Change mbedtls_mpi_core_mla() to be constant time

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

library/bignum_core.c

@@ -489,7 +489,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_mla(mbedtls_mpi_uint *d, size_t d_len,
 
     while (excess_len--) {
         *d += c;
-        c = (*d < c);
+        c = mbedtls_ct_mpi_uint_if(mbedtls_ct_uint_lt(*d, c), 1, 0);
         d++;
     }
 

tests/suites/test_suite_bignum_core.function

@@ -770,16 +770,36 @@ void mpi_core_mla(char *input_A, char *input_B, char *input_S,
     memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint));
     memcpy(x, X->p, X->n * sizeof(mbedtls_mpi_uint));
 
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+    TEST_CF_SECRET(a, bytes);
+    TEST_CF_SECRET(B.p, B.n * sizeof(mbedtls_mpi_uint));
+    TEST_CF_SECRET(S.p, sizeof(mbedtls_mpi_uint));
+#endif
+
     /* 1a) A += B * s => we should get the correct carry */
     TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, B.p, B.n, *S.p), *cy->p);
 
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+    TEST_CF_PUBLIC(a, bytes);
+    TEST_CF_PUBLIC(B.p, B.n * sizeof(mbedtls_mpi_uint));
+    TEST_CF_PUBLIC(S.p, sizeof(mbedtls_mpi_uint));
+#endif
+
     /* 1b) A += B * s => we should get the correct result */
     TEST_MEMORY_COMPARE(a, bytes, x, bytes);
 
     if (A.n == B.n && memcmp(A.p, B.p, bytes) == 0) {
         /* Check when A and B are aliased */
         memcpy(a, A.p, A.n * sizeof(mbedtls_mpi_uint));
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+        TEST_CF_SECRET(a, bytes);
+        TEST_CF_SECRET(S.p, sizeof(mbedtls_mpi_uint));
+#endif
         TEST_EQUAL(mbedtls_mpi_core_mla(a, limbs, a, limbs, *S.p), *cy->p);
+#if !defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+        TEST_CF_PUBLIC(a, bytes);
+        TEST_CF_PUBLIC(S.p, sizeof(mbedtls_mpi_uint));
+#endif
         TEST_MEMORY_COMPARE(a, bytes, x, bytes);
     }