Change mbedtls_mpi_core_mla() to be constant time
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/library/bignum_core.c b/library/bignum_core.c
index 1a3e0b9..b43be30 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -489,7 +489,7 @@
while (excess_len--) {
*d += c;
- c = (*d < c);
+ c = mbedtls_ct_mpi_uint_if(mbedtls_ct_uint_lt(*d, c), 1, 0);
d++;
}
diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index db84d62..1b89268 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -770,16 +770,36 @@
memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint));
memcpy(x, X->p, X->n * sizeof(mbedtls_mpi_uint));
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ TEST_CF_SECRET(a, bytes);
+ TEST_CF_SECRET(B.p, B.n * sizeof(mbedtls_mpi_uint));
+ TEST_CF_SECRET(S.p, sizeof(mbedtls_mpi_uint));
+#endif
+
/* 1a) A += B * s => we should get the correct carry */
TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, B.p, B.n, *S.p), *cy->p);
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ TEST_CF_PUBLIC(a, bytes);
+ TEST_CF_PUBLIC(B.p, B.n * sizeof(mbedtls_mpi_uint));
+ TEST_CF_PUBLIC(S.p, sizeof(mbedtls_mpi_uint));
+#endif
+
/* 1b) A += B * s => we should get the correct result */
TEST_MEMORY_COMPARE(a, bytes, x, bytes);
if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) {
/* Check when A and B are aliased */
memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint));
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ TEST_CF_SECRET(a, bytes);
+ TEST_CF_SECRET(S.p, sizeof(mbedtls_mpi_uint));
+#endif
TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, a, limbs, *S.p), *cy->p);
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ TEST_CF_PUBLIC(a, bytes);
+ TEST_CF_PUBLIC(S.p, sizeof(mbedtls_mpi_uint));
+#endif
TEST_MEMORY_COMPARE(a, bytes, x, bytes);
}