From 78ffb4179eba8a67e548d60ccafd76b43f950986 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 23 Jan 2014 15:34:18 +0900
Subject: [PATCH] Fix for constant time (step 9)

---
 ChangeLog |  2 ++
 src/jpc.c | 17 +++++++++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1b9e4be..4c8d795 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2014-01-23  Niibe Yutaka  <gniibe@fsij.org>
 
+	* src/jpc.c (jpc_add_ac_signed): Fix for constant time.
+
 	* src/ec_p256.c (ecdsa): Bug fix for k selection.
 
 2014-01-22  Niibe Yutaka  <gniibe@fsij.org>
diff --git a/src/jpc.c b/src/jpc.c
index ed0e1e5..55568ee 100644
--- a/src/jpc.c
+++ b/src/jpc.c
@@ -81,7 +81,7 @@ jpc_double (jpc *X, const jpc *A)
 void
 jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
 {
-  bn256 a[1], b[1], c[1], d[1];
+  bn256 a[1], b[1], c[1], d[1], tmp[1];
 #define minus_B_y c
 #define c_sqr a
 #define c_cube b
@@ -96,9 +96,15 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
     {
       memcpy (X->x, B->x, sizeof (bn256));
       if (minus)
-	bn256_sub (X->y, P256, B->y);
+	{
+	  memcpy (tmp, B->y, sizeof (bn256));
+	  bn256_sub (X->y, P256, B->y);
+	}
       else
-	memcpy (X->y, B->y, sizeof (bn256));
+	{
+	  memcpy (X->y, B->y, sizeof (bn256));
+	  bn256_sub (tmp, P256, B->y);
+	}
       memset (X->z, 0, sizeof (bn256));
       X->z->word[0] = 1;
       return;
@@ -115,7 +121,10 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
       modp256_mul (b, b, minus_B_y);
     }
   else
-    modp256_mul (b, b, B->y);
+    {
+      bn256_sub (tmp, P256, B->y);
+      modp256_mul (b, b, B->y);
+    }
 
   if (bn256_cmp (A->x, a) == 0 && bn256_cmp (A->y, b) == 0)
     {