commit 2db440d2f170c737b93b97e77bd6345d8b0d05ad
author Janos Follath <janos.follath@gmail.com> Fri Oct 30 17:43:11 2015 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Jan 08 15:22:05 2016 +0100
tree b44a7f181a1dc8e32fcf9e9694b58da07a079da6
parent 2b806fad7b65f1c0ae91c03d50c15378c466e232

Improved on the previous fix and added a test case to cover both types
of carries.

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index e46ce0b..975b6f8 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -889,22 +889,11 @@
 {
     int ret;
     size_t i, j;
-    mpi_uint *o, *p, c;
-    mpi TB;
+    mpi_uint *o, *p, c, tmp;
 
     if( X == B )
     {
-        B = A; A = X;
-
-        if( B == A )
-        {
-            // Making a temporary copy instead of shifting by one to deny
-            // the possibility of corresponding side-channel attacks.
-            mpi_init( &TB );
-            MPI_CHK( mpi_copy( &TB, B ) );
-
-            B = &TB;
-        }
+        const mpi *T = A; A = X; B = T;
     }
 
     if( X != A )
@@ -923,10 +912,14 @@
 
     o = B->p; p = X->p; c = 0;
 
+    /*
+     * tmp is used because it might happen that p == o
+     */
     for( i = 0; i < j; i++, o++, p++ )
     {
+        tmp= *o;
         *p +=  c; c  = ( *p <  c );
-        *p += *o; c += ( *p < *o );
+        *p += tmp; c += ( *p < tmp );
     }
 
     while( c != 0 )
@@ -941,10 +934,13 @@
     }
 
 cleanup:
+<<<<<<< HEAD
     if( &TB == B ) 
     {
         mpi_free( &TB );
     }
+=======
+>>>>>>> 6c9226809370... Improved on the previous fix and added a test case to cover both types
 
     return( ret );
 }