From f47293892d66860c32f8beb5357b3ad5891b30bf Mon Sep 17 00:00:00 2001
From: Sheldon Teerlink <sheldon.teerlink@mx.com>
Date: Mon, 9 Jan 2023 12:32:43 -0700
Subject: [PATCH] Improve performance of Diffie-Hellman key exchange

---
 src/main/java/org/jruby/ext/openssl/PKeyDH.java | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/main/java/org/jruby/ext/openssl/PKeyDH.java b/src/main/java/org/jruby/ext/openssl/PKeyDH.java
index af1a2a42..d050943b 100644
--- a/src/main/java/org/jruby/ext/openssl/PKeyDH.java
+++ b/src/main/java/org/jruby/ext/openssl/PKeyDH.java
@@ -202,9 +202,6 @@ public static BigInteger generateX(BigInteger p, int limit) {
         BigInteger x;
         SecureRandom secureRandom = new SecureRandom();
         // adapting algorithm from org.bouncycastle.crypto.generators.DHKeyGeneratorHelper,
-        // which seems a little stronger (?) than OpenSSL's (OSSL just generates a random,
-        // while BC generates a random potential prime [for limit > 0], though it's not
-        // subject to Miller-Rabin [certainty = 0], but is subject to other constraints)
         // see also [ossl]/crypto/dh/dh_key.c #generate_key
         if (limit == 0) {
             final BigInteger pSub2 = p.subtract(TWO);
@@ -213,8 +210,7 @@ public static BigInteger generateX(BigInteger p, int limit) {
             } while (x.equals(BigInteger.ZERO));
         } else {
             do {
-                // generate potential prime, though with 0 certainty (no Miller-Rabin tests)
-                x = new BigInteger(limit, 0, secureRandom);
+                x = new BigInteger(limit, secureRandom);
             } while (x.equals(BigInteger.ZERO));
         }
         return x;