mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Undo DH_generate_key() change: s3_srvr.c was using it correctly

Browse Source
This commit is contained in:
Bodo Möller 2001-07-27 22:34:25 +00:00
parent 3a64458217
commit 924875e53b
3 changed files with 9 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGES
View File

@ -26,17 +26,6 @@
This made problems when used from OpenSSH. This made problems when used from OpenSSH.
[Lutz Jaenicke] [Lutz Jaenicke]
*) In crypto/dh/dh_key.c, change generate_key() (the default
implementation of DH_generate_key()) so that a new key is
generated each time DH_generate_key() is used on a DH object.
Previously, DH_generate_key() did not change existing keys
-- but ssl/s3_srvr.c always expected it to do so (in effect,
SSL_OP_SINGLE_DH_USE was ignored in servers reusing the same SSL
object for multiple connections; however, each new SSL object
created from an SSL_CTX got its own key).
[Bodo Moeller]
*) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
dh->length and always used dh->length and always used

7
crypto/dh/dh_key.c
View File

@ -101,6 +101,7 @@ const DH_METHOD *DH_OpenSSL(void)
static int generate_key(DH *dh) static int generate_key(DH *dh)
{ {
int ok=0; int ok=0;
int generate_new_key=0;
unsigned l; unsigned l;
BN_CTX *ctx; BN_CTX *ctx;
BN_MONT_CTX *mont; BN_MONT_CTX *mont;
@ -113,6 +114,7 @@ static int generate_key(DH *dh)
{ {
priv_key=BN_new(); priv_key=BN_new();
if (priv_key == NULL) goto err; if (priv_key == NULL) goto err;
generate_new_key=1;
} }
else else
priv_key=dh->priv_key; priv_key=dh->priv_key;
@ -135,7 +137,10 @@ static int generate_key(DH *dh)
l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
if (!BN_rand(priv_key, l, 0, 0)) goto err; if (generate_new_key)
{
if (!BN_rand(priv_key, l, 0, 0)) goto err;
}
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g, if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
priv_key,dh->p,ctx,mont)) goto err; priv_key,dh->p,ctx,mont)) goto err;

7
doc/crypto/DH_generate_key.pod
View File

@ -21,8 +21,9 @@ value to compute the shared key.
DH_generate_key() expects B<dh> to contain the shared parameters DH_generate_key() expects B<dh> to contain the shared parameters
B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
B<dh-E<gt>priv_key>, and it computes the corresponding public value unless B<dh-E<gt>priv_key> is already set, and computes the
B<dh-E<gt>pub_key>, which can then be published. corresponding public value B<dh-E<gt>pub_key>, which can then be
published.
DH_compute_key() computes the shared secret from the private DH value DH_compute_key() computes the shared secret from the private DH value
in B<dh> and the other party's public value in B<pub_key> and stores in B<dh> and the other party's public value in B<pub_key> and stores
@ -45,7 +46,5 @@ L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
DH_generate_key() and DH_compute_key() are available in all versions DH_generate_key() and DH_compute_key() are available in all versions
of SSLeay and OpenSSL. of SSLeay and OpenSSL.
Up to version 0.9.6b, DH_generate_key() would not generate a new
key if B<dh-E<gt>priv_key> was already set.
=cut =cut