REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4648
The SavePasswordToVariable function takes in the password, generates a salt, generates a SHA256 hash of the password and saves the password hash to a variable. The KeyLipGenerateSalt function calls RandomSeed with NULL as the first argument. The RandomSeed function comes from CryptRandTsc.c. When NULL is used as the first argument, the default seed "UEFI Crypto Library default seed" is used this is concatenated with the TSC Added a logic to shuffle the default seed string characters Signed-off-by: V V Pranav <pranav....@intel.com> --- .../Library/BaseCryptLib/Rand/CryptRandTsc.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c index 30454bf10f..8b699ba20d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c @@ -35,6 +35,17 @@ RandomSeed ( ) { CHAR8 DefaultSeed[128]; + UINT8 temp = 0; + CHAR8 DefaultSeedString[64] = "UEFI Crypto Library default seed"; + UINT8 CharCounter = 0; + UINTN Random = 0; + + for (CharCounter = 0; CharCounter < (strlen(DefaultSeedString)-1); CharCounter++) { + Random = AsmReadTsc () % 10; + temp = DefaultSeedString[Random]; + DefaultSeedString[Random] = DefaultSeedString[CharCounter]; + DefaultSeedString[CharCounter] = temp; + } if (SeedSize > INT_MAX) { return FALSE; @@ -61,8 +72,8 @@ RandomSeed ( AsciiSPrint ( DefaultSeed, sizeof (DefaultSeed), - "UEFI Crypto Library default seed (%ld)", - AsmReadTsc () + "%s (%ld)", + DefaultSeedString, AsmReadTsc () ); RAND_seed (DefaultSeed, sizeof (DefaultSeed)); -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117024): https://edk2.groups.io/g/devel/message/117024 Mute This Topic: https://groups.io/mt/105079849/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-