Gitweb:
https://git.exim.org/exim.git/commitdiff/e78f5da52ca38d07b0b4ccf565e1b47f477fb5a5
Commit: e78f5da52ca38d07b0b4ccf565e1b47f477fb5a5
Parent: 707ece5c7b88dce1187be592c3b689d71632b769
Author: Phil Pennock <pdp@???>
AuthorDate: Thu Sep 17 16:44:52 2020 -0400
Committer: Phil Pennock <pdp@???>
CommitDate: Thu Sep 17 16:44:52 2020 -0400
default DH prime choice consistency
A function returning a default and a list which defined the value of "default"
disagreed. Switch both to a macro to make it harder for them to fall out of
sync.
---
doc/doc-txt/ChangeLog | 5 +++++
src/src/std-crypto.c | 6 ++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9048e3f..cb92a60 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -116,6 +116,11 @@ JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for
Find and fix by Gavan. Although NetBSD is not a supported platform for
4.94 this bug could affect other platforms.
+PP/01 Fix default prime selection to be consistent.
+ One path used ike23 still, instead of exim.dev.20160529.3; now both
+ execution flows will use the same DH primes (currently
+ exim.dev.20160529.3).
+
Exim version 4.94
-----------------
diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c
index a045f6c..e4df560 100644
--- a/src/src/std-crypto.c
+++ b/src/src/std-crypto.c
@@ -959,11 +959,13 @@ struct dh_constant {
const char *pem;
};
+#define EXIM_DH_PRIME_DEFAULT dh_exim_20160529_3
+
/* KEEP SORTED ALPHABETICALLY;
* duplicate PEM are okay, if we want aliases, but names must be alphabetical */
static struct dh_constant dh_constants[] = {
/* label pem */
- { "default", dh_exim_20160529_3 },
+ { "default", EXIM_DH_PRIME_DEFAULT },
{ "exim.dev.20160529.1", dh_exim_20160529_1 },
{ "exim.dev.20160529.2", dh_exim_20160529_2 },
{ "exim.dev.20160529.3", dh_exim_20160529_3 },
@@ -993,7 +995,7 @@ static const int dh_constants_count =
const char *
std_dh_prime_default(void)
{
- return dh_ike_23_pem;
+ return EXIM_DH_PRIME_DEFAULT;
}