From dcab408a5fbbe08a706904462b680c8daf299409 Mon Sep 17 00:00:00 2001
From: Sohaib ul Hassan <sohaibulhassan@tuni.fi>
Date: Thu, 9 Jul 2020 18:51:51 +0000
Subject: [NSS] Implement constant-time GCD and modular inversion

The implementation is based on the work by Bernstein and Yang
(https://eprint.iacr.org/2019/266)
"Fast constant-time gcd computation and modular inversion".

It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes
mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to
reduce side-channel leaks.

Co-authored by : Billy Bob Brumley
---
 security/nss/lib/freebl/mpi/mpi.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'security/nss/lib/freebl/mpi/mpi.h')

diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h
index af608b43d..b1a07a61d 100644
--- a/security/nss/lib/freebl/mpi/mpi.h
+++ b/security/nss/lib/freebl/mpi/mpi.h
@@ -267,6 +267,7 @@ mp_size mp_trailing_zeros(const mp_int *mp);
 void freebl_cpuid(unsigned long op, unsigned long *eax,
                   unsigned long *ebx, unsigned long *ecx,
                   unsigned long *edx);
+mp_err mp_cswap(mp_digit condition, mp_int *a, mp_int *b, mp_size numdigits);
 
 #define MP_CHECKOK(x)          \
     if (MP_OKAY > (res = (x))) \
-- 
cgit v1.2.3