Always generate DH keys for ephemeral DH cipher suites.

Reviewed-by: Matt Caswell <matt@openssl.org>

1 files changed, 4 insertions, 13 deletions

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4fc4426cd9..f7cdd93bb1 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3499,13 +3499,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
                 return (ret);
             }
-            if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
-                if (!DH_generate_key(dh)) {
-                    DH_free(dh);
-                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-                    return (ret);
-                }
-            }
             DH_free(s->cert->dh_tmp);
             s->cert->dh_tmp = dh;
             ret = 1;
@@ -3887,12 +3880,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
                 return 0;
             }
-            if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
-                if (!DH_generate_key(new)) {
-                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
-                    DH_free(new);
-                    return 0;
-                }
+            if (!DH_generate_key(new)) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+                DH_free(new);
+                return 0;
             }
             DH_free(cert->dh_tmp);
             cert->dh_tmp = new;