From eaddac22ab3166ef515cb4c286c0c3ed322fbe40 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 5 Nov 2018 23:54:27 +0000
Subject: Make use of bn_rand_interval() where appropriate.

ok beck jsing
---
 src/lib/libcrypto/dh/dh_key.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'src/lib/libcrypto/dh')

diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 2cbf128d80..17df620ec5 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_key.c,v 1.31 2018/11/05 23:50:05 tb Exp $ */
+/* $OpenBSD: dh_key.c,v 1.32 2018/11/05 23:54:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -106,7 +106,7 @@ generate_key(DH *dh)
 	unsigned l;
 	BN_CTX *ctx;
 	BN_MONT_CTX *mont = NULL;
-	BIGNUM *pub_key = dh->pub_key, *priv_key = dh->priv_key;
+	BIGNUM *pub_key = dh->pub_key, *priv_key = dh->priv_key, *two = NULL;
 
 	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
 		DHerror(DH_R_MODULUS_TOO_LARGE);
@@ -137,10 +137,12 @@ generate_key(DH *dh)
 
 	if (generate_new_key) {
 		if (dh->q) {
-			do {
-				if (!BN_rand_range(priv_key, dh->q))
-					goto err;
-			} while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+			if ((two = BN_new()) == NULL)
+				goto err;
+			if (!BN_add(two, BN_value_one(), BN_value_one()))
+				goto err;
+			if (!bn_rand_interval(priv_key, two, dh->q))
+				goto err;
 		} else {
 			/* secret exponent length */
 			l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
@@ -165,6 +167,7 @@ generate_key(DH *dh)
 	if (dh->priv_key == NULL)
 		BN_free(priv_key);
 	BN_CTX_free(ctx);
+	BN_free(two);
 	return ok;
 }
 
-- 
cgit v1.2.3-55-g6feb