mbedtls_psa_ffdh_generate_key: Fix random number generation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c
index b6a9bf4..77d51d5 100644
--- a/library/psa_crypto_ffdh.c
+++ b/library/psa_crypto_ffdh.c
@@ -232,10 +232,10 @@
if (status == PSA_SUCCESS) {
/* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their
secret exponent from the range [2, P-2].
- Select random value in range [4, P] and decrease it by 2. */
- MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random,
+ Select random value in range [3, P-1] and decrease it by 1. */
+ MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE));
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1));
*key_buffer_length = mbedtls_mpi_size(&X);