From 1a76a85c93fd0e2155a2c09ea94fc2e646bea1ce Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Fri, 27 Jul 2001 22:34:00 +0000
Subject: [PATCH] Undo DH_generate_key() change: s3_srvr.c was using it
 correctly

---
 CHANGES                        | 11 -----------
 crypto/dh/dh_key.c             |  7 ++++++-
 doc/crypto/DH_generate_key.pod |  7 +++----
 3 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/CHANGES b/CHANGES
index a7fa70ee56..ed16396653 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,17 +10,6 @@
      This made problems when used from OpenSSH.
      [Lutz Jaenicke]
 
-  *) In crypto/dh/dh_key.c, change generate_key() (the default
-     implementation of DH_generate_key()) so that a new key is
-     generated each time DH_generate_key() is used on a DH object.
-
-     Previously, DH_generate_key() did not change existing keys
-     -- but ssl/s3_srvr.c always expected it to do so (in effect,
-     SSL_OP_SINGLE_DH_USE was ignored in servers reusing the same SSL
-     object for multiple connections; however, each new SSL object
-     created from an SSL_CTX got its own key).
-     [Bodo Moeller]
-
   *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
      dh->length and always used
 
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index ebb840f267..e097683f07 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -99,6 +99,7 @@ DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
 	{
 	int ok=0;
+	int generate_new_key=0;
 	unsigned l;
 	BN_CTX ctx;
 	BN_MONT_CTX *mont;
@@ -110,6 +111,7 @@ static int generate_key(DH *dh)
 		{
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
+		generate_new_key=1;
 		}
 	else
 		priv_key=dh->priv_key;
@@ -132,7 +134,10 @@ static int generate_key(DH *dh)
 
 	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 
-	if (!BN_rand(priv_key, l, 0, 0)) goto err;
+	if (generate_new_key)
+		{
+		if (!BN_rand(priv_key, l, 0, 0)) goto err;
+		}
 	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
 		
 	dh->pub_key=pub_key;
diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod
index d376dc9f2f..920995b2e5 100644
--- a/doc/crypto/DH_generate_key.pod
+++ b/doc/crypto/DH_generate_key.pod
@@ -21,8 +21,9 @@ value to compute the shared key.
 
 DH_generate_key() expects B<dh> to contain the shared parameters
 B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
-B<dh-E<gt>priv_key>, and it computes the corresponding public value
-B<dh-E<gt>pub_key>, which can then be published.
+unless B<dh-E<gt>priv_key> is already set, and computes the
+corresponding public value B<dh-E<gt>pub_key>, which can then be
+published.
 
 DH_compute_key() computes the shared secret from the private DH value
 in B<dh> and the other party's public value in B<pub_key> and stores
@@ -45,7 +46,5 @@ L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
 
 DH_generate_key() and DH_compute_key() are available in all versions
 of SSLeay and OpenSSL.
-Up to version 0.9.6b, DH_generate_key() would not generate a new
-key if B<dh-E<gt>priv_key> was already set.
 
 =cut
-- 
2.25.1