default DH prime choice consistency

A function returning a default and a list which defined the value of "default"
disagreed.  Switch both to a macro to make it harder for them to fall out of
sync.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9048e3f0e7e12b67bbf45904ca0372eadc8a665f..cb92a601a616242a9078721349115e2de3e63d7e 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -116,6 +116,11 @@ JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for
       Find and fix by Gavan.  Although NetBSD is not a supported platform for
       4.94 this bug could affect other platforms.
 
+PP/01 Fix default prime selection to be consistent.
+      One path used ike23 still, instead of exim.dev.20160529.3; now both
+      execution flows will use the same DH primes (currently
+      exim.dev.20160529.3).
+
 
 Exim version 4.94
 -----------------

diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c
index a045f6cc60811eff593e2c7fbb01e00992cb862c..e4df560064f551c64acce4e2cf222d7a0b19da13 100644 (file)
--- a/src/src/std-crypto.c
+++ b/src/src/std-crypto.c
@@ -959,11 +959,13 @@ struct dh_constant {
   const char *pem;
 };
 
+#define EXIM_DH_PRIME_DEFAULT dh_exim_20160529_3
+
 /* KEEP SORTED ALPHABETICALLY;
  * duplicate PEM are okay, if we want aliases, but names must be alphabetical */
 static struct dh_constant dh_constants[] = {
     /*  label                  pem */
-    { "default",               dh_exim_20160529_3 },
+    { "default",               EXIM_DH_PRIME_DEFAULT },
     { "exim.dev.20160529.1",   dh_exim_20160529_1 },
     { "exim.dev.20160529.2",   dh_exim_20160529_2 },
     { "exim.dev.20160529.3",   dh_exim_20160529_3 },
@@ -993,7 +995,7 @@ static const int dh_constants_count =
 const char *
 std_dh_prime_default(void)
 {
-  return dh_ike_23_pem;
+  return EXIM_DH_PRIME_DEFAULT;
 }