DxeRngLib: GetRandomNumber spurious success

The GetRandomNumber functions in DxeRngLib can return success without
actually generating a random number. This occurs because there are code
paths through `GenerateRandomNumberViaNist800Algorithm` that do not
initialize the `Status` variable.

- Assume mFirstAlgo == MAX_UINTN (no secure algorithms available)
- Assume none of the secure algorithms have `Available` set.
- Assume PcdEnforceSecureRngAlgorithms is TRUE.

In this condition, the `Status` variable is never initialized, `Buffer`
data is never touched. It is fairly likely that Status is 0, so we can
return EFI_SUCCESS without writing anything to Buffer.

Fix is to set `Status = error_code` in this code path.
`EFI_SECURITY_VIOLATION` seems appropriate.

Signed-off-by: Doug Cook <idigdoug@gmail.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
index 4c1b5721ea..fcd489aabd 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
@@ -204,7 +204,10 @@ GenerateRandomNumberViaNist800Algorithm (
     }

   }

 

-  if (!PcdGetBool (PcdEnforceSecureRngAlgorithms)) {

+  if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {

+    // Platform does not permit the use of the default (insecure) algorithm.

+    Status = EFI_SECURITY_VIOLATION;

+  } else {

     // If all the other methods have failed, use the default method from the RngProtocol

     Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer);

     DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));