From edc1efed3c0cf5aebb1c765066c0413757229a31 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 30 Oct 2016 15:17:52 +0100 Subject: [PATCH] Use AES256 and SHA256 by default for the legacy protocol. At the start of the decade, there were still distributions that shipped with versions of OpenSSL that did not support these algorithms. By now everyone should support them. The old defaults were Blowfish and SHA1, both of which are not considered secure anymore. The meta-protocol now always uses AES in CFB mode, but the key length will adapt to the one specified by the Cipher option. The digest for the meta-protocol is hardcoded to SHA256. --- m4/openssl.m4 | 2 +- src/cipher.h | 3 +-- src/digest.h | 3 +-- src/net_setup.c | 4 ++-- src/openssl/cipher.c | 6 +----- src/openssl/digest.c | 6 +----- src/protocol_auth.c | 18 +++++++++++++++--- 7 files changed, 22 insertions(+), 20 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 6bb33cf5..4afcff2f 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -49,7 +49,7 @@ AC_DEFUN([tinc_OPENSSL], [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], ) - AC_CHECK_DECLS([OpenSSL_add_all_algorithms], , + AC_CHECK_DECLS([OpenSSL_add_all_algorithms EVP_aes_256_cfb], , [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], [#include ] ) diff --git a/src/cipher.h b/src/cipher.h index 3f98c18f..41335ec4 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -1,6 +1,6 @@ /* cipher.h -- header file cipher.c - Copyright (C) 2007-2013 Guus Sliepen + Copyright (C) 2007-2016 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -30,7 +30,6 @@ typedef struct cipher cipher_t; extern cipher_t *cipher_open_by_name(const char *) __attribute__ ((__malloc__)); extern cipher_t *cipher_open_by_nid(int) __attribute__ ((__malloc__)); -extern cipher_t *cipher_open_blowfish_ofb(void) __attribute__ ((__malloc__)); extern void cipher_close(cipher_t *); extern size_t cipher_keylength(const cipher_t *); extern size_t cipher_blocksize(const cipher_t *); diff --git a/src/digest.h b/src/digest.h index 204048ad..a3691bf0 100644 --- a/src/digest.h +++ b/src/digest.h @@ -1,6 +1,6 @@ /* digest.h -- header file digest.c - Copyright (C) 2007-2013 Guus Sliepen + Copyright (C) 2007-2016 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,7 +28,6 @@ typedef struct digest digest_t; extern digest_t *digest_open_by_name(const char *name, int maclength) __attribute__ ((__malloc__)); extern digest_t *digest_open_by_nid(int nid, int maclength) __attribute__ ((__malloc__)); -extern digest_t *digest_open_sha1(int maclength) __attribute__ ((__malloc__)); extern void digest_close(digest_t *); extern bool digest_create(digest_t *, const void *indata, size_t inlen, void *outdata) __attribute__ ((__warn_unused_result__)); extern bool digest_verify(digest_t *, const void *indata, size_t inlen, const void *digestdata) __attribute__ ((__warn_unused_result__)); diff --git a/src/net_setup.c b/src/net_setup.c index b0a0c953..9293c118 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -857,7 +857,7 @@ static bool setup_myself(void) { /* Generate packet encryption key */ if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) - cipher = xstrdup("blowfish"); + cipher = xstrdup("aes-256-cbc"); if(!strcasecmp(cipher, "none")) { myself->incipher = NULL; @@ -881,7 +881,7 @@ static bool setup_myself(void) { } if(!get_config_string(lookup_config(config_tree, "Digest"), &digest)) - digest = xstrdup("sha1"); + digest = xstrdup("sha256"); if(!strcasecmp(digest, "none")) { myself->indigest = NULL; diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c index ae9640f0..17ad408b 100644 --- a/src/openssl/cipher.c +++ b/src/openssl/cipher.c @@ -1,6 +1,6 @@ /* cipher.c -- Symmetric block cipher handling - Copyright (C) 2007-2013 Guus Sliepen + Copyright (C) 2007-2016 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -62,10 +62,6 @@ cipher_t *cipher_open_by_nid(int nid) { return cipher_open(evp_cipher); } -cipher_t *cipher_open_blowfish_ofb(void) { - return cipher_open(EVP_bf_ofb()); -} - void cipher_close(cipher_t *cipher) { if(!cipher) return; diff --git a/src/openssl/digest.c b/src/openssl/digest.c index c303785d..58ca167f 100644 --- a/src/openssl/digest.c +++ b/src/openssl/digest.c @@ -1,6 +1,6 @@ /* digest.c -- Digest handling - Copyright (C) 2007-2013 Guus Sliepen + Copyright (C) 2007-2016 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -64,10 +64,6 @@ digest_t *digest_open_by_nid(int nid, int maclength) { return digest_open(evp_md, maclength); } -digest_t *digest_open_sha1(int maclength) { - return digest_open(EVP_sha1(), maclength); -} - bool digest_set_key(digest_t *digest, const void *key, size_t len) { digest->key = xrealloc(digest->key, len); memcpy(digest->key, key, len); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 31b1f1e7..aee5736a 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication Copyright (C) 1999-2005 Ivo Timmermans, - 2000-2014 Guus Sliepen + 2000-2016 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -421,10 +421,22 @@ bool send_metakey(connection_t *c) { if(!read_rsa_public_key(c)) return false; - if(!(c->outcipher = cipher_open_blowfish_ofb())) + /* We need to use a stream mode for the meta protocol. Use AES for this, + but try to match the key size with the one from the cipher selected + by Cipher. + */ + + int keylen = cipher_keylength(myself->incipher); + if(keylen <= 16) + c->outcipher = cipher_open_by_name("aes-128-cfb"); + else if(keylen <= 24) + c->outcipher = cipher_open_by_name("aes-192-cfb"); + else + c->outcipher = cipher_open_by_name("aes-256-cfb"); + if(!c) return false; - if(!(c->outdigest = digest_open_sha1(-1))) + if(!(c->outdigest = digest_open_by_name("sha256", -1))) return false; const size_t len = rsa_size(c->rsa);