From 6537bdb5e0e7f5845ba818ec964f2ea51996a640 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 22:09:39 +0200 Subject: [PATCH] Explain how the code relates to the description in HAC Signed-off-by: Gilles Peskine --- library/bignum.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/bignum.c b/library/bignum.c index d66d8e896e..9995c7f9b1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2424,6 +2424,13 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B TA.s = TB.s = 1; + /* We follow the procedure described in HAC 14.54, except that sequences + * of divisions by 2 are grouped into a single shift. The procedure in HAC + * assumes that the numbers are initially positive. The case B=0 was + * short-circuited above. If A=0, the loop goes through 0 iterations + * and the result is correctly B. + */ + while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) { MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );