From 7cf5c050e21af6d6715be45dfc147e4e8606b155 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Sun, 10 Apr 2016 01:01:29 +0200
Subject: [PATCH 1/2] make sure the entire mp_digit is filled with random data

---
 bn_mp_rand.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/bn_mp_rand.c b/bn_mp_rand.c
index 4c9610d..6f300c0 100644
--- a/bn_mp_rand.c
+++ b/bn_mp_rand.c
@@ -16,6 +16,18 @@
  */
 
 /* makes a pseudo-random int of a given size */
+static mp_digit mp_gen_random(void)
+{
+  mp_digit d;
+  d = ((mp_digit) abs (MP_GEN_RANDOM()));
+#if MP_DIGIT_BIT > 32
+  d <<= 32;
+  d |= ((mp_digit) abs (MP_GEN_RANDOM()));
+#endif
+  d &= MP_MASK;
+  return d;
+}
+
 int
 mp_rand (mp_int * a, int digits)
 {
@@ -29,7 +41,7 @@ mp_rand (mp_int * a, int digits)
 
   /* first place a random non-zero digit */
   do {
-    d = ((mp_digit) abs (MP_GEN_RANDOM())) & MP_MASK;
+    d = mp_gen_random();
   } while (d == 0);
 
   if ((res = mp_add_d (a, d, a)) != MP_OKAY) {
@@ -41,7 +53,7 @@ mp_rand (mp_int * a, int digits)
       return res;
     }
 
-    if ((res = mp_add_d (a, ((mp_digit) abs (MP_GEN_RANDOM())), a)) != MP_OKAY) {
+    if ((res = mp_add_d (a, mp_gen_random(), a)) != MP_OKAY) {
       return res;
     }
   }

From d5b0f1e993f3a9ed915ec875bfa5c47b380162b4 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Sun, 10 Apr 2016 13:55:42 +0200
Subject: [PATCH 2/2] loop&shift until enough random data has been read

---
 bn_mp_rand.c | 25 +++++++++++++++++++------
 tommath.h    |  2 ++
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/bn_mp_rand.c b/bn_mp_rand.c
index 6f300c0..fc98e52 100644
--- a/bn_mp_rand.c
+++ b/bn_mp_rand.c
@@ -15,15 +15,28 @@
  * Tom St Denis, tstdenis82@gmail.com, http://libtom.org
  */
 
+#if MP_GEN_RANDOM_MAX == 0xffffffff
+  #define MP_GEN_RANDOM_SHIFT  32
+#elif MP_GEN_RANDOM_MAX == 32767
+  /* SHRT_MAX */
+  #define MP_GEN_RANDOM_SHIFT  15
+#elif MP_GEN_RANDOM_MAX == 2147483647
+  /* INT_MAX */
+  #define MP_GEN_RANDOM_SHIFT  31
+#elif !defined(MP_GEN_RANDOM_SHIFT)
+#error Thou shalt define their own valid MP_GEN_RANDOM_SHIFT
+#endif
+
 /* makes a pseudo-random int of a given size */
 static mp_digit mp_gen_random(void)
 {
-  mp_digit d;
-  d = ((mp_digit) abs (MP_GEN_RANDOM()));
-#if MP_DIGIT_BIT > 32
-  d <<= 32;
-  d |= ((mp_digit) abs (MP_GEN_RANDOM()));
-#endif
+  mp_digit d = 0, msk = 0;
+  do {
+    d <<= MP_GEN_RANDOM_SHIFT;
+    d |= ((mp_digit) MP_GEN_RANDOM());
+    msk <<= MP_GEN_RANDOM_SHIFT;
+    msk |= MP_GEN_RANDOM_MAX;
+  } while ((MP_MASK & msk) != MP_MASK);
   d &= MP_MASK;
   return d;
 }
diff --git a/tommath.h b/tommath.h
index cec3722..b1a97af 100644
--- a/tommath.h
+++ b/tommath.h
@@ -102,8 +102,10 @@ extern "C" {
 /* use arc4random on platforms that support it */
 #ifdef MP_USE_ALT_RAND
     #define MP_GEN_RANDOM()    arc4random()
+    #define MP_GEN_RANDOM_MAX  0xffffffff
 #else
     #define MP_GEN_RANDOM()    rand()
+    #define MP_GEN_RANDOM_MAX  RAND_MAX
 #endif
 
 #define MP_DIGIT_BIT     DIGIT_BIT