From a85864809febde02687b52dc2931ac4505f57067 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 29 Oct 2016 15:24:34 +0200 Subject: [PATCH 1/1] Use AES256 and SHA256 by default, also for the meta-connections. At the start of the decade, there were still distributions that shipped with versions of OpenSSL that did not support these algorithms. By now everyone should support them. The old defaults were Blowfish and SHA1, both of which are not considered secure anymore. The meta-protocol now always uses AES in OFB mode, but the key length will adapt to the one specified by the Cipher option. The digest for the meta-protocol is hardcoded to SHA256. --- doc/tinc.conf.5.in | 4 ++-- doc/tinc.texi | 4 ++-- src/net_setup.c | 19 +++++++++++++++---- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index e2e206e1..b0d6c776 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -468,7 +468,7 @@ Multiple .Va Address variables can be specified, in which case each address will be tried until a working connection has been established. -.It Va Cipher Li = Ar cipher Pq blowfish +.It Va Cipher Li = Ar cipher Pq aes-256-cbc The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by LibreSSL or OpenSSL is recognised. Furthermore, specifying @@ -483,7 +483,7 @@ Fragmentation Needed or Packet too Big messages are dropped by firewalls. This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo). -.It Va Digest Li = Ar digest Pq sha1 +.It Va Digest Li = Ar digest Pq sha256 The digest algorithm used to authenticate UDP packets. Any digest supported by LibreSSL or OpenSSL is recognised. Furthermore, specifying diff --git a/doc/tinc.texi b/doc/tinc.texi index 90cc380c..132a1c42 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1143,7 +1143,7 @@ Multiple Address variables can be specified, in which case each address will be tried until a working connection has been established. @cindex Cipher -@item Cipher = <@var{cipher}> (blowfish) +@item Cipher = <@var{cipher}> (aes-256-cbc) The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet encryption. @@ -1162,7 +1162,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo). @cindex Digest -@item Digest = <@var{digest}> (sha1) +@item Digest = <@var{digest}> (sha256) The digest algorithm used to authenticate UDP packets. Any digest supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet authentication. diff --git a/src/net_setup.c b/src/net_setup.c index 6c50f9d8..5b985c34 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -650,14 +650,25 @@ static bool setup_myself(void) { } free(cipher); } else - myself->incipher = EVP_bf_cbc(); + myself->incipher = EVP_aes_256_cbc(); if(myself->incipher) myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher); else myself->inkeylength = 1; - myself->connection->outcipher = EVP_bf_ofb(); + /* We need to use OFB mode for the meta protocol. Use AES for this, + but try to match the key size with the one from the cipher selected + by Cipher. + */ + + int keylen = EVP_CIPHER_key_length(myself->incipher); + if(keylen <= 16) + myself->connection->outcipher = EVP_aes_128_ofb(); + else if(keylen <= 24) + myself->connection->outcipher = EVP_aes_192_ofb(); + else + myself->connection->outcipher = EVP_aes_256_ofb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; @@ -681,9 +692,9 @@ static bool setup_myself(void) { free(digest); } else - myself->indigest = EVP_sha1(); + myself->indigest = EVP_sha256(); - myself->connection->outdigest = EVP_sha1(); + myself->connection->outdigest = EVP_sha256(); if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) { -- 2.20.1