X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FBaseCryptLib%2FRand%2FCryptRand.c;h=fd3c6d4adbe61d81b3cc558561be5ad0bc3b5821;hb=2998af862469c6a05657e169d7def6f55420caad;hp=4b275951e83e70988a545b2062f6da282954ca66;hpb=16d2c32c4dff7fd8b0ee19e3ba908c0121f6636e;p=mirror_edk2.git

diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
index 4b275951e8..fd3c6d4adb 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
@@ -1,7 +1,7 @@
 /** @file
   Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #include "InternalCryptLib.h"
 #include <openssl/rand.h>
+#include <openssl/evp.h>
 
 //
 // Default seed for UEFI Crypto Library
@@ -43,6 +44,18 @@ RandomSeed (
   IN  UINTN         SeedSize
   )
 {
+  if (SeedSize > INT_MAX) {
+    return FALSE;
+  }
+
+  //
+  // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
+  // Make sure SHA-1 digest algorithm is available here.
+  //
+  if (EVP_add_digest (EVP_sha1 ()) == 0) {
+    return FALSE;
+  }
+
   //
   // Seed the pseudorandom number generator with user-supplied value.
   // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
@@ -53,7 +66,11 @@ RandomSeed (
     RAND_seed (DefaultSeed, sizeof (DefaultSeed));
   }
 
-  return TRUE;
+  if (RAND_status () == 1) {
+    return TRUE;
+  }
+
+  return FALSE;
 }
 
 /**
@@ -62,7 +79,7 @@ RandomSeed (
   If Output is NULL, then return FALSE.
 
   @param[out]  Output  Pointer to buffer to receive random value.
-  @param[in]   Size    Size of randome bytes to generate.
+  @param[in]   Size    Size of random bytes to generate.
 
   @retval TRUE   Pseudorandom byte stream generated successfully.
   @retval FALSE  Pseudorandom number generator fails to generate due to lack of entropy.
@@ -78,7 +95,7 @@ RandomBytes (
   //
   // Check input parameters.
   //
-  if (Output == NULL) {
+  if (Output == NULL || Size > INT_MAX) {
     return FALSE;
   }