summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2020-09-17 16:44:52 -0400
committerPhil Pennock <pdp@exim.org>2020-09-17 16:44:52 -0400
commite78f5da52ca38d07b0b4ccf565e1b47f477fb5a5 (patch)
tree258951f740fdbe853938a9f065c1fe1a297efc80
parent707ece5c7b88dce1187be592c3b689d71632b769 (diff)
default DH prime choice consistency
A function returning a default and a list which defined the value of "default" disagreed. Switch both to a macro to make it harder for them to fall out of sync.
-rw-r--r--doc/doc-txt/ChangeLog5
-rw-r--r--src/src/std-crypto.c6
2 files changed, 9 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9048e3f0e..cb92a601a 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -116,6 +116,11 @@ JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for
Find and fix by Gavan. Although NetBSD is not a supported platform for
4.94 this bug could affect other platforms.
+PP/01 Fix default prime selection to be consistent.
+ One path used ike23 still, instead of exim.dev.20160529.3; now both
+ execution flows will use the same DH primes (currently
+ exim.dev.20160529.3).
+
Exim version 4.94
-----------------
diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c
index a045f6cc6..e4df56006 100644
--- a/src/src/std-crypto.c
+++ b/src/src/std-crypto.c
@@ -959,11 +959,13 @@ struct dh_constant {
const char *pem;
};
+#define EXIM_DH_PRIME_DEFAULT dh_exim_20160529_3
+
/* KEEP SORTED ALPHABETICALLY;
* duplicate PEM are okay, if we want aliases, but names must be alphabetical */
static struct dh_constant dh_constants[] = {
/* label pem */
- { "default", dh_exim_20160529_3 },
+ { "default", EXIM_DH_PRIME_DEFAULT },
{ "exim.dev.20160529.1", dh_exim_20160529_1 },
{ "exim.dev.20160529.2", dh_exim_20160529_2 },
{ "exim.dev.20160529.3", dh_exim_20160529_3 },
@@ -993,7 +995,7 @@ static const int dh_constants_count =
const char *
std_dh_prime_default(void)
{
- return dh_ike_23_pem;
+ return EXIM_DH_PRIME_DEFAULT;
}