[PATCH] Adding diversity for security
Stephen Crane
sjcrane at uci.edu
Wed Oct 2 13:48:58 PDT 2013
I would love to use a different off-the-shelf RNG (crypto++ is certainly
an option). It's simply a matter of choosing what to link against. I
simply went for the most convenient and widespread crypto lib I could
think of. However, since threading is being problematic (since LLVM
doesn't "do" threading currently, we don't to my knowledge have a
locking function to set up), maybe we should use a different, perhaps
less common, lib which is thread-safe.
I'll see if I can whip up a crypto++ RNG interface which might make this
easier. We will still need the fallback RNG to compile without the
library available.
- stephen
On 10/02/13 13:12, Tom Roeder wrote:
> I agree that the OpenSSL API is a little messy for setting up locks,
> but once you've worked your way through the details once, it's pretty
> easy to manage. From what I know about OpenSSL, I don't think it
> guarantees any thread safety at all for libcrypto unless you jump
> through the hoops of setting up the right locking structures. See the
> first line of the description section in
> http://www.openssl.org/docs/crypto/threads.html. Maybe there's another
> crypto library you can use that satisfies your constraints better and
> still saves you from having to write your own RNG? E.g., Crypto++?
>
> >From a purely software-engineering perspective, it seems to me that a
> compiler framework is the wrong place to have a cryptographically
> secure implementation of a pseudo-random generator. But that's a
> policy decision, and I'm new to the LLVM community, so others are more
> qualified than me to answer this question.
>
> If you're going to stick with the AES-based implementation, I would
> echo Alex's comment: I would like to see more justification in the
> comments. Putting on my applied crypto hat, I would like to see
> comments that contain an abstract specification of the protocol, along
> with a justification for its security. For example, this could be
> satisfied with a reference to a paper that proves this protocol to be
> a secure implementation of a PRG.
More information about the llvm-commits
mailing list