From 2db440d2f170c737b93b97e77bd6345d8b0d05ad Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@gmail.com>
Date: Fri, 30 Oct 2015 17:43:11 +0100
Subject: [PATCH] Improved on the previous fix and added a test case to cover
 both types of carries.

---
 library/bignum.c                 | 24 ++++++++++--------------
 tests/suites/test_suite_mpi.data |  3 +++
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/library/bignum.c b/library/bignum.c
index e46ce0b52..975b6f8b4 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -889,22 +889,11 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B )
 {
     int ret;
     size_t i, j;
-    mpi_uint *o, *p, c;
-    mpi TB;
+    mpi_uint *o, *p, c, tmp;
 
     if( X == B )
     {
-        B = A; A = X;
-
-        if( B == A )
-        {
-            // Making a temporary copy instead of shifting by one to deny
-            // the possibility of corresponding side-channel attacks.
-            mpi_init( &TB );
-            MPI_CHK( mpi_copy( &TB, B ) );
-
-            B = &TB;
-        }
+        const mpi *T = A; A = X; B = T;
     }
 
     if( X != A )
@@ -923,10 +912,14 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B )
 
     o = B->p; p = X->p; c = 0;
 
+    /*
+     * tmp is used because it might happen that p == o
+     */
     for( i = 0; i < j; i++, o++, p++ )
     {
+        tmp= *o;
         *p +=  c; c  = ( *p <  c );
-        *p += *o; c += ( *p < *o );
+        *p += tmp; c += ( *p < tmp );
     }
 
     while( c != 0 )
@@ -941,10 +934,13 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B )
     }
 
 cleanup:
+<<<<<<< HEAD
     if( &TB == B ) 
     {
         mpi_free( &TB );
     }
+=======
+>>>>>>> 6c9226809370... Improved on the previous fix and added a test case to cover both types
 
     return( ret );
 }
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 76c9e3e5e..a8da378f0 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -301,6 +301,9 @@ mpi_add_mpi_inplace:10:"12345678":10:"24691356"
 Test mpi_add_mpi inplace #2 
 mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306"
 
+Test mpi_add_mpi inplace #3 
+mpi_add_mpi_inplace:16:"ffffffffffffffffffffffffffffffff":16:"01fffffffffffffffffffffffffffffffe"
+
 Test mpi_add_int #1
 mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227022647561"