Fix false negative in Pockle discriminant check.

I just happened to notice in a re-read of the code that we were
computing b^2-4a and feeding it to mp_sqrt to check if it was a
perfect square, without having first checked that the subtraction
didn't overflow and deliver some arbitrary large positive number when
the true mathematical value was negative.

Fortunately, if this came up at all, it would have been as a false
_negative_ in Pockle's primality verification: it might have managed
to reject a genuine prime with a valid certificate on rare occasions.
So that's not too serious. But even so, now I've spotted it, fix it.

pockle.c

@@ -279,19 +279,24 @@ PockleStatus pockle_add_prime(Pockle *pockle, mp_int *p,
          * this check at all: the straightforward Pocklington theorem
          * is all we need. */
         if (!mp_eq_integer(a, 0)) {
-            /* Compute the discriminant b^2 - 4a. */
+            unsigned perfect_square = 0;
+
             mp_int *bsq = mp_mul(b, b);
             mp_lshift_fixed_into(a, a, 2);
-            mp_int *discriminant = mp_sub(bsq, a);
 
-            /* See if it's a perfect square. */
+            if (mp_cmp_hs(bsq, a)) {
+                /* b^2-4a is non-negative, so it might be a square.
+                 * Check it. */
+                mp_int *discriminant = mp_sub(bsq, a);
                 mp_int *remainder = mp_new(mp_max_bits(discriminant));
                 mp_int *root = mp_nthroot(discriminant, 2, remainder);
-            unsigned perfect_square = mp_eq_integer(remainder, 0);
+                perfect_square = mp_eq_integer(remainder, 0);
-            mp_free(bsq);
                 mp_free(discriminant);
                 mp_free(root);
                 mp_free(remainder);
+            }
+
+            mp_free(bsq);
 
             if (perfect_square) {
                 mp_free(b);