X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/e8a0782f42c256c06905e0006ba4473b08ba3bf7..104e8e74fd858a4efff3d8e186406adc431465fa:/rsa.c

diff --git a/rsa.c b/rsa.c
index 0bd106f..fed468d 100644
--- a/rsa.c
+++ b/rsa.c
@@ -430,8 +430,9 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
 	/*
 	 * Verify that d*e is congruent to 1 mod (p-1), and mod
 	 * (q-1). This is equivalent to it being congruent to 1 mod
-	 * lcm(p-1,q-1), i.e. congruent to 1 mod phi(n). Note that
-	 * phi(n) is _not_ simply (p-1)*(q-1).
+	 * lambda(n) = lcm(p-1,q-1).  The usual `textbook' condition,
+	 * that d e == 1 (mod (p-1)(q-1)) is sufficient, but not
+	 * actually necessary.
 	 */
 	mpz_mul(&tmp, &d, &e);
 	mpz_sub_ui(&tmp2, &st->p, 1);