Use BN_rand_range().
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 0e4fee1..7a0ace7 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -101,7 +101,6 @@
 static int generate_key(DH *dh)
 	{
 	int ok=0;
-	unsigned int i;
 	BN_CTX ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -110,15 +109,9 @@
 
 	if (dh->priv_key == NULL)
 		{
-		i=dh->length;
-		if (i == 0)
-			{
-			/* Make the number p-1 bits long */
-			i=BN_num_bits(dh->p)-1;
-			}
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
-		if (!BN_rand(priv_key,i,0,0)) goto err;
+		if (!BN_rand_range(priv_key, dh->p)) goto err;
 		}
 	else
 		priv_key=dh->priv_key;
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 5f4a8fc..bd5d0ce 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -68,7 +68,6 @@
 int DSA_generate_key(DSA *dsa)
 	{
 	int ok=0;
-	unsigned int i;
 	BN_CTX *ctx=NULL;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
@@ -81,15 +80,9 @@
 	else
 		priv_key=dsa->priv_key;
 
-	i=BN_num_bits(dsa->q);
-	for (;;)
-		{
-		if (!BN_rand(priv_key,i,0,0))
-			goto err;
-		if (BN_cmp(priv_key,dsa->q) >= 0)
-			BN_sub(priv_key,priv_key,dsa->q);
-		if (!BN_is_zero(priv_key)) break;
-		}
+	do
+		if (!BN_rand_range(priv_key,dsa->q)) goto err;
+	while (BN_is_zero(priv_key));
 
 	if (dsa->pub_key == NULL)
 		{
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index d09dbd4..d3a602f 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -325,7 +325,7 @@
 
 	BN_CTX_start(ctx);
 	A = BN_CTX_get(ctx);
-	if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
+	if (!BN_rand_range(A,rsa->n)) goto err;
 	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
 	if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,