Have added compiled-in DH group parameters so that ephemeral DH now works

properly.
author: Anthony Neal <aneal@zeroc.com> 2002-04-17 19:11:34 +0000
committer: Anthony Neal <aneal@zeroc.com> 2002-04-17 19:11:34 +0000
commit: e9c2c8614c481405846af1d91bc292435b092bda (patch)
tree: 0716e7dba73931a01ec313480f79ddceb630b013 /cpp/src/Ice/SystemOpenSSL.cpp
parent: fixes (diff)
download: ice-e9c2c8614c481405846af1d91bc292435b092bda.tar.bz2
ice-e9c2c8614c481405846af1d91bc292435b092bda.tar.xz
ice-e9c2c8614c481405846af1d91bc292435b092bda.zip
1 files changed, 55 insertions, 3 deletions
diff --git a/cpp/src/Ice/SystemOpenSSL.cpp b/cpp/src/Ice/SystemOpenSSL.cpp
index 28e169d5d2d..ef53730c019 100644
--- a/cpp/src/Ice/SystemOpenSSL.cpp
+++ b/cpp/src/Ice/SystemOpenSSL.cpp
@@ -37,6 +37,7 @@
 
 #include <openssl/e_os.h>
 #include <openssl/rand.h>
+#include <openssl/dh.h>
 
 #include <sstream>
 
@@ -351,6 +352,15 @@ IceSSL::OpenSSL::System::getRSAKey(int isExport, int keyLength)
         {
             _tempRSAKeys[keyLength] = new RSAPrivateKey(rsa_tmp);
         }
+        else if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+        {
+            ostringstream errorMsg;
+
+            errorMsg << "WRN Unable to obtain a " << dec << keyLength;
+            errorMsg << "-bit RSA key." << endl;
+
+            _logger->trace(_traceLevels->securityCat, errorMsg.str());
+        }
     }
 
     return rsa_tmp;
@@ -361,7 +371,7 @@ IceSSL::OpenSSL::System::getDHParams(int isExport, int keyLength)
 {
     IceUtil::Mutex::Lock sync(_tempDHKeysMutex);
 
-    DH *dh_tmp = 0;
+    DH* dh_tmp = 0;
 
     const DHMap::iterator& retVal = _tempDHKeys.find(keyLength);
 
@@ -383,12 +393,54 @@ IceSSL::OpenSSL::System::getDHParams(int isExport, int keyLength)
             string dhFile = dhParamsFile.getFileName();
 
             dh_tmp = loadDHParam(dhFile.c_str());
+        }
 
-            if (dh_tmp != 0)
+        // If that doesn't work, use a compiled-in group.
+        if (dh_tmp == 0)
+        {
+            switch (keyLength)
             {
-                _tempDHKeys[keyLength] = new DHParams(dh_tmp);
+                case 512 :
+                {
+                    dh_tmp = getTempDH512();
+                    break;
+                }
+        
+                case 1024 :
+                {
+                    dh_tmp = getTempDH1024();
+                    break;
+                }
+
+                case 2048 :
+                {
+                    dh_tmp = getTempDH2048();
+                    break;
+                }
+
+                case 4096 :
+                {
+                    dh_tmp = getTempDH4096();
+                    break;
+                }
             }
         }
+
+        if (dh_tmp != 0)
+        {
+            // Cache the dh params for quick lookup - no
+            // extra processing required then.
+            _tempDHKeys[keyLength] = new DHParams(dh_tmp);
+        }
+        else if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+        {
+            ostringstream errorMsg;
+
+            errorMsg << "WRN Unable to obtain a " << dec << keyLength;
+            errorMsg << "-bit Diffie-Hellman parameter group." << endl;
+
+            _logger->trace(_traceLevels->securityCat, errorMsg.str());
+        }
     }
 
     return dh_tmp;
author	Anthony Neal <aneal@zeroc.com>	2002-04-17 19:11:34 +0000
committer	Anthony Neal <aneal@zeroc.com>	2002-04-17 19:11:34 +0000
commit	e9c2c8614c481405846af1d91bc292435b092bda (patch)
tree	0716e7dba73931a01ec313480f79ddceb630b013 /cpp/src/Ice/SystemOpenSSL.cpp
parent	fixes (diff)
download	ice-e9c2c8614c481405846af1d91bc292435b092bda.tar.bz2 ice-e9c2c8614c481405846af1d91bc292435b092bda.tar.xz ice-e9c2c8614c481405846af1d91bc292435b092bda.zip