Hello, I'm trying to certify my web application against ASVS, which has following requirement:
Verify that all cryptographic operations are constant-time, with no 'short-circuit' operations in comparisons, calculations, or returns, to avoid leaking information.
I'm using RDS encryption to encrypt data at rest.
As far as I understand, FIPS certification for KMS service covers encryption of data encryption key, which is used to encrypt data with AES. But is that requirement fullfilled for the data encryption itself? I couldn't find any documentation confirming it. Does AWS RDS use constant-time cryptographic operations to encrypt data? Maybe one of certifications that AWS holds prooves usage of constant-time cryptographic operations?
