Use AES256 and SHA256 by default for the legacy protocol.

At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.

m4/openssl.m4

@@ -49,7 +49,7 @@ AC_DEFUN([tinc_OPENSSL],
     [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
   )
 
-  AC_CHECK_DECLS([OpenSSL_add_all_algorithms], ,
+  AC_CHECK_DECLS([OpenSSL_add_all_algorithms EVP_aes_256_cfb], ,
     [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
     [#include <openssl/evp.h>]
   )

src/cipher.h

@@ -1,6 +1,6 @@
 /*
     cipher.h -- header file cipher.c
-    Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -30,7 +30,6 @@ typedef struct cipher cipher_t;
 
 extern cipher_t *cipher_open_by_name(const char *) __attribute__ ((__malloc__));
 extern cipher_t *cipher_open_by_nid(int) __attribute__ ((__malloc__));
-extern cipher_t *cipher_open_blowfish_ofb(void) __attribute__ ((__malloc__));
 extern void cipher_close(cipher_t *);
 extern size_t cipher_keylength(const cipher_t *);
 extern size_t cipher_blocksize(const cipher_t *);

src/digest.h

@@ -1,6 +1,6 @@
 /*
     digest.h -- header file digest.c
-    Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -28,7 +28,6 @@ typedef struct digest digest_t;
 
 extern digest_t *digest_open_by_name(const char *name, int maclength) __attribute__ ((__malloc__));
 extern digest_t *digest_open_by_nid(int nid, int maclength) __attribute__ ((__malloc__));
-extern digest_t *digest_open_sha1(int maclength) __attribute__ ((__malloc__));
 extern void digest_close(digest_t *);
 extern bool digest_create(digest_t *, const void *indata, size_t inlen, void *outdata) __attribute__ ((__warn_unused_result__));
 extern bool digest_verify(digest_t *, const void *indata, size_t inlen, const void *digestdata) __attribute__ ((__warn_unused_result__));

src/net_setup.c

@@ -857,7 +857,7 @@ static bool setup_myself(void) {
 	/* Generate packet encryption key */
 
 	if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher))
-		cipher = xstrdup("blowfish");
+		cipher = xstrdup("aes-256-cbc");
 
 	if(!strcasecmp(cipher, "none")) {
 		myself->incipher = NULL;
@@ -881,7 +881,7 @@ static bool setup_myself(void) {
 	}
 
 	if(!get_config_string(lookup_config(config_tree, "Digest"), &digest))
-		digest = xstrdup("sha1");
+		digest = xstrdup("sha256");
 
 	if(!strcasecmp(digest, "none")) {
 		myself->indigest = NULL;

src/openssl/cipher.c

@@ -1,6 +1,6 @@
 /*
     cipher.c -- Symmetric block cipher handling
-    Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -62,10 +62,6 @@ cipher_t *cipher_open_by_nid(int nid) {
 	return cipher_open(evp_cipher);
 }
 
-cipher_t *cipher_open_blowfish_ofb(void) {
-	return cipher_open(EVP_bf_ofb());
-}
-
 void cipher_close(cipher_t *cipher) {
 	if(!cipher)
 		return;

src/openssl/digest.c

@@ -1,6 +1,6 @@
 /*
     digest.c -- Digest handling
-    Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -64,10 +64,6 @@ digest_t *digest_open_by_nid(int nid, int maclength) {
 	return digest_open(evp_md, maclength);
 }
 
-digest_t *digest_open_sha1(int maclength) {
-	return digest_open(EVP_sha1(), maclength);
-}
-
 bool digest_set_key(digest_t *digest, const void *key, size_t len) {
 	digest->key = xrealloc(digest->key, len);
 	memcpy(digest->key, key, len);

src/protocol_auth.c

@@ -1,7 +1,7 @@
 /*
     protocol_auth.c -- handle the meta-protocol, authentication
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -421,10 +421,22 @@ bool send_metakey(connection_t *c) {
 	if(!read_rsa_public_key(c))
 		return false;
 
-	if(!(c->outcipher = cipher_open_blowfish_ofb()))
+	/* We need to use a stream mode for the meta protocol. Use AES for this,
+	   but try to match the key size with the one from the cipher selected
+	   by Cipher.
+	*/
+
+	int keylen = cipher_keylength(myself->incipher);
+	if(keylen <= 16)
+		c->outcipher = cipher_open_by_name("aes-128-cfb");
+	else if(keylen <= 24)
+		c->outcipher = cipher_open_by_name("aes-192-cfb");
+	else
+		c->outcipher = cipher_open_by_name("aes-256-cfb");
+	if(!c)
 		return false;
 
-	if(!(c->outdigest = digest_open_sha1(-1)))
+	if(!(c->outdigest = digest_open_by_name("sha256", -1)))
 		return false;
 
 	const size_t len = rsa_size(c->rsa);