diff --git a/CHANGES b/CHANGES index a2f1d02763e38679a546a02635076db3e3de98c0..48daf2e2a35537efeb07b0432f864781cd85aaaf 100644 --- a/CHANGES +++ b/CHANGES @@ -26,17 +26,6 @@ This made problems when used from OpenSSH. [Lutz Jaenicke] - *) In crypto/dh/dh_key.c, change generate_key() (the default - implementation of DH_generate_key()) so that a new key is - generated each time DH_generate_key() is used on a DH object. - - Previously, DH_generate_key() did not change existing keys - -- but ssl/s3_srvr.c always expected it to do so (in effect, - SSL_OP_SINGLE_DH_USE was ignored in servers reusing the same SSL - object for multiple connections; however, each new SSL object - created from an SSL_CTX got its own key). - [Bodo Moeller] - *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored dh->length and always used diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index df0300402e2dc54113b373c26f7cd2b869ed8154..4a2b75a992c950bdc8f525805823376ccd708b74 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -101,6 +101,7 @@ const DH_METHOD *DH_OpenSSL(void) static int generate_key(DH *dh) { int ok=0; + int generate_new_key=0; unsigned l; BN_CTX *ctx; BN_MONT_CTX *mont; @@ -113,6 +114,7 @@ static int generate_key(DH *dh) { priv_key=BN_new(); if (priv_key == NULL) goto err; + generate_new_key=1; } else priv_key=dh->priv_key; @@ -135,7 +137,10 @@ static int generate_key(DH *dh) l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ - if (!BN_rand(priv_key, l, 0, 0)) goto err; + if (generate_new_key) + { + if (!BN_rand(priv_key, l, 0, 0)) goto err; + } if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) goto err; diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod index d376dc9f2fe0d92ae66471ce23d9dfc173ea5561..920995b2e5aa5eede09bf46eeb9ad6c8b4613d83 100644 --- a/doc/crypto/DH_generate_key.pod +++ b/doc/crypto/DH_generate_key.pod @@ -21,8 +21,9 @@ value to compute the shared key. DH_generate_key() expects B to contain the shared parameters Bp> and Bg>. It generates a random private DH value -Bpriv_key>, and it computes the corresponding public value -Bpub_key>, which can then be published. +unless Bpriv_key> is already set, and computes the +corresponding public value Bpub_key>, which can then be +published. DH_compute_key() computes the shared secret from the private DH value in B and the other party's public value in B and stores @@ -45,7 +46,5 @@ L, L, L, L DH_generate_key() and DH_compute_key() are available in all versions of SSLeay and OpenSSL. -Up to version 0.9.6b, DH_generate_key() would not generate a new -key if Bpriv_key> was already set. =cut