Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clarify the safety of core::hint::black_box #243

Open
ilka-schulz opened this issue Feb 28, 2024 · 0 comments
Open

clarify the safety of core::hint::black_box #243

ilka-schulz opened this issue Feb 28, 2024 · 0 comments
Labels
client-security Security of the Rust Rosenpass implementation maintenance Part of maintenance activities

Comments

@ilka-schulz
Copy link
Contributor

The project uses Rust's core::hint::black_box in constant-time/src/lib.rs (and also in rosenpass/benches/handshake.rs).

The function's documentation (v.s.) says:

As such, it must not be relied upon to control critical program behavior. This immediately precludes any direct use of this function for cryptographic or security purposes.

For a non-cryptographer like me who just skims the source code, this is of course alarming. A comment in the code explaining why this usage of black_box is safe nevertheless (assuming it is) would help the reader a lot.
@prabhpreet prabhpreet added client-security Security of the Rust Rosenpass implementation maintenance Part of maintenance activities labels May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
client-security Security of the Rust Rosenpass implementation maintenance Part of maintenance activities
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabhpreet @ilka-schulz