Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DxeRngLib: GetRandomNumber spurious success
Browse files Browse the repository at this point in the history
The GetRandomNumber functions in DxeRngLib can return success without
actually generating a random number. This occurs because there are code
paths through `GenerateRandomNumberViaNist800Algorithm` that do not
initialize the `Status` variable.

- Assume mFirstAlgo == MAX_UINTN (no secure algorithms available)
- Assume none of the secure algorithms have `Available` set.
- Assume PcdEnforceSecureRngAlgorithms is TRUE.

In this condition, the `Status` variable is never initialized, `Buffer`
data is never touched. It is fairly likely that Status is 0, so we can
return EFI_SUCCESS without writing anything to Buffer.

Fix is to set `Status = error_code` in this code path.
`EFI_SECURITY_VIOLATION` seems appropriate.

Signed-off-by: Doug Cook <[email protected]>
idigdoug committed Dec 1, 2024
1 parent 5158b59 commit bceb981
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion MdePkg/Library/DxeRngLib/DxeRngLib.c
Original file line number Diff line number Diff line change
@@ -204,7 +204,10 @@ GenerateRandomNumberViaNist800Algorithm (
}
}

if (!PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
// Platform does not permit the use of the default (insecure) algorithm.
Status = EFI_SECURITY_VIOLATION;
} else {
// If all the other methods have failed, use the default method from the RngProtocol
Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer);
DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));

0 comments on commit bceb981

Please sign in to comment.