verify.c contains various functions which must not be inlined because compilers are tempted to compile them into code that's not constant time and thereby leaks something about the secret data being processed.
If -flto is used as a compile-time flag, verify.c is likely to be inlined.
This commit modifies the Makefile to force -fno-lto for verify.c, overwriting -flto if present.
This in particular affects our CI benchmarks, which do compile with -flto.
verify.c contains various functions which must not be inlined because compilers are tempted to compile them into code that's not constant time and thereby leaks something about the secret data being processed.
If
-fltois used as a compile-time flag, verify.c is likely to be inlined.This commit modifies the Makefile to force
-fno-ltofor verify.c, overwriting-fltoif present.This in particular affects our CI benchmarks, which do compile with
-flto.