On 4/20/21, Miles Rout <mi...@rout.nz> wrote: > We'd all be better off if we focused our efforts on tools to make C > programming better. I was thinking today about how useful it would be > to have a way to indicate that a particular variable shouldn't be able > to impact the running time of a function for cryptography purposes. > (Generally, the control flow, resource use or running time of > cryptography-related functions shouldn't depend on secret values, as > those all have the potential to become side channels). If a compiler or > compiler plugin recognised such a directive, it could ensure it didn't > destroy that property. A static analysis tool could check the resulting > object code and warn you. Other tools could verify it with randomised > automated testing, etc.
It would also be useful to be able to indicate that a variable's value, and values computed from it, must not be left in memory or registers to be picked up later by misbehaving code or debuggers. > Generally speaking, these things would be better off as unobtrusive > extensions to C, able to be ignored by a compiler or other tool without > affecting the meaning of the code to retain compatibility. Rust has > many good ideas but it's just not trendy to implement those ideas in C > sadly. LLVM and Rust are well-funded. Funding is what attracts the 'trendy' community, for good and ill.
