PolarSSL has been validated with FRAMA-C by a company. Unfortunately you have to... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wbl on April 13, 2014 \| parent \| context \| favorite \| on: Of Money, Responsibility, and Pride PolarSSL has been validated with FRAMA-C by a company. Unfortunately you have to pay to see the results, and they use blinding for bignum arithmetic, not constant-time. (But they do have a decent curve implementation). http://trust-in-soft.com/news/ To remove side channels and preserve validation, you need to be slightly clever. You validate that a C implementation of one of the functions does the same thing as a function in the validated package, then swap them in the build output. This can be done for miTLS. Your validation of the C part is much more limited in scope than the whole thing.

wfn on April 13, 2014 [–]

> To remove side channels and preserve validation, you need to be slightly clever. You validate that a C implementation of one of the functions does the same thing as a function in the validated package, then swap them in the build output. This can be done for miTLS.

Aha, this is interesting! Thanks for the link.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact