[PATCH] Adding diversity for security

Stephen Crane sjcrane at uci.edu
Tue Oct 15 13:35:28 PDT 2013 

    - Added a comment to note block size assumptions.

http://llvm-reviews.chandlerc.com/D1802

CHANGE SINCE LAST DIFF
  http://llvm-reviews.chandlerc.com/D1802?vs=4848&id=4928#toc

Files:
  lib/LTO/LTOCodeGenerator.cpp
  lib/Support/RandomNumberGenerator.cpp
  lib/Target/X86/NOPInsertion.cpp
  tools/llvm-lto/llvm-lto.cpp

Index: lib/LTO/LTOCodeGenerator.cpp
===================================================================
--- lib/LTO/LTOCodeGenerator.cpp
+++ lib/LTO/LTOCodeGenerator.cpp
@@ -134,6 +134,7 @@
   Options.PositionIndependentExecutable = options.PositionIndependentExecutable;
   Options.EnableSegmentedStacks = options.EnableSegmentedStacks;
   Options.UseInitArray = options.UseInitArray;
+  Options.NOPInsertion = options.NOPInsertion;
 }
 
 void LTOCodeGenerator::setDebugInfo(lto_debug_model debug) {
Index: lib/Support/RandomNumberGenerator.cpp
===================================================================
--- lib/Support/RandomNumberGenerator.cpp
+++ lib/Support/RandomNumberGenerator.cpp
@@ -72,6 +72,10 @@
 #define AES_BLOCK_SIZE 16
 #define PBKDF_ITERATIONS 1000
 #define SEEDLEN 32
+// If SEEDLEN is not evenly divisible by AES_BLOCK_SIZE, adjustments
+// will need to be made to CTR_DRBG_Update() to generate the correct
+// amount of temporary data. This is not an issue for OpenSSL AES
+// since the key length is the same as the block size.
 
 /// This RNG is an implementation of the standard NIST SP 800-90A
 /// CTR_DRBG random number generator, with AES128 as the block
@@ -132,7 +136,7 @@
 
     memset(Key, 0, AES_KEY_LENGTH);
     memset(V, 0, AES_BLOCK_SIZE);
-    AES_set_encrypt_key((unsigned char *)&Key, AES_KEY_LENGTH * 8, &AESKey);
+    AES_set_encrypt_key(Key, AES_KEY_LENGTH * 8, &AESKey);
     CTR_DRBG_Update(SeedMaterial);
   }
 
Index: lib/Target/X86/NOPInsertion.cpp
===================================================================
--- lib/Target/X86/NOPInsertion.cpp
+++ lib/Target/X86/NOPInsertion.cpp
@@ -100,7 +100,7 @@
         int NOPCode = RandomNumberGenerator::Generator()->Random(MAX_NOPS);
 
         MachineInstr *NewMI = NULL;
-        unsigned reg = nopRegs[NOPCode][!!is64Bit];
+        unsigned reg = nopRegs[NOPCode][is64Bit];
         switch (NOPCode) {
         case NOP:
           NewMI = BuildMI(*BB, I, I->getDebugLoc(), TII->get(X86::NOOP));
Index: tools/llvm-lto/llvm-lto.cpp
===================================================================
--- tools/llvm-lto/llvm-lto.cpp
+++ tools/llvm-lto/llvm-lto.cpp
@@ -80,6 +80,7 @@
   Options.PositionIndependentExecutable = EnablePIE;
   Options.EnableSegmentedStacks = SegmentedStacks;
   Options.UseInitArray = UseInitArray;
+  Options.NOPInsertion = NOPInsertion;
 
   unsigned BaseArg = 0;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D1802.5.patch
Type: text/x-patch
Size: 2407 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20131015/34425f72/attachment.bin>

More information about the llvm-commits mailing list