* conservative about that sort of thing.
*/
-again:
if ((rp->p = strongprime("p", MP_NEWSEC, nbits/2, r, n, event, ectx)) == 0)
goto fail_p;
mp_drop(g.r);
if (!q) {
mp_drop(g.g);
- if (n)
- goto fail_q;
- mp_drop(rp->p);
- goto again;
+ goto fail_q;
}
rp->q = q;
}
MP_LEN(phi) * 4 < MP_LEN(rp->q) * 3) {
mp_drop(rp->p);
mp_drop(g.g);
- if (n)
- goto fail_q;
- mp_drop(rp->q);
- goto again;
+ goto fail_q;
}
if (MP_NEGP(phi)) {
mp_gcd(&g.g, 0, &rp->d, phi, rp->e);
if (!MP_EQ(g.g, MP_ONE) && MP_LEN(rp->d) * 4 > MP_LEN(rp->n) * 3)
goto fail_e;
+ if (mp_bits(rp->n) != nbits)
+ goto fail_e;
/* --- Work out exponent residues --- */