[PATCH] Adding diversity for security
sjcrane at uci.edu
Wed Oct 2 10:19:46 PDT 2013
You make a very good point which I never actually considered. I confess
that I am not very familiar with the OpenSS APIL and was simply looking
for a drop-in replacement for our existing simple AES implementation,
which had a conflicting open-source license. Looking at the the OpenSSL
RNG now, I see no problems with it as long as it is stable between versions.
On 10/02/13 10:02, Tom Roeder wrote:
> OpenSSL provides a facility for getting cryptographically strong
> pseudorandom numbers: see <openssl/rand.h>. You can call
> RAND_bytes(unsigned char *buf, int num) to get a given number of
> random bytes. It also supports seeding and state files; see
> http://www.openssl.org/docs/crypto/rand.html for the full API. From a
> cursory look at the patch, it seems like the RandomNumberGenerator
> calls could be passed through mostly directly to OpenSSL if libcrypto
> is available.
> Maybe I'm missing something: do you have requirements that aren't met
> by the existing OpenSSL rand functionality?
> On Wed, Oct 2, 2013 at 6:34 AM, Alex Rosenberg <alexr at leftfield.org> wrote:
>> I'm not a crypto geek but... I think the choices of seeds need to be explained in the comments.
>> For example, the result of malloced memory is likely to be just zeros on some platforms and the addresses of command line argument pointers is likely to be constant between runs.
>>> On Oct 1, 2013, at 3:13 PM, Stephen Crane <sjcrane at uci.edu> wrote:
>>> Adds the capability to randomly insert NOPs, permuting the code layout, as well as the option to randomize scheduling decisions. Includes an OpenSSL-linked RNG to provide secure random number generation.
>>> llvm-commits mailing list
>>> llvm-commits at cs.uiuc.edu
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
More information about the llvm-commits