Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea

This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from:

[ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic.

Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi>
Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi>

Differential Revision: https://phabricator.services.mozilla.com/D79267

--HG--
extra : moz-landing-system : lando

lib/freebl/ecl/ecl-priv.h

@@ -245,6 +245,7 @@ mp_err ec_group_set_gf2m233(ECGroup *group, ECCurveName name);
 
 /* Optimized point multiplication */
 mp_err ec_group_set_gfp256_32(ECGroup *group, ECCurveName name);
+mp_err ec_group_set_secp384r1(ECGroup *group, ECCurveName name);
 
 SECStatus ec_Curve25519_mul(PRUint8 *q, const PRUint8 *s, const PRUint8 *p);
 #endif /* __ecl_priv_h_ */

lib/freebl/ecl/ecl.c

@@ -164,6 +164,16 @@ construct_ecgroup(const ECCurveName name, mp_int irr, mp_int curvea,
                 MP_CHECKOK(ec_group_set_gfp256(group, name));
                 MP_CHECKOK(ec_group_set_gfp256_32(group, name));
                 break;
+            case ECCurve_SECG_PRIME_384R1:
+                group =
+                    ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+                                    &order, cofactor);
+                if (group == NULL) {
+                    res = MP_UNDEF;
+                    goto CLEANUP;
+                }
+                MP_CHECKOK(ec_group_set_secp384r1(group, name));
+                break;
             case ECCurve_SECG_PRIME_521R1:
                 group =
                     ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,