkcs7Verify (
//
// Register & Initialize necessary digest algorithms for PKCS#7 Handling
//
EVP_add_digest (EVP_md5());
EVP_add_digest (EVP_sha1());
EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA);
EVP_add_digest (EVP_sha256());
if (EVP_add_digest (EVP_md5 ()) == 0) {
return FALSE;
}
if (EVP_add_digest (EVP_sha1 ()) == 0) {
return FALSE;
}
if (EVP_add_digest (EVP_sha256 ()) == 0) {
return FALSE;
}
if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {
return FALSE;
}
Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
if (!Status) {

36
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
View File

@ -97,7 +97,7 @@ RsaSetKey (
//
// Check input parameters.
//
if (RsaContext == NULL) {
if (RsaContext == NULL || BnSize > INT_MAX) {
return FALSE;
}
@ -121,6 +121,10 @@ RsaSetKey (
break;
}
RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
if (RsaKey->n == NULL) {
return FALSE;
}
break;
//
@ -135,6 +139,10 @@ RsaSetKey (
break;
}
RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
if (RsaKey->e == NULL) {
return FALSE;
}
break;
//
@ -149,6 +157,10 @@ RsaSetKey (
break;
}
RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
if (RsaKey->d == NULL) {
return FALSE;
}
break;
//
@ -163,6 +175,10 @@ RsaSetKey (
break;
}
RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
if (RsaKey->p == NULL) {
return FALSE;
}
break;
//
@ -177,6 +193,10 @@ RsaSetKey (
break;
}
RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
if (RsaKey->q == NULL) {
return FALSE;
}
break;
//
@ -191,6 +211,10 @@ RsaSetKey (
break;
}
RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
if (RsaKey->dmp1 == NULL) {
return FALSE;
}
break;
//
@ -205,6 +229,10 @@ RsaSetKey (
break;
}
RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
if (RsaKey->dmq1 == NULL) {
return FALSE;
}
break;
//
@ -219,6 +247,10 @@ RsaSetKey (
break;
}
RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
if (RsaKey->iqmp == NULL) {
return FALSE;
}
break;
default:
@ -262,7 +294,7 @@ RsaPkcs1Verify (
//
// Check input parameters.
//
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) {
return FALSE;
}

62
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
View File

@ -231,22 +231,32 @@ RsaGenerateKey (
//
// Check input parameters.
//
if (RsaContext == NULL) {
if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
return FALSE;
}
KeyE = BN_new ();
if (PublicExponent == NULL) {
BN_set_word (KeyE, 0x10001);
} else {
BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);
if (KeyE == NULL) {
return FALSE;
}
RetVal = FALSE;
if (PublicExponent == NULL) {
if (BN_set_word (KeyE, 0x10001) == 0) {
goto _Exit;
}
} else {
if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
goto _Exit;
}
}
if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
RetVal = TRUE;
}
_Exit:
BN_free (KeyE);
return RetVal;
}
@ -299,18 +309,24 @@ RsaCheckKey (
/**
Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.
@param Message Message buffer to be encoded.
@param MessageSize Size of message buffer in bytes.
@param DigestInfo Pointer to buffer of digest info for output.
@param[in] Message Message buffer to be encoded.
@param[in] MessageSize Size of message buffer in bytes.
@param[out] DigestInfo Pointer to buffer of digest info for output.
@param[in,out] DigestInfoSize On input, the size of DigestInfo buffer in bytes.
On output, the size of data returned in DigestInfo
buffer in bytes.
@return Size of DigestInfo in bytes.
@retval TRUE PKCS1-v1_5 encoding finished successfully.
@retval FALSE Any input parameter is invalid.
@retval FALSE DigestInfo buffer is not large enough.
**/
UINTN
BOOLEAN
DigestInfoEncoding (
IN CONST UINT8 *Message,
IN UINTN MessageSize,
OUT UINT8 *DigestInfo
IN CONST UINT8 *Message,
IN UINTN MessageSize,
OUT UINT8 *DigestInfo,
IN OUT UINTN *DigestInfoSize
)
{
CONST UINT8 *HashDer;
@ -319,7 +335,7 @@ DigestInfoEncoding (
//
// Check input parameters.
//
if (Message == NULL || DigestInfo == NULL) {
if (Message == NULL || DigestInfo == NULL || DigestInfoSize == NULL) {
return FALSE;
}
@ -347,10 +363,16 @@ DigestInfoEncoding (
return FALSE;
}
if (*DigestInfoSize < DerSize + MessageSize) {
*DigestInfoSize = DerSize + MessageSize;
return FALSE;
}
CopyMem (DigestInfo, HashDer, DerSize);
CopyMem (DigestInfo + DerSize, Message, MessageSize);
return (DerSize + MessageSize);
*DigestInfoSize = DerSize + MessageSize;
return TRUE;
}
/**
@ -412,21 +434,23 @@ RsaPkcs1Sign (
return FALSE;
}
Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
if (!DigestInfoEncoding (MessageHash, HashSize, Signature, SigSize)) {
return FALSE;
}
ReturnVal = RSA_private_encrypt (
(UINT32) Size,
(UINT32) *SigSize,
Signature,
Signature,
Rsa,
RSA_PKCS1_PADDING
);
if (ReturnVal < (INTN) Size) {
if (ReturnVal < (INTN) *SigSize) {
return FALSE;
}
*SigSize = (UINTN)ReturnVal;
*SigSize = (UINTN) ReturnVal;
return TRUE;
}

55
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
View File

@ -346,7 +346,6 @@ X509GetSubjectName (
return FALSE;
}
Status = FALSE;
X509Cert = NULL;
//
@ -354,13 +353,20 @@ X509GetSubjectName (
//
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
Status = FALSE;
//
// Retrieve subject name from certificate object.
//
X509Name = X509_get_subject_name (X509Cert);
if (X509Name == NULL) {
goto _Exit;
}
if (*SubjectSize < (UINTN) X509Name->bytes->length) {
*SubjectSize = (UINTN) X509Name->bytes->length;
goto _Exit;
@ -375,7 +381,9 @@ _Exit:
//
// Release Resources.
//
X509_free (X509Cert);
if (X509Cert != NULL) {
X509_free (X509Cert);
}
return Status;
}
@ -415,7 +423,6 @@ RsaGetPublicKeyFromX509 (
return FALSE;
}
Status = FALSE;
Pkey = NULL;
X509Cert = NULL;
@ -424,9 +431,12 @@ RsaGetPublicKeyFromX509 (
//
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
Status = FALSE;
//
// Retrieve and check EVP_PKEY data from X509 Certificate.
//
@ -446,8 +456,13 @@ _Exit:
//
// Release Resources.
//
X509_free (X509Cert);
EVP_PKEY_free (Pkey);
if (X509Cert != NULL) {
X509_free (X509Cert);
}
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}
return Status;
}
@ -498,15 +513,22 @@ X509VerifyCert (
//
// Register & Initialize necessary digest algorithms for certificate verification.
//
EVP_add_digest (EVP_md5());
EVP_add_digest (EVP_sha1());
EVP_add_digest (EVP_sha256());
if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
//
// Read DER-encoded certificate to be verified and Construct X509 object.
//
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
@ -515,9 +537,12 @@ X509VerifyCert (
//
Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);
if ((X509CACert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
Status = FALSE;
//
// Set up X509 Store for trusted certificate.
//
@ -546,9 +571,17 @@ _Exit:
//
// Release Resources.
//
X509_free (X509Cert);
X509_free (X509CACert);
X509_STORE_free (CertStore);
if (X509Cert != NULL) {
X509_free (X509Cert);
}
if (X509CACert != NULL) {
X509_free (X509CACert);
}
if (CertStore != NULL) {
X509_STORE_free (CertStore);
}
return Status;
}

6
CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
View File

@ -43,6 +43,10 @@ RandomSeed (
IN UINTN SeedSize
)
{
if (SeedSize > INT_MAX) {
return FALSE;
}
//
// Seed the pseudorandom number generator with user-supplied value.
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
@ -78,7 +82,7 @@ RandomBytes (
//
// Check input parameters.
//
if (Output == NULL) {
if (Output == NULL || Size > INT_MAX) {
return FALSE;
}

6
CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c
View File

@ -41,6 +41,10 @@ RandomSeed (
{
CHAR8 DefaultSeed[128];
if (SeedSize > INT_MAX) {
return FALSE;
}
//
// Seed the pseudorandom number generator with user-supplied value.
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
@ -86,7 +90,7 @@ RandomBytes (
//
// Check input parameters.
//
if (Output == NULL) {
if (Output == NULL || Size > INT_MAX) {
return FALSE;
}

6
CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
View File

@ -41,6 +41,10 @@ RandomSeed (
{
CHAR8 DefaultSeed[128];
if (SeedSize > INT_MAX) {
return FALSE;
}
//
// Seed the pseudorandom number generator with user-supplied value.
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
@ -86,7 +90,7 @@ RandomBytes (
//
// Check input parameters.
//
if (Output == NULL) {
if (Output == NULL || Size > INT_MAX) {
return FALSE;
}

2
CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
View File

@ -62,6 +62,8 @@
[LibraryClasses]
BaseLib
DebugLib
UefiBootServicesTableLib
UefiRuntimeLib
[Guids]
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event

2
CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h
View File

@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define __INTERNAL_CRYPT_LIB_H__
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>