Displaying 3 results from an estimated 3 matches for "enable_rng".
2013 Sep 20
2
[LLVMdev] Adding diversity for security (and testing)
...stand that these patches may not be ready for that, and rather expect a higher-level review, but I'll do what I do anyways.
Works for me! You're completely right that I was initially expecting some higher-level feedback, but this is great.
> You have separate LLVM_WITH_OPENSSL and LLVM_ENABLE_RNG settings. Why? Either LLVM_ENABLE_RNG should always be on and then people can choose to link in openssl or not. Or maybe you're worried that this is insecure and you should remove LLVM_ENABLE_RNG and make it driven solely on LLVM_ENABLE_RNG? If you think we can put a good enough RNG into LLVM,...
2013 Sep 20
0
[LLVMdev] Adding diversity for security (and testing)
...some! I'll jump right in to reviewing. Note that my reviews often
focus on low-level stuff (formatting, typos). I understand that these
patches may not be ready for that, and rather expect a higher-level
review, but I'll do what I do anyways.
You have separate LLVM_WITH_OPENSSL and LLVM_ENABLE_RNG settings. Why?
Either LLVM_ENABLE_RNG should always be on and then people can choose to
link in openssl or not. Or maybe you're worried that this is insecure
and you should remove LLVM_ENABLE_RNG and make it driven solely on
LLVM_ENABLE_RNG? If you think we can put a good enough RNG into LL...
2013 Sep 19
2
[LLVMdev] Adding diversity for security (and testing)
Thanks for all the feedback! It seems there is some interest, so I thought I'd try to summarize discussions so far, and provide patches for closer inspection. I'm not sure if patches should end up here or on a different list in this instance, so if I should instead send this to a different list, I'm happy to do so.
- Is diversity needed, or are existing protections sufficient? As