[edk2-devel] [PATCH] SecurityPkg/RngDxe: Add ASSERT for array Ek

Thu, 05 Dec 2019 17:50:02 -0800 

Add ASSERT for Ek to ensure things out of EK would not
be visited.

Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zh...@intel.com>
---
 SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c | 2 ++
 SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c 
b/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
index 66edaf10c468..6c99ec83e822 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
@@ -160,6 +160,7 @@ AesExpandKey (
   // Initialize the encryption key scheduler
   //
   for (Index2 = Nk, Index3 = 0; Index2 < Nw; Index2 += Nk, Index3++) {
+    ASSERT(Index2 < sizeof(Ek)/sizeof(Ek[0]));
     Temp       = Ek[Index2 - 1];
     Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2((Temp >> 16) & 0xFF) & 0xFF000000) 
^
                                    (AES_FT3((Temp >>  8) & 0xFF) & 0x00FF0000) 
^
@@ -181,6 +182,7 @@ AesExpandKey (
         Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 
1];
       }
       if (Index2 + 4 < Nw) {
+        ASSERT((Index2 +4) < sizeof(Ek)/sizeof(Ek[0]));
         Temp           = Ek[Index2 + 3];
         Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2((Temp >> 24) & 0xFF) & 
0xFF000000) ^
                                                (AES_FT3((Temp >> 16) & 0xFF) & 
0x00FF0000) ^
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h 
b/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
index e07f90050ac3..40d6b13d2b81 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
@@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #ifndef __AES_CORE_H__
 #define __AES_CORE_H__
 
+#include <Library/DebugLib.h>
+
 /**
   Encrypts one single block data (128 bits) with AES algorithm.
 
-- 
2.18.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#51806): https://edk2.groups.io/g/devel/message/51806
Mute This Topic: https://groups.io/mt/67403436/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to