From e78f5da52ca38d07b0b4ccf565e1b47f477fb5a5 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 17 Sep 2020 16:44:52 -0400 Subject: [PATCH] default DH prime choice consistency A function returning a default and a list which defined the value of "default" disagreed. Switch both to a macro to make it harder for them to fall out of sync. --- doc/doc-txt/ChangeLog | 5 +++++ src/src/std-crypto.c | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9048e3f0e..cb92a601a 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -116,6 +116,11 @@ JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for Find and fix by Gavan. Although NetBSD is not a supported platform for 4.94 this bug could affect other platforms. +PP/01 Fix default prime selection to be consistent. + One path used ike23 still, instead of exim.dev.20160529.3; now both + execution flows will use the same DH primes (currently + exim.dev.20160529.3). + Exim version 4.94 ----------------- diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c index a045f6cc6..e4df56006 100644 --- a/src/src/std-crypto.c +++ b/src/src/std-crypto.c @@ -959,11 +959,13 @@ struct dh_constant { const char *pem; }; +#define EXIM_DH_PRIME_DEFAULT dh_exim_20160529_3 + /* KEEP SORTED ALPHABETICALLY; * duplicate PEM are okay, if we want aliases, but names must be alphabetical */ static struct dh_constant dh_constants[] = { /* label pem */ - { "default", dh_exim_20160529_3 }, + { "default", EXIM_DH_PRIME_DEFAULT }, { "exim.dev.20160529.1", dh_exim_20160529_1 }, { "exim.dev.20160529.2", dh_exim_20160529_2 }, { "exim.dev.20160529.3", dh_exim_20160529_3 }, @@ -993,7 +995,7 @@ static const int dh_constants_count = const char * std_dh_prime_default(void) { - return dh_ike_23_pem; + return EXIM_DH_PRIME_DEFAULT; } -- 2.30.2