From 284bc0bd175e48889de14db0bf6ff192e5e6facc Mon Sep 17 00:00:00 2001
From: Mike Hamburg <mike@shiftleft.org>
Date: Thu, 5 Mar 2015 15:28:06 -0800
Subject: [PATCH] yep, selection-based is slightly faster.  using
 constant_time.h for now...

---
 src/decaf_fast.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/decaf_fast.c b/src/decaf_fast.c
index 95249f8..0145f8e 100644
--- a/src/decaf_fast.c
+++ b/src/decaf_fast.c
@@ -13,6 +13,8 @@
 #include <string.h>
 #include "field.h"
 
+#include "constant_time.h" /* TODO REMOVE */
+
 #define WBITS DECAF_WORD_BITS
 
 #if WBITS == 64
@@ -168,7 +170,8 @@ static inline void gf_add_nr ( gf c, const gf a, const gf b ) {
 
 /** Constant time, x = is_z ? z : y */
 sv cond_sel(gf x, const gf y, const gf z, decaf_bool_t is_z) {
-    FOR_LIMB(i, x[i] = (y[i] & ~is_z) | (z[i] & is_z) );
+    //FOR_LIMB(i, x[i] = (y[i] & ~is_z) | (z[i] & is_z) );
+    constant_time_select(x,z,y,sizeof(gf),is_z);
 }
 
 /** Constant time, if (neg) x=-x; */