default DH prime choice consistency

A function returning a default and a list which defined the value of "default"
disagreed.  Switch both to a macro to make it harder for them to fall out of
sync.

2 files changed, 9 insertions, 2 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9048e3f0e..cb92a601a 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -116,6 +116,11 @@ JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for
       Find and fix by Gavan.  Although NetBSD is not a supported platform for
       4.94 this bug could affect other platforms.
 
+PP/01 Fix default prime selection to be consistent.
+      One path used ike23 still, instead of exim.dev.20160529.3; now both
+      execution flows will use the same DH primes (currently
+      exim.dev.20160529.3).
+
 
 Exim version 4.94
 -----------------
diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c
index a045f6cc6..e4df56006 100644
--- a/src/src/std-crypto.c
+++ b/src/src/std-crypto.c
@@ -959,11 +959,13 @@ struct dh_constant {
   const char *pem;
 };
 
+#define EXIM_DH_PRIME_DEFAULT dh_exim_20160529_3
+
 /* KEEP SORTED ALPHABETICALLY;
  * duplicate PEM are okay, if we want aliases, but names must be alphabetical */
 static struct dh_constant dh_constants[] = {
     /*  label			pem */
-    { "default",		dh_exim_20160529_3 },
+    { "default",		EXIM_DH_PRIME_DEFAULT },
     { "exim.dev.20160529.1",	dh_exim_20160529_1 },
     { "exim.dev.20160529.2",	dh_exim_20160529_2 },
     { "exim.dev.20160529.3",	dh_exim_20160529_3 },
@@ -993,7 +995,7 @@ static const int dh_constants_count =
 const char *
 std_dh_prime_default(void)
 {
-  return dh_ike_23_pem;
+  return EXIM_DH_PRIME_DEFAULT;
 }