--- old/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Wed Jun 19 13:35:55 2013
+++ new/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Wed Jun 19 13:35:55 2013
@@ -167,15 +167,16 @@
         BigInteger pMinus2 = p.subtract(BigInteger.valueOf(2));
 
         //
-        // Handbook of Applied Cryptography:  Menezes, et.al.
-        // Repeat if the following does not hold:
-        //     1 <= x <= p-2
+        // PKCS#3 section 7.1 "Private-value generation"
+        // Repeat if either of the followings does not hold:
+        //     0 < x < p-1
+        //     2^(lSize-1) <= x < 2^(lSize)
         //
         do {
             // generate random x up to 2^lSize bits long
             x = new BigInteger(lSize, random);
         } while ((x.compareTo(BigInteger.ONE) < 0) ||
-            ((x.compareTo(pMinus2) > 0)));
+            ((x.compareTo(pMinus2) > 0)) || (x.bitLength() != lSize));
 
         // calculate public value y
         BigInteger y = g.modPow(x, p);