<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Backward compatibility option in 1.4 for the key parser bug in 1.3
From: Erik Wallin <erikw,AT,sec,DOT,se>
Date: Sun, 7 Jan 2001 18:48:40 +0100

I've come upon the problem of supporting both 1.3 and 1.4.5 users at the
same time. This led me to the following changes to the code in 1.4.5.
Just thought I'd share it with everyone else. Trivial, but still.

I've only tested it on 1.4.5 talking to 1.3, so you might want to take
an extra look at the code if you decide to use it.

I've also tried to merge it with the latest snapshot. The results are at
the end of this email.

The right way would of course be to try both keys when using a static
key in the key exchange, but that seems like going a long way for a
problem that is bound to dissappear when everyone is upgraded. The
important thing to me is being able to support both key types with only
a minor modification in the config files. After all, in 1.5 people
*will* get a warning in the logfile if they upgrade without reading the
Changelog.

/Erik

--------------------------------------------------------------------------

Diff against 1.4.5.

Compiles without problems on a 2.2.18 kernel. Only tested against a 1.3
(not 1.4.5 against 1.4.5)
--------------------------------------------------------------------------

diff -r cipe-1.4.5-ew/ciped.c cipe-1.4.5/ciped.c
477,481c477,479
<       /* Parameter for choosing which key decoder to use. The first
alternative is only for backwards compatitibility
<          with the broken implementation in 1.3 */
<       if (OI(bugkey)) {
<         /* BROKEN attempt at a primitive hex decoder */
<         while(*c) {
---
> #ifdef BUG_COMPATIBLE
>       /* BROKEN attempt at a primitive hex decoder */
>       while(*c) {
488d485
<         }
490,493c487,490
<       else {
<         /* simple hex decoder */
<           #define dehex(x)
(((x)>='0'&&(x)<='9')?((x)-'0'):(((x)&15)+9))
<         while (*c) {
---
> #else
>       /* simple hex decoder */
>       #define dehex(x) (((x)>='0'&&(x)<='9')?((x)-'0'):(((x)&15)+9))
>       while (*c) {
500d496
<         }
501a498
> #endif
diff -r cipe-1.4.5-ew/options.in cipe-1.4.5/options.in
37,42d36
< bugkey        bool    (no)
<  Interpret key using the old (buggy) parser. For compatibility with
<  hosts that have not yet been upgraded to 1.4, while still enabling
<  the use of full 128 bits to those that run 1.4. WARNING! This option
<  will reduce the strength of the encryption key from 128 to 109 bits.
<  See README.key-bug in the source distribution for more information.

--------------------------------------------------------------------------

Diff against snapshot-20010107.

I couldn't test this since it doesn't compile, but I get no warnings or
error on my changes.
--------------------------------------------------------------------------

diff -r cipe-snapshot-20010107-ew/cipe/ciped.c
cipe-snapshot-20010107/cipe/ciped.c
376,381c376,379
<       /* Parameter for choosing which key decoder to use. The first
alternative is only for backwards compatitibility
<          with the broken implementation in 1.3 */
<       if (OI(bugkey)) {
<         /* BROKEN attempt at a primitive hex decoder */
<         i=0;
<         while(*c) {
---
> #ifdef BUG_COMPATIBLE
>       /* BROKEN attempt at a primitive hex decoder */
>       i=0;
>       while(*c) {
388,392d385
<         }
<       }
<       else { /* Use correct hex parser */
<         gethex(c, x, userKeySize);
<         memset(c, 0, strlen(c)); /* clear after use */
393a387,390
> #else
>       gethex(c, x, userKeySize);
>       memset(c, 0, strlen(c)); /* clear after use */
> #endif
626c623,627
<     0 /* This value is set in ctrl() */
---
> #ifdef BUG_COMPATIBLE
>     0
> #else
>     1
> #endif
635,637d635
<     /* Ugly workaround. Can't initialize with non constant above. */
<     myconfinfo.keyright=!OI(bugkey);
<
679c677
<       check(keyright, "Key parser - but see bugkey option");
---
>       check(keyright, "Key parser");
diff -r cipe-snapshot-20010107-ew/cipe/options.in
cipe-snapshot-20010107/cipe/options.in
42,47d41
< bugkey        bool    (no)
<  Interpret key using the old (buggy) parser. For compatibility with
<  hosts that have not yet been upgraded to 1.4, while still enabling
<  the use of full 128 bits to those that run 1.4. WARNING! This option
<  will reduce the strength of the encryption key from 128 to 109 bits.
<  See README.key-bug in the source distribution for more information.





<< | Thread Index | >> ]    [ << | Date Index | >> ]