Comment 22377

Date: 2024-01-17 01:57:18 +0000
From: tabassum.yasmin

• Industry Specification: ---
• Release Observed: edk2-stable202305
• Releases to Fix: edk2-stable202305
• Target OS: ---
• Bugzilla Assignee(s): tabassum.yasmin

The SavePasswordToVariable function takes in the password, generates a salt, generates a SHA256 hash of the
password and saves the password hash to a variable. The KeyLipGenerateSalt function calls RandomSeed with
NULL as the first argument. The RandomSeed function comes from CryptRandTsc.c. When NULL is used as the
first argument, the default seed "UEFI Crypto Library default seed" is used this is concatenated with the TSC

Code snippet below

BOOLEAN
EFIAPI
RandomSeed (
IN CONST UINT8 *Seed OPTIONAL,
IN UINTN SeedSize
)
{
CHAR8 DefaultSeed[128];
…
//
// Seed the pseudorandom number generator with user-supplied value.
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
//
if (Seed != NULL) {
RAND_seed (Seed, (UINT32)SeedSize);
} else {
//
// Retrieve current time.
//
AsciiSPrint (
DefaultSeed,
sizeof (DefaultSeed),
"UEFI Crypto Library default seed (%ld)",
AsmReadTsc ()
);
RAND_seed (DefaultSeed, sizeof (DefaultSeed));
}
if (RAND_status () == 1) {

Comment 22460

Date: 2024-01-30 21:46:39 +0000
From: @lgao4

tabassum.yasmin@intel.com: please work on it.