math/, pub/: Take a more consistent approach to prime-generation failures.

[catacomb] / pub / rsa-gen.c

diff --git a/pub/rsa-gen.c b/pub/rsa-gen.c
index 0653d1c3b2dafaf1bd2ca1b9eaadf0282e518790..c12be18ae3a02d5282a01ccecf7adca217163c27 100644 (file)
--- a/pub/rsa-gen.c
+++ b/pub/rsa-gen.c
@@ -73,7 +73,6 @@ int rsa_gen(rsa_priv *rp, unsigned nbits, grand *r, unsigned n,
    * conservative about that sort of thing.
    */
 
-again:
   if ((rp->p = strongprime("p", MP_NEWSEC, nbits/2, r, n, event, ectx)) == 0)
     goto fail_p;
 
@@ -95,6 +94,7 @@ again:
     mp_div(&t, &u, t, rp->p);
     if (!MP_ZEROP(u)) t = mp_add(t, t, MP_ONE);
     if (MP_CMP(q, <, t)) q = mp_leastcongruent(q, t, q, g.jp.m);
+    mp_drop(t);
 
     g.r = mp_lsr(MP_NEW, rp->p, 1);
     g.g = MP_NEW;
@@ -105,10 +105,7 @@ again:
     mp_drop(g.r);
     if (!q) {
       mp_drop(g.g);
-      if (n)
-       goto fail_q;
-      mp_drop(rp->p);
-      goto again;
+      goto fail_q;
     }
     rp->q = q;
   }
@@ -124,10 +121,7 @@ again:
       MP_LEN(phi) * 4 < MP_LEN(rp->q) * 3) {
     mp_drop(rp->p);
     mp_drop(g.g);
-    if (n)
-      goto fail_q;
-    mp_drop(rp->q);
-    goto again;
+    goto fail_q;
   }
 
   if (MP_NEGP(phi)) {