[PATCH] Adding diversity for security

Alp Toker alp at nuanti.com
Wed Jan 22 15:39:05 PST 2014


On 22/01/2014 23:17, Stephen Crane wrote:
> Here's the patch for LLVM: http://llvm-reviews.chandlerc.com/D1802 We 
> ended up basing the RNG on the already integrated implementation of 
> MD5, to avoid any external dependencies. We are really just waiting on 
> review of the LLVM patch now that Julian has modified a few things to 
> take care of a performance concern.

That sounds good.

David Majnemer has already done preliminary review of the clang patch 
and it looks sane to me.

It will additionally need user documentation explaining the purpose of 
the feature and noting that stability is not guaranteed between 
different revisions of the compiler, even with the same seed.

It's my opinion that un-seeded / non-deterministic compilation shouldn't 
be supported at all. If that isn't the case already would it be 
reasonable change for you to accommodate?

Apart from that, just blocked on the LLVM changes.

Alp.



>
> - stephen
>
>
> On Wed, Jan 22, 2014 at 3:00 PM, Alp Toker <alp at nuanti.com 
> <mailto:alp at nuanti.com>> wrote:
>
>     The clang side looks fine, but there's very little context as to
>     what's going on here so not possible to review it just like that.
>
>     The patch rebases to clang ToT fine but doesn't build due to
>     missing RNG facilities in LLVM -- could you give a refresher of
>     the status of that with a link? It's been long enough that not
>     everyone remembers the discussion.
>
>     The last I remember of the discussion was that linking to OpenSSL
>     can be painful, and it doesn't feel right as a dependency. What
>     are the other options for pseudo RNG and could we have a simpler
>     scheme?
>
>     That'll help get things moving.
>
>     Alp.
>
>
>
>     On 22/01/2014 21:48, Julian Lettner wrote:
>
>            Is there anything stopping this from going forward?
>
>         http://llvm-reviews.chandlerc.com/D1803
>         _______________________________________________
>         cfe-commits mailing list
>         cfe-commits at cs.uiuc.edu <mailto:cfe-commits at cs.uiuc.edu>
>         http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
>
>     -- 
>     http://www.nuanti.com
>     the browser experts
>
>

-- 
http://www.nuanti.com
the browser experts




More information about the cfe-commits mailing list