|
|
|
|
|
|
by mcspiff
808 days ago
|
|
|
I’m not sure you can really categorize rust as a high level language, unless you’re stating crypto primitives should only be written in assembly. EDIT: Given this attack was also applied to OpenSSL, amongst many others this high level language comment seems doubly odd/dubious EDIT2: another rust TLS implementation was among only 3 that was initially verified to be not vulnerable as well.. |
|
|
Yes, that's exactly what I'm stating.
Have a look at openssl, boringssl, nspr, etc. They all implement the core modular arithmetic for RSA and the s-box table for AES using assembly language. There is no reliable way to prevent a C compiler from "optimizing" your constant-time code into non-constant-time code.
another rust TLS implementation
rustls uses assembler (from boringssl) for these routines. It is not 100% rust, and that's a good thing.