KeyLibGenerateSalt missing error handling (Bugzilla Bug 4707)

[tianocore-issues]

This issue was created automatically with bugzilla2github

Bugzilla Bug 4707

Date: 2024-02-23T13:13:55+00:00
From: @jkmathews
To: @nate-desimone
CC: @lgao4

Last updated: 2024-03-05T21:52:09+00:00

[tianocore-issues]

Comment 22643

Date: 2024-02-23 13:13:55 +0000
From: @jkmathews

• Industry Specification: ---
• Release Observed: edk2-stable202302
• Releases to Fix: EDK II Master
• Target OS: ---
• Bugzilla Assignee(s): @nate-desimone

We do not check for errors when generating a salt value.

Issue #1:
In the function SavePasswordToVariable(), we do not check the return value of KeyLibGenerateSalt().

https://github.com/tianocore/edk2-platforms/blob/7f42d4034c8f4266da691df69dce18234f752cb4/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c#L229C5-L229C24

Issue #2:
In the function KeyLibGenerateSalt(), we do not check the return values for RandomSeed() and RandomByes().

edk2-platforms/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/KeyService.c

Line 73 in 7f42d40

KeyLibGenerateSalt (

[tianocore-issues]

Comment 22702

Date: 2024-03-05 21:52:09 +0000
From: @lgao4

[email protected]: please check it.