From e81d8d4703f477a2f4546f2c5246606d9499513d Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 22 Dec 2014 20:32:58 +0000
Subject: [PATCH] pub/rsa-recover.c: Take out explicit factoring-retry loop.

We have the `again' label anyway, because we need to retry from the
nested square-root-finding loop, and the hope is that we do the thing
once and it works, retrying on failure, rather than iterating over a
thing, so I think I prefer the `goto' here.
---
 pub/rsa-recover.c | 69 +++++++++++++++++++++++++++----------------------------
 1 file changed, 34 insertions(+), 35 deletions(-)

diff --git a/pub/rsa-recover.c b/pub/rsa-recover.c
index c09ca4a4..1e632313 100644
--- a/pub/rsa-recover.c
+++ b/pub/rsa-recover.c
@@ -111,43 +111,42 @@ int rsa_recover(rsa_priv *rp)
 
       mp_build(&a, &aw, &aw + 1);
       i = 0;
+
+    again:
+
+      /* --- Choose a random %$a$% and calculate %$z = a^t \bmod n$% --- *
+       *
+       * If %$z \equiv 1$% or %$z \equiv -1 \pmod n$% then this iteration
+       * is a failure.
+       */
+
+      aw = primetab[i++];
+      z = mpmont_mul(&mm, z, &a, mm.r2);
+      z = mpmont_expr(&mm, z, z, t);
+      if (MP_EQ(z, mm.r) || MP_EQ(z, m1))
+	goto again;
+
+      /* --- Now square until something interesting happens --- *
+       *
+       * Compute %$z^{2i} \bmod n$%.  Eventually, I'll either get %$-1$% or
+       * %$1$%.  If the former, the number is uninteresting, and I need to
+       * restart.  If the latter, the previous number minus 1 has a common
+       * factor with %$n$%.
+       */
+
       for (;;) {
-      again:
-
-	/* --- Choose a random %$a$% and calculate %$z = a^t \bmod n$% --- *
-	 *
-	 * If %$z \equiv 1$% or %$z \equiv -1 \pmod n$% then this iteration
-	 * is a failure.
-	 */
-
-	aw = primetab[i++];
-	z = mpmont_mul(&mm, z, &a, mm.r2);
-	z = mpmont_expr(&mm, z, z, t);
-	if (MP_EQ(z, mm.r) || MP_EQ(z, m1))
-	  continue;
-
-	/* --- Now square until something interesting happens --- *
-	 *
-	 * Compute %$z^{2i} \bmod n$%.  Eventually, I'll either get %$-1$% or
-	 * %$1$%.  If the former, the number is uninteresting, and I need to
-	 * restart.  If the latter, the previous number minus 1 has a common
-	 * factor with %$n$%.
-	 */
-
-	for (;;) {
-	  zz = mp_sqr(zz, z);
-	  zz = mpmont_reduce(&mm, zz, zz);
-	  if (MP_EQ(zz, mm.r)) {
-	    mp_drop(zz);
-	    goto done;
-	  } else if (MP_EQ(zz, m1)) {
-	    mp_drop(zz);
-	    goto again;
-	  }
-	  mp_drop(z);
-	  z = zz;
-	  zz = MP_NEW;
+	zz = mp_sqr(zz, z);
+	zz = mpmont_reduce(&mm, zz, zz);
+	if (MP_EQ(zz, mm.r)) {
+	  mp_drop(zz);
+	  goto done;
+	} else if (MP_EQ(zz, m1)) {
+	  mp_drop(zz);
+	  goto again;
 	}
+	mp_drop(z);
+	z = zz;
+	zz = MP_NEW;
       }
 
       /* --- Do the factoring --- *
-- 
2.11.0