diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-17 02:57:20 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-23 22:26:31 +0000 |
commit | ffaef3f1526ed87a46f82fa4924d5b08f2a2e631 (patch) | |
tree | d06a2a17643a20f35169253104528b6c2b377d0b /ssl/s3_lib.c | |
parent | d938e8dfee16e6bb5427eac7bda32337634ce130 (diff) |
Always generate DH keys for ephemeral DH cipher suites.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4fc4426cd9..f7cdd93bb1 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3499,13 +3499,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); return (ret); } - if (!(s->options & SSL_OP_SINGLE_DH_USE)) { - if (!DH_generate_key(dh)) { - DH_free(dh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return (ret); - } - } DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; ret = 1; @@ -3887,12 +3880,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); return 0; } - if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { - if (!DH_generate_key(new)) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); - DH_free(new); - return 0; - } + if (!DH_generate_key(new)) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); + DH_free(new); + return 0; } DH_free(cert->dh_tmp); cert->dh_tmp = new; |