/** @file\r
Pseudorandom Number Generator Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
#include <openssl/rand.h>\r
+#include <openssl/evp.h>\r
\r
//\r
// Default seed for UEFI Crypto Library\r
IN UINTN SeedSize\r
)\r
{\r
+ if (SeedSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // The software PRNG implementation built in OpenSSL depends on message digest algorithm.\r
+ // Make sure SHA-1 digest algorithm is available here.\r
+ //\r
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
+ return FALSE;\r
+ }\r
+\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
//\r
if (Seed != NULL) {\r
- RAND_seed (Seed, (UINT32) SeedSize);\r
+ RAND_seed (Seed, (UINT32)SeedSize);\r
} else {\r
RAND_seed (DefaultSeed, sizeof (DefaultSeed));\r
}\r
\r
- return TRUE;\r
+ if (RAND_status () == 1) {\r
+ return TRUE;\r
+ }\r
+\r
+ return FALSE;\r
}\r
\r
/**\r
Generates a pseudorandom byte stream of the specified size.\r
\r
- If Output is NULL, then ASSERT().\r
+ If Output is NULL, then return FALSE.\r
\r
@param[out] Output Pointer to buffer to receive random value.\r
- @param[in] Size Size of randome bytes to generate.\r
+ @param[in] Size Size of random bytes to generate.\r
\r
@retval TRUE Pseudorandom byte stream generated successfully.\r
@retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.\r
IN UINTN Size\r
)\r
{\r
- ASSERT (Output != NULL);\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if ((Output == NULL) || (Size > INT_MAX)) {\r
+ return FALSE;\r
+ }\r
\r
//\r
// Generate random data.\r
//\r
- if (RAND_bytes (Output, (UINT32) Size) != 1) {\r
+ if (RAND_bytes (Output, (UINT32)Size) != 1) {\r
return FALSE;\r
}\r
\r