X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=5b985c342c727da95b5d55b9748c19aff804b1b3;hp=6c50f9d87c7037a84bee2c55daf9545f4ee03a08;hb=a85864809febde02687b52dc2931ac4505f57067;hpb=3c37fe38019ec9c08be6158a4f64128fc83ed605

diff --git a/src/net_setup.c b/src/net_setup.c
index 6c50f9d8..5b985c34 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -650,14 +650,25 @@ static bool setup_myself(void) {
 		}
 		free(cipher);
 	} else
-		myself->incipher = EVP_bf_cbc();
+		myself->incipher = EVP_aes_256_cbc();
 
 	if(myself->incipher)
 		myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher);
 	else
 		myself->inkeylength = 1;
 
-	myself->connection->outcipher = EVP_bf_ofb();
+	/* We need to use OFB mode for the meta protocol. Use AES for this,
+	   but try to match the key size with the one from the cipher selected
+	   by Cipher.
+	*/
+
+	int keylen = EVP_CIPHER_key_length(myself->incipher);
+	if(keylen <= 16)
+		myself->connection->outcipher = EVP_aes_128_ofb();
+	else if(keylen <= 24)
+		myself->connection->outcipher = EVP_aes_192_ofb();
+	else
+		myself->connection->outcipher = EVP_aes_256_ofb();
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
@@ -681,9 +692,9 @@ static bool setup_myself(void) {
 
 		free(digest);
 	} else
-		myself->indigest = EVP_sha1();
+		myself->indigest = EVP_sha256();
 
-	myself->connection->outdigest = EVP_sha1();
+	myself->connection->outdigest = EVP_sha256();
 
 	if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
 		if(myself->indigest) {