[openssl-dev] curve25519
Salz, Rich
rsalz at akamai.com
Sun Jun 21 17:10:48 UTC 2015
> BTW, is there any tool for checking C code whether it is constant-time?
I'm not aware of any. The body of information about it, for C, is slowly starting to emerge. There was some talk about an IETF draft on techniques, but I don't recall seeing it yet.
The big thing is "avoid data-dependant jumps." For example, memcmp() always runs the full length, almost any "if" statement needs careful scrutiny, and so on. In openssl master, look at include/internal/constat_time_locl.h and test/constant_time_test.c
(PS: What does SY stand for; "see you"? :)
More information about the openssl-dev
mailing list