/** @file\r
Pseudorandom Number Generator Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
\r
#include "InternalCryptLib.h"\r
#include <openssl/rand.h>\r
+#include <openssl/evp.h>\r
\r
//\r
// Default seed for UEFI Crypto Library\r
IN UINTN SeedSize\r
)\r
{\r
+ if (SeedSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // The software PRNG implementation built in OpenSSL depends on message digest algorithm.\r
+ // Make sure SHA-1 digest algorithm is available here.\r
+ //\r
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
+ return FALSE;\r
+ }\r
+\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
RAND_seed (DefaultSeed, sizeof (DefaultSeed));\r
}\r
\r
- return TRUE;\r
+ if (RAND_status () == 1) {\r
+ return TRUE;\r
+ }\r
+\r
+ return FALSE;\r
}\r
\r
/**\r
Generates a pseudorandom byte stream of the specified size.\r
\r
- If Output is NULL, then ASSERT().\r
+ If Output is NULL, then return FALSE.\r
\r
@param[out] Output Pointer to buffer to receive random value.\r
- @param[in] Size Size of randome bytes to generate.\r
+ @param[in] Size Size of random bytes to generate.\r
\r
@retval TRUE Pseudorandom byte stream generated successfully.\r
@retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.\r
IN UINTN Size\r
)\r
{\r
- ASSERT (Output != NULL);\r
+ //\r
+ // Check input parameters.\r
+ //\r
+ if (Output == NULL || Size > INT_MAX) {\r
+ return FALSE;\r
+ }\r
\r
//\r
// Generate random data.\r