Multiple diffieHellman.generateKeys calls don't update the public key

[toramanomer]

Affected URL(s)

https://nodejs.org/docs/latest-v22.x/api/crypto.html#diffiehellmangeneratekeysencoding

Description of the problem

The documentation regarding diffieHellman.generateKeys([encoding]) in crypto module states as follows:

This function is a thin wrapper around DH_generate_key(). In particular, once a private key has been generated or set, calling this function only updates the public key but does not generate a new private key.

I have not been able to observe in any way that calling generateKeys multiple times results in different public keys.

import { createDiffieHellman } from 'node:crypto'

const alice = createDiffieHellman(1024)
const public1 = alice.generateKeys('hex')
const public2 = alice.generateKeys('hex')
const public3 = alice.generateKeys('hex')

console.log(public1 === public2)     // true
console.log(public1 === public3)     // true
console.log(public2 === public3)    // true

---

NodeJS docs state that it is a thin wrapper around OpenSSL's DH_generate_key. The OpenSSL page on DH_generate_key states that as follows in their docs:

All of the functions described on this page are deprecated. Applications should instead use EVP_PKEY_derive_init(3) and EVP_PKEY_derive(3).

Is it possible this is the result of such deprecation?

[bnoordhuis]

Not a bug but maybe a case of unclear documentation. See commit 4a82c8f for why that paragraph was added.

Public key generation is a deterministic process. You don't change any parameters so of course the public key stays the same. If you called dh.setPublicKey(some_other_pubkey) and then call generateKeys again, you get the old public key again.