1 files changed, 9 insertions, 5 deletions

diff --git a/c5/integer.cpp b/c5/integer.cpp
index 0df3540..35312f6 100644
--- a/c5/integer.cpp
+++ b/c5/integer.cpp
@@ -1295,8 +1295,10 @@ carry2:
 class PentiumOptimized : public Portable
 {
 public:
+#ifndef __pic__		// -fpic uses up a register, leaving too few for the asm code
 	static word Add(word *C, const word *A, const word *B, unsigned int N);
 	static word Subtract(word *C, const word *A, const word *B, unsigned int N);
+#endif
 	static void Square4(word *R, const word *A);
 	static void Multiply4(word *C, const word *A, const word *B);
 	static void Multiply8(word *C, const word *A, const word *B);
@@ -1306,6 +1308,7 @@ typedef PentiumOptimized LowLevel;
 
 // Add and Subtract assembly code originally contributed by Alister Lee
 
+#ifndef __pic__
 __attribute__((regparm(3))) word PentiumOptimized::Add(word *C, const word *A, const word *B, unsigned int N)
 {
 	assert (N%2 == 0);
@@ -1381,6 +1384,7 @@ __attribute__((regparm(3))) word PentiumOptimized::Subtract(word *C, const word
 
 	return carry;
 }
+#endif	// __pic__
 
 // Comba square and multiply assembly code originally contributed by Leonard Janke
 
@@ -2142,11 +2146,11 @@ void MontgomeryReduce(word *R, word *T, const word *X, const word *M, const word
 {
 	MultiplyBottom(R, T, X, U, N);
 	MultiplyTop(T, T+N, X, R, M, N);
-	if (Subtract(R, X+N, T, N))
-	{
-		word carry = Add(R, R, M, N);
-		assert(carry);
-	}
+	word borrow = Subtract(T, X+N, T, N);
+	// defend against timing attack by doing this Add even when not needed
+	word carry = Add(T+N, T, M, N);
+	assert(carry || !borrow);
+	CopyWords(R, T + (borrow ? N : 0), N);
 }
 
 // R[N] --- result = X/(2**(WORD_BITS*N/2)) mod M