Some functions should be constant time for cryptography to hold.

This is the minimal amount of work we would need to have some some secure cryptrography:

• Add some way to disable all optimizations in one function, as to avoid the compiler doing something that can make a constant time function non constant time
• Add a way to check the assembly code generated for a function, since this is the only way to really check the algorithm is constant time
• Add a way to clear the memory. Registers and memory used for "sensitive" data, needs to be cleared. It's not enough for the value to be dropped, the data shouldn't exist in memory anymore
• Calling assembly / C maybe needed, in case the compiler can't be trusted, or to leverage existing implementations

This would be nice to have in a later version:

• Enable only the subset of "safe" optimizations. (For example, nothing that adds a branch, or tries to early return a loop, can be used)
• Forbid all non constant time operations, or at least warn about their usage, for a given functions (For example, divisions and branches)

I think it would require a new backend so LLVM doesn't break stuff behind our back. Or at least an extra late stage checking the asm?

Checking the ASM of a function is really needed. It's the only way to verify everything is alright, even if everything is supposed to be working as intended.

I meant an automated one. Even if you need to manually check the output (and all compilers should be able to dump the asm anyway), early failures save you time.

Let's port https://github.com/dalek-cryptography/subtle/blob/main/src/lib.rs and put it in the stdlib