length of secret exponent is needed only when we create one

[openssl.git] / crypto / dh / dh_key.c

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index df0300402e2dc54113b373c26f7cd2b869ed8154..670727798e8c6b18dd4979f10f2769405366286a 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -101,6 +101,7 @@ const DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
        {
        int ok=0;
+       int generate_new_key=0;
        unsigned l;
        BN_CTX *ctx;
        BN_MONT_CTX *mont;
@@ -113,6 +114,7 @@ static int generate_key(DH *dh)
                {
                priv_key=BN_new();
                if (priv_key == NULL) goto err;
+               generate_new_key=1;
                }
        else
                priv_key=dh->priv_key;
@@ -133,9 +135,11 @@ static int generate_key(DH *dh)
                }
        mont=(BN_MONT_CTX *)dh->method_mont_p;
 
-       l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
-
-       if (!BN_rand(priv_key, l, 0, 0)) goto err;
+       if (generate_new_key)
+               {
+               l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+               if (!BN_rand(priv_key, l, 0, 0)) goto err;
+               }
        if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
                priv_key,dh->p,ctx,mont)) goto err;