Always generate DH keys for ephemeral DH cipher suites.

Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-12-17 02:57:20 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-12-23 22:26:31 +0000
commit: ffaef3f1526ed87a46f82fa4924d5b08f2a2e631 (patch)
tree: d06a2a17643a20f35169253104528b6c2b377d0b /ssl/statem
parent: d938e8dfee16e6bb5427eac7bda32337634ce130 (diff)
1 files changed, 3 insertions, 14 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b8b18b74e9..abdff176f7 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1800,20 +1800,9 @@ int tls_construct_server_key_exchange(SSL *s)
         }
 
         s->s3->tmp.dh = dh;
-        if ((dhp->pub_key == NULL ||
-             dhp->priv_key == NULL ||
-             (s->options & SSL_OP_SINGLE_DH_USE))) {
-            if (!DH_generate_key(dh)) {
-                SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-        } else {
-            dh->pub_key = BN_dup(dhp->pub_key);
-            dh->priv_key = BN_dup(dhp->priv_key);
-            if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
-                SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
+        if (!DH_generate_key(dh)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+            goto err;
         }
         r[0] = dh->p;
         r[1] = dh->g;
author	Dr. Stephen Henson <steve@openssl.org>	2015-12-17 02:57:20 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-12-23 22:26:31 +0000
commit	ffaef3f1526ed87a46f82fa4924d5b08f2a2e631 (patch)
tree	d06a2a17643a20f35169253104528b6c2b377d0b /ssl/statem
parent	d938e8dfee16e6bb5427eac7bda32337634ce130 (diff)