From 4b9919e25da8423e379b4da9e25e3bc7acba4fb8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <beckphan@amazon.co.uk>
Date: Thu, 21 Nov 2024 04:37:28 +0000
Subject: [PATCH] Build: Never use -flto for verify.c

verify.c contains various functions which must not be inlined
because compilers are tempted to compile them into code that's
not constant time and thereby leaks something about the secret
data being processed.

If `-flto` is used as a compile-time flag, verify.c is likely
to be inlined.

This commit modifies the Makefile to force `-fno-lto` for verify.c,
overwriting `-flto` if present.

This in particular affects our CI benchmarks, which do compile with
`-flto`.

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>
---
 mk/schemes.mk | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mk/schemes.mk b/mk/schemes.mk
index 6a4e7fec8..b51036611 100644
--- a/mk/schemes.mk
+++ b/mk/schemes.mk
@@ -13,6 +13,12 @@ MLKEM512_DIR = $(BUILD_DIR)/mlkem512
 MLKEM768_DIR = $(BUILD_DIR)/mlkem768
 MLKEM1024_DIR = $(BUILD_DIR)/mlkem1024
 
+# Even when link-time optimization is used for the rest of the code,
+# make sure not to use it for verify.c: Those are functions which, when
+# inlined, can be subject to variable-time compilation.
+$(MLKEM768_DIR)/mlkem/verify.c.o:  CPPFLAGS += "-fno-lto"
+$(MLKEM1024_DIR)/mlkem/verify.c.o: CPPFLAGS += "-fno-lto"
+
 $(MLKEM512_DIR)/bin/%: CPPFLAGS += -DMLKEM_K=2
 $(ALL_TESTS:%=$(MLKEM512_DIR)/bin/%512):$(MLKEM512_DIR)/bin/%512: $(MLKEM512_DIR)/test/%.c.o $(call MAKE_OBJS,$(MLKEM512_DIR), $(SOURCES))