3 files changed, 9 insertions, 13 deletions

diff --git a/src/lib/libcrypto/dh/Makefile.ssl b/src/lib/libcrypto/dh/Makefile.ssl
index 88d0d1748b..bf4b47ca9a 100644
--- a/src/lib/libcrypto/dh/Makefile.ssl
+++ b/src/lib/libcrypto/dh/Makefile.ssl
@@ -39,7 +39,8 @@ all:	lib
 
 lib:    $(LIBOBJ)
         $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB)
+        @echo You may get an error following this line.  Please ignore.
+        - $(RANLIB) $(LIB)
         @touch lib
 
 files:
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 6915d79dcc..22b087b778 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -100,7 +100,6 @@ DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
         {
         int ok=0;
-        unsigned int i;
         BN_CTX ctx;
         BN_MONT_CTX *mont;
         BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -109,15 +108,11 @@ static int generate_key(DH *dh)
 
         if (dh->priv_key == NULL)
                 {
-                i=dh->length;
-                if (i == 0)
-                        {
-                        /* Make the number p-1 bits long */
-                        i=BN_num_bits(dh->p)-1;
-                        }
                 priv_key=BN_new();
                 if (priv_key == NULL) goto err;
-                if (!BN_rand(priv_key,i,0,0)) goto err;
+                do
+                        if (!BN_rand_range(priv_key, dh->p)) goto err;
+                while (BN_is_zero(priv_key));
                 }
         else
                 priv_key=dh->priv_key;
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 66803b5565..96f118c153 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -168,13 +168,13 @@ DH *DH_new_method(ENGINE *engine)
         ret->method_mont_p=NULL;
         ret->references = 1;
         ret->flags=meth->flags;
+        CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
         if ((meth->init != NULL) && !meth->init(ret))
                 {
+                CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
                 OPENSSL_free(ret);
                 ret=NULL;
                 }
-        else
-                CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
         return(ret);
         }
 
@@ -196,12 +196,12 @@ void DH_free(DH *r)
         }
 #endif
 
-        CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
-
         meth = ENGINE_get_DH(r->engine);
         if(meth->finish) meth->finish(r);
         ENGINE_finish(r->engine);
 
+        CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+
         if (r->p != NULL) BN_clear_free(r->p);
         if (r->g != NULL) BN_clear_free(r->g);
         if (r->q != NULL) BN_clear_free(r->q);