Add constant-time gcd

Previous version leaked some (minimal) information from the loop bounds.
author: Jack Lloyd <[email protected]> 2019-07-08 20:53:47 -0400
committer: Jack Lloyd <[email protected]> 2019-10-12 03:02:24 -0400
commit: 16661a7b6404be359cd5ad4d55f1b5b51e7daa98 (patch)
tree: 134bcc4b4be36306b42f017c8ae82d9b1d0400d5 /src/lib/pubkey
parent: abdcd9f87c07308f89aa4ac449460823286fbf74 (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index 5f597b811..830b1a5e8 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -297,7 +297,6 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng,
    const BigInt p_minus_1 = p - 1;
    const BigInt q_minus_1 = q - 1;
 
-   // FIXME: lcm calls gcd which is not completely const time
    const BigInt phi_n = lcm(p_minus_1, q_minus_1);
    // FIXME: this uses binary ext gcd because phi_n is even
    d = inverse_mod(e, phi_n);
author	Jack Lloyd <[email protected]>	2019-07-08 20:53:47 -0400
committer	Jack Lloyd <[email protected]>	2019-10-12 03:02:24 -0400
commit	16661a7b6404be359cd5ad4d55f1b5b51e7daa98 (patch)
tree	134bcc4b4be36306b42f017c8ae82d9b1d0400d5 /src/lib/pubkey
parent	abdcd9f87c07308f89aa4ac449460823286fbf74 (diff)