Fix DH key generation. Contributed by: Anonymous <nobody@replay.com>

commit: 6fa89f94c4452be54577eb071891d77c9e2abe16 [log] [tgz]
author: Ben Laurie <ben@openssl.org> Thu Jan 07 00:37:01 1999 +0000
committer: Ben Laurie <ben@openssl.org> Thu Jan 07 00:37:01 1999 +0000
tree: c0182444f9b476797744b70b21fc43ceb26fb858
parent: c13d4799dd9b6ed6a33e1a367119fd9b11233344 [diff]
diff --git a/CHANGES b/CHANGES
index 2a8877a..882b247 100644
--- a/CHANGES
+++ b/CHANGES

@@ -5,6 +5,10 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+     NULL pointers.
+     [Anonymous <nobody@replay.com>]
+
   *) s_server should send the CAfile as acceptable CAs, not its own cert.
      [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
 

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4e856b3..09041b2 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c

@@ -953,13 +953,16 @@
 				}
 
 			s->s3->tmp.dh=dh;
-			if (((dhp->pub_key == NULL) ||
-			     (dhp->priv_key == NULL) ||
-			     (s->options & SSL_OP_SINGLE_DH_USE)) &&
-			    (!DH_generate_key(dh)))
+			if ((dhp->pub_key == NULL ||
+			     dhp->priv_key == NULL ||
+			     (s->options & SSL_OP_SINGLE_DH_USE)))
 				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
+				if(!DH_generate_key(dh))
+				    {
+				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+					   ERR_R_DH_LIB);
+				    goto err;
+				    }
 				}
 			else
 				{
commit	6fa89f94c4452be54577eb071891d77c9e2abe16	[log] [tgz]
author	Ben Laurie <ben@openssl.org>	Thu Jan 07 00:37:01 1999 +0000
committer	Ben Laurie <ben@openssl.org>	Thu Jan 07 00:37:01 1999 +0000
tree	c0182444f9b476797744b70b21fc43ceb26fb858
parent	c13d4799dd9b6ed6a33e1a367119fd9b11233344 [diff]