LoupVaillant
commented
1 year ago Oh, my, I'm so sorry.
I applaud the attempt, but what you just did was reverting to the approach I attempted in the first version of Monocypher, and shied away from because the generated code was convoluted as hell, to the point where we had reason to suspect it introduced variable-time stuff even though the C code was naturally constant time. I did this for version 1.1.0, and the changelogs sadly failed to reflect that. I shall correct this oversight ASAP.
Another advantage of the fixed size buffer comparisons is that the generated code is extremely small and fast. The compiler compares whole words at a time, generally in unrolled loops. The typical 64-byte buffer comparison in a 64-bit machine would involve just 8 reads per buffer (16 total), which is both extremely fast and very compact.
Long story short, I believe the fixed sized buffer comparisons are here to stay. I agree it sucks, having a single function would be better. But I'm not touching that with a 10-foot pole until we can actually trust the generated code.
ghost
Allows
crypto_verifyto work with buffers of arbitrary size.