From 00e83192c57d476d27b136d6bdf0e6007b4ed2f3 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Wed, 23 Oct 2019 04:11:05 +0100
Subject: [PATCH] pub/dh-kcdsa.c: Choose the cofactor size correctly.

Considering that we're going to have to multiply in a factor of 2 at
some point.
---
 pub/dh-kcdsa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pub/dh-kcdsa.c b/pub/dh-kcdsa.c
index 6bd3e19e..e366a16e 100644
--- a/pub/dh-kcdsa.c
+++ b/pub/dh-kcdsa.c
@@ -71,7 +71,7 @@ int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl,
   /* --- First trick: find %$v$% --- */
 
   pf.step = 2;
-  x = mprand(x, pl - ql, r, 1);
+  x = mprand(x, pl - ql - 1, r, 1);
   x = pgen("v", x, x, ev, ec,
 	   steps, pgen_filter, &pf,
 	   rabin_iters(pl - ql), pgen_test, &rb);
-- 
2.11.0