mpi/longlong: prevent optimization of carry instructions to branches
* mpi/longlong.h: Include "const-time.h" (add_ssaaaa, sub_ddmmss): Prevent optimization of carry handling to conditional branches in generic variant of double width addition and subtraction as was seen with GCC on riscv64. (umul_ppmm): Avoid conditional branch in generic 16x16=>32bit multiplication version of umul_ppmm. * src/const-time.h (CT_DEOPTIMIZE_VAR): New.
RISC-V has "sltu" instruction for generating carry value and
generic version of add_ssaaaa and sub_ddmmss typically used this
instruction. However, sometimes compiler gets too clever and
instead generates code with conditional branch, which is not good
for constant time code. Commit changes add_ssaaaaa and sub_ddmmss
to clobber high word of calculation in a way that prevents such
optimizations.
- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>