tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DxeRngLib: GetRandomNumber spurious success 

The GetRandomNumber functions in DxeRngLib can return success without
actually generating a random number. This occurs because there are code
paths through `GenerateRandomNumberViaNist800Algorithm` that do not
initialize the `Status` variable.

- Assume mFirstAlgo == MAX_UINTN (no secure algorithms available)
- Assume none of the secure algorithms have `Available` set.
- Assume PcdEnforceSecureRngAlgorithms is TRUE.

In this condition, the `Status` variable is never initialized, `Buffer`
data is never touched. It is fairly likely that Status is 0, so we can
return EFI_SUCCESS without writing anything to Buffer.

Fix is to set `Status = error_code` in this code path.
`EFI_SECURITY_VIOLATION` seems appropriate.

Signed-off-by: Doug Cook <idigdoug@gmail.com>
This commit is contained in:
Doug Cook (WINDOWS) 2024-11-30 17:13:43 -08:00 committed by mergify[bot]
parent bbcdc0b7d9
commit fd9501f582
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
MdePkg/Library/DxeRngLib/DxeRngLib.c
View File

@ -204,7 +204,10 @@ GenerateRandomNumberViaNist800Algorithm (
} }
} }
if (!PcdGetBool (PcdEnforceSecureRngAlgorithms)) { if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
// Platform does not permit the use of the default (insecure) algorithm.
Status = EFI_SECURITY_VIOLATION;
} else {
// If all the other methods have failed, use the default method from the RngProtocol // If all the other methods have failed, use the default method from the RngProtocol
Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer); Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer);
DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status)); DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));