From cf0156f3f3d89f1c7424a70569199557aa326b05 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 27 Apr 2023 11:12:39 +0200
Subject: [PATCH] mbedtls_psa_ffdh_generate_key: Fix random number generation

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/psa_crypto_ffdh.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c
index b6a9bf473..77d51d5c0 100644
--- a/library/psa_crypto_ffdh.c
+++ b/library/psa_crypto_ffdh.c
@@ -232,10 +232,10 @@ psa_status_t mbedtls_psa_ffdh_generate_key(
     if (status == PSA_SUCCESS) {
         /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their
            secret exponent from the range [2, P-2].
-           Select random value in range [4, P] and decrease it by 2. */
-        MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random,
+           Select random value in range [3, P-1] and decrease it by 1. */
+        MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random,
                                            MBEDTLS_PSA_RANDOM_STATE));
-        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1));
 
         *key_buffer_length = mbedtls_mpi_size(&X);