From 774ac9cb22ab84d0523219661c900e1574928c3e Mon Sep 17 00:00:00 2001
From: Jochen Hoenicke <hoenicke@gmail.com>
Date: Fri, 7 Aug 2015 11:26:00 +0200
Subject: [PATCH] Simplified test for doubling in point_jacobian_add

---
 ecdsa.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ecdsa.c b/ecdsa.c
index c757c31ff..bf4446339 100644
--- a/ecdsa.c
+++ b/ecdsa.c
@@ -290,7 +290,11 @@ void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2, const e
 	bn_add(&xz, &p2->x);
 	// xz = x1' + x2
 
-	is_doubling = bn_is_zero(&h) | bn_is_equal(&h, prime);
+	// check for h == 0 % prime.  Note that h never normalizes to
+	// zero, since h = x1' + 2*prime - x2 > 0 and a positive
+	// multiple of prime is always normalized to prime by
+	// bn_fast_mod.
+	is_doubling = bn_is_equal(&h, prime);
 
 	bn_multiply(&p1->y, &yz, prime);        // yz = y1' = y1*z2^3;
 	bn_subtractmod(&yz, &p2->y, &r, prime);