diff --git a/COPYING b/COPYING index 513da31..c7a4498 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others. +Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others. See the AUTHORS file for a complete list. This program is free software; you can redistribute it and/or modify it under diff --git a/ChangeLog b/ChangeLog index 746db24..d306c3c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,28 @@ +Version 1.0.31 January 15 2017 +------------------------------------------------------------------------ + +Guus Sliepen (1): + Releasing 1.0.31. + +Élie Bouttier (1): + Remove ExecStop in tinc@.service + +Version 1.0.30 October 30 2016 +------------------------------------------------------------------------ + +Guus Sliepen (11): + Allow non-empty lines after status code from a HTTP proxy. + Fix proxy reply parsing broken by the previous commit. + Log only the first line of a proxy request rejection message. + Delay sending the real ID request until after a proxy request is granted. + Use AES256 and SHA256 by default, also for the meta-connections. + Enforce maximum amount of bytes sent/received on meta-connections. + Fix bit shifting arithmetic so the code actually does what the last commit message says. + Really fix byte budget calculation. + Use AES in CTR mode instead of OFB mode for meta-connections. + Use CFB mode for meta-connections to improve security. + Releasing 1.0.30. + Version 1.0.29 October 09 2016 ------------------------------------------------------------------------ diff --git a/NEWS b/NEWS index 73a4a62..34c6f1f 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,17 @@ +Version 1.0.31 January 15 2017 + + * Remove ExecStop in tinc@.service. + +Thanks to Élie Bouttier for his contribution to this version of tinc. + +Version 1.0.30 October 30 2016 + + * Fix troubles connecting to some HTTP proxies. + + * Add mitigations for the Sweet32 attack when using a 64-bit block cipher. + + * Use AES256 and SHA256 as the default encryption and digest algorithms. + Version 1.0.29 October 9 2016 * Fix UDP communication with peers with link-local IPv6 addresses. diff --git a/README b/README index e0e5817..3fb92fc 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ -This is the README file for tinc version 1.0.29. Installation +This is the README file for tinc version 1.0.31. Installation instructions may be found in the INSTALL file. -tinc is Copyright (C) 1998-2016 by: +tinc is Copyright (C) 1998-2017 by: Ivo Timmermans, Guus Sliepen , @@ -39,6 +39,8 @@ practice and that the default length of the HMAC for packets is too short in his opinion. We do not know of a way to exploit these weaknesses, but these issues are being addressed in the tinc 1.1 branch. +The Sweet32 attack affects versions of tinc prior to 1.0.30. + Cryptography is a hard thing to get right. We cannot make any guarantees. Time, review and feedback are the only things that can prove the security of any cryptographic product. If you wish to review @@ -52,22 +54,25 @@ Some configuration variables have different names now. Most notably "TapDevice" should be changed into "Device", and "Device" should be changed into "BindToDevice". + Compatibility ------------- -Version 1.0.29 is compatible with 1.0pre8, 1.0 and later, but not with older -versions of tinc. +Version 1.0.31 is compatible with 1.0pre8, 1.0 and later, but not with older +versions of tinc. Note that since version 1.0.30, tinc requires all nodes in +the VPN to be compiled with a version of LibreSSL or OpenSSL that supports the +AES256 and SHA256 algorithms. Requirements ------------ -Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you -need to install this library first; grab it from -http://www.openssl.org/. You will need version 0.9.7 or later. If -this library is not installed on you system, configure will fail. The -manual in doc/tinc.texi contains more detailed information on how to -install this library. +Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to +install this library first; grab it from http://www.openssl.org/. You will +need version 1.0.1 or later with support for AES256 and SHA256 enabled. If +this library is not installed on you system, configure will fail. The manual +in doc/tinc.texi contains more detailed information on how to install this +library. Alternatively, you may also use LibreSSL. Since 1.0pre6, the zlib library is used for optional compression. You can find it at http://www.gzip.org/zlib/. Because of a possible exploit in diff --git a/THANKS b/THANKS index 4be771c..3446041 100644 --- a/THANKS +++ b/THANKS @@ -15,6 +15,7 @@ We would like to thank the following people for their contributions to tinc: * David Pflug * Delf Eldkraft * dnk +* Élie Bouttier * Enrique Zanardi * Florent Clairambault * Florian Weik diff --git a/config.guess b/config.guess index 0967f2a..2e9ad7f 100755 --- a/config.guess +++ b/config.guess @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2016-04-02' +timestamp='2016-10-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -186,9 +186,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. + # to ELF recently (or will in the future) and ABI. case "${UNAME_MACHINE_ARCH}" in - arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -997,6 +1000,9 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; + mips64el:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; openrisc*:Linux:*:*) echo or1k-unknown-linux-${LIBC} exit ;; @@ -1029,6 +1035,9 @@ EOF ppcle:Linux:*:*) echo powerpcle-unknown-linux-${LIBC} exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; @@ -1408,18 +1417,17 @@ esac cat >&2 < in order to provide the needed -information to handle your system. +If $0 has already been updated, send the following data and any +information you think might be pertinent to config-patches@gnu.org to +provide the necessary information to handle your system. config.guess timestamp = $timestamp diff --git a/config.h.in b/config.h.in index 85bc733..cc819b3 100644 --- a/config.h.in +++ b/config.h.in @@ -36,6 +36,10 @@ /* Darwin (MacOS/X) */ #undef HAVE_DARWIN +/* Define to 1 if you have the declaration of `EVP_aes_256_cfb', and to 0 if + you don't. */ +#undef HAVE_DECL_EVP_AES_256_CFB + /* Define to 1 if you have the declaration of `freeaddrinfo', and to 0 if you don't. */ #undef HAVE_DECL_FREEADDRINFO @@ -52,6 +56,10 @@ don't. */ #undef HAVE_DECL_GETNAMEINFO +/* Define to 1 if you have the declaration of `OpenSSL_add_all_algorithms', + and to 0 if you don't. */ +#undef HAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS + /* Define to 1 if you have the declaration of `res_init', and to 0 if you don't. */ #undef HAVE_DECL_RES_INIT diff --git a/config.sub b/config.sub index 8d39c4b..dd2ca93 100755 --- a/config.sub +++ b/config.sub @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2016-03-30' +timestamp='2016-11-04' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -117,7 +117,7 @@ case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ - kopensolaris*-gnu* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -301,6 +301,7 @@ case $basic_machine in | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ | pyramid \ | riscv32 | riscv64 \ | rl78 | rx \ @@ -428,6 +429,7 @@ case $basic_machine in | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ | pyramid-* \ | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ @@ -643,6 +645,14 @@ case $basic_machine in basic_machine=m68k-bull os=-sysv3 ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + os=$os"spe" + ;; ebmon29k) basic_machine=a29k-amd os=-ebmon @@ -1022,7 +1032,7 @@ case $basic_machine in ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - ppcle | powerpclittle | ppc-le | powerpc-little) + ppcle | powerpclittle) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) @@ -1032,7 +1042,7 @@ case $basic_machine in ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) + ppc64le | powerpc64little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) @@ -1389,7 +1399,7 @@ case $os in | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ @@ -1399,7 +1409,7 @@ case $os in | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ - | -onefs* | -tirtos*) + | -onefs* | -tirtos* | -phoenix* | -fuchsia*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) diff --git a/configure b/configure index 0492945..24c17f0 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tinc 1.0.29. +# Generated by GNU Autoconf 2.69 for tinc 1.0.31. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='tinc' PACKAGE_TARNAME='tinc' -PACKAGE_VERSION='1.0.29' -PACKAGE_STRING='tinc 1.0.29' +PACKAGE_VERSION='1.0.31' +PACKAGE_STRING='tinc 1.0.31' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tinc 1.0.29 to adapt to many kinds of systems. +\`configure' configures tinc 1.0.31 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1402,7 +1402,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tinc 1.0.29:";; + short | recursive ) echo "Configuration of tinc 1.0.31:";; esac cat <<\_ACEOF @@ -1528,7 +1528,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tinc configure 1.0.29 +tinc configure 1.0.31 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tinc $as_me 1.0.29, which was +It was created by tinc $as_me 1.0.31, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2857,7 +2857,7 @@ fi # Define the identity of the package. PACKAGE='tinc' - VERSION='1.0.29' + VERSION='1.0.31' cat >>confdefs.h <<_ACEOF @@ -7172,6 +7172,32 @@ done " if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break +fi +ac_fn_c_check_decl "$LINENO" "EVP_aes_256_cfb" "ac_cv_have_decl_EVP_aes_256_cfb" "#include + +" +if test "x$ac_cv_have_decl_EVP_aes_256_cfb" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_EVP_AES_256_CFB $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : else as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break @@ -7781,7 +7807,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tinc $as_me 1.0.29, which was +This file was extended by tinc $as_me 1.0.31, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7847,7 +7873,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tinc config.status 1.0.29 +tinc config.status 1.0.31 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 3ec5068..4853da7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([tinc], [1.0.29]) +AC_INIT([tinc], [1.0.31]) AC_CONFIG_SRCDIR([src/tincd.c]) AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall]) AC_CONFIG_HEADERS([config.h]) diff --git a/debian/changelog b/debian/changelog index 9927ebe..93529d1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +tinc (1.0.31-1) unstable; urgency=medium + + * New upstream release. + * Bump Standards-Version. + * Bump debian/compat. + * Add missing Depends: lsb-base. + + -- Guus Sliepen Sun, 15 Jan 2017 16:20:40 +0100 + tinc (1.0.29-2) unstable; urgency=medium * Rebuild with libssl-dev from unstable. diff --git a/debian/control b/debian/control index 13b5e41..09aa3c4 100644 --- a/debian/control +++ b/debian/control @@ -2,13 +2,13 @@ Source: tinc Section: net Priority: optional Maintainer: Guus Sliepen -Standards-Version: 3.9.7 -Build-Depends: libssl-dev, debhelper (>= 9), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd +Standards-Version: 3.9.8 +Build-Depends: libssl-dev, debhelper (>= 10), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd Homepage: http://www.tinc-vpn.org/ Package: tinc Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-6) Description: Virtual Private Network daemon tinc is a daemon with which you can create a virtual private network (VPN). One daemon can handle multiple connections, so you can diff --git a/distro/tinc@.service b/distro/tinc@.service index 4bb4d2d..c823fa5 100644 --- a/distro/tinc@.service +++ b/distro/tinc@.service @@ -8,7 +8,6 @@ Type=simple WorkingDirectory=/etc/tinc/%i ExecStart=/usr/sbin/tincd -n %i -D ExecReload=/usr/sbin/tincd -n %i -kHUP -ExecStop=/usr/sbin/tincd -n %i -k TimeoutStopSec=5 Restart=always RestartSec=60 diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index e2e206e..40ea1cc 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -1,4 +1,4 @@ -.Dd 2016-04-10 +.Dd 2016-10-29 .Dt TINC.CONF 5 .\" Manual page created by: .\" Ivo Timmermans @@ -468,7 +468,7 @@ Multiple .Va Address variables can be specified, in which case each address will be tried until a working connection has been established. -.It Va Cipher Li = Ar cipher Pq blowfish +.It Va Cipher Li = Ar cipher Pq aes-256-cbc The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by LibreSSL or OpenSSL is recognised. Furthermore, specifying @@ -483,7 +483,7 @@ Fragmentation Needed or Packet too Big messages are dropped by firewalls. This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo). -.It Va Digest Li = Ar digest Pq sha1 +.It Va Digest Li = Ar digest Pq sha256 The digest algorithm used to authenticate UDP packets. Any digest supported by LibreSSL or OpenSSL is recognised. Furthermore, specifying diff --git a/doc/tinc.info b/doc/tinc.info index d5acd43..8d99cea 100644 --- a/doc/tinc.info +++ b/doc/tinc.info @@ -1,14 +1,14 @@ -This is tinc.info, produced by makeinfo version 6.1 from tinc.texi. +This is tinc.info, produced by makeinfo version 6.3 from tinc.texi. INFO-DIR-SECTION Networking tools START-INFO-DIR-ENTRY * tinc: (tinc). The tinc Manual. END-INFO-DIR-ENTRY -This is the info manual for tinc version 1.0.27, a Virtual Private +This is the info manual for tinc version 1.0.29, a Virtual Private Network daemon. - Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen + Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and Wessel Dankers . Permission is granted to make and distribute verbatim copies of this @@ -1053,7 +1053,7 @@ Address = [] [recommended] can be specified, in which case each address will be tried until a working connection has been established. -Cipher = (blowfish) +Cipher = (aes-256-cbc) The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet encryption. It @@ -1070,7 +1070,7 @@ Compression = (0) Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo). -Digest = (sha1) +Digest = (sha256) The digest algorithm used to authenticate UDP packets. Any digest supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet authentication. @@ -2683,33 +2683,33 @@ Node: How connections work23220 Node: Configuration files24442 Node: Main configuration variables25936 Node: Host configuration variables42193 -Node: Scripts47720 -Node: How to configure50986 -Node: Generating keypairs52244 -Node: Network interfaces52743 -Node: Example configuration54591 -Node: Running tinc59916 -Node: Runtime options60506 -Node: Signals63808 -Node: Debug levels64999 -Node: Solving problems65935 -Node: Error messages67487 -Node: Sending bug reports71496 -Node: Technical information72443 -Node: The connection72674 -Node: The UDP tunnel72986 -Node: The meta-connection76047 -Node: The meta-protocol77516 -Node: Security82533 -Node: Authentication protocol83675 -Node: Encryption of network packets88720 -Node: Security issues90096 -Node: Platform specific information91735 -Node: Interface configuration91963 -Node: Routes94434 -Node: About us96448 -Node: Contact information96623 -Node: Authors97026 -Node: Concept Index97431 +Node: Scripts47725 +Node: How to configure50991 +Node: Generating keypairs52249 +Node: Network interfaces52748 +Node: Example configuration54596 +Node: Running tinc59921 +Node: Runtime options60511 +Node: Signals63813 +Node: Debug levels65004 +Node: Solving problems65940 +Node: Error messages67492 +Node: Sending bug reports71501 +Node: Technical information72448 +Node: The connection72679 +Node: The UDP tunnel72991 +Node: The meta-connection76052 +Node: The meta-protocol77521 +Node: Security82538 +Node: Authentication protocol83680 +Node: Encryption of network packets88725 +Node: Security issues90101 +Node: Platform specific information91740 +Node: Interface configuration91968 +Node: Routes94439 +Node: About us96453 +Node: Contact information96628 +Node: Authors97031 +Node: Concept Index97436  End Tag Table diff --git a/doc/tinc.texi b/doc/tinc.texi index 90cc380..132a1c4 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1143,7 +1143,7 @@ Multiple Address variables can be specified, in which case each address will be tried until a working connection has been established. @cindex Cipher -@item Cipher = <@var{cipher}> (blowfish) +@item Cipher = <@var{cipher}> (aes-256-cbc) The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet encryption. @@ -1162,7 +1162,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo). @cindex Digest -@item Digest = <@var{digest}> (sha1) +@item Digest = <@var{digest}> (sha256) The digest algorithm used to authenticate UDP packets. Any digest supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet authentication. diff --git a/m4/openssl.m4 b/m4/openssl.m4 index bb1f146..adca5f7 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -49,7 +49,7 @@ AC_DEFUN([tinc_OPENSSL], [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], ) - AC_CHECK_DECL([OpenSSL_add_all_algorithms], , + AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], , [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], [#include ] ) diff --git a/src/connection.c b/src/connection.c index fd7ae84..d27e6fd 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1,6 +1,6 @@ /* connection.c -- connection list management - Copyright (C) 2000-2012 Guus Sliepen , + Copyright (C) 2000-2016 Guus Sliepen , 2000-2005 Ivo Timmermans 2008 Max Rijevski @@ -91,6 +91,8 @@ void free_connection_partially(connection_t *c) { c->outbufstart = 0; c->last_ping_time = 0; c->last_flushed_time = 0; + c->inbudget = 0; + c->outbudget = 0; if(c->inctx) { EVP_CIPHER_CTX_cleanup(c->inctx); diff --git a/src/connection.h b/src/connection.h index 877601f..099d9d3 100644 --- a/src/connection.h +++ b/src/connection.h @@ -1,6 +1,6 @@ /* connection.h -- header for connection.c - Copyright (C) 2000-2012 Guus Sliepen , + Copyright (C) 2000-2016 Guus Sliepen , 2000-2005 Ivo Timmermans This program is free software; you can redistribute it and/or modify @@ -41,7 +41,8 @@ typedef struct connection_status_t { unsigned int encryptout:1; /* 1 if we can encrypt outgoing traffic */ unsigned int decryptin:1; /* 1 if we have to decrypt incoming traffic */ unsigned int mst:1; /* 1 if this connection is part of a minimum spanning tree */ - unsigned int unused:23; + unsigned int proxy_passed:1; /* 1 if we are connecting via a proxy and we have finished talking with it */ + unsigned int unused:22; } connection_status_t; #include "edge.h" @@ -70,6 +71,8 @@ typedef struct connection_t { const EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ + uint64_t inbudget; /* Encrypted bytes send budget */ + uint64_t outbudget; /* Encrypted bytes receive budget */ char *inkey; /* His symmetric meta key + iv */ char *outkey; /* Our symmetric meta key + iv */ int inkeylength; /* Length of his key + iv */ diff --git a/src/meta.c b/src/meta.c index 06ab96e..09c063d 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,6 +1,6 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2015 Guus Sliepen , + Copyright (C) 2000-2016 Guus Sliepen , 2000-2005 Ivo Timmermans 2006 Scott Lamb @@ -62,6 +62,14 @@ bool send_meta(connection_t *c, const char *buffer, int length) { /* Add our data to buffer */ if(c->status.encryptout) { + /* Check encryption limits */ + if(length > c->outbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname); + return false; + } else { + c->outbudget -= length; + } + result = EVP_EncryptUpdate(c->outctx, (unsigned char *)c->outbuf + c->outbufstart + c->outbuflen, &outlen, (unsigned char *)buffer, length); if(!result || outlen < length) { @@ -175,6 +183,14 @@ bool receive_meta(connection_t *c) { /* Decrypt */ if(c->status.decryptin && !decrypted) { + /* Check decryption limits */ + if(lenin > c->inbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname); + return false; + } else { + c->inbudget -= lenin; + } + result = EVP_DecryptUpdate(c->inctx, (unsigned char *)inbuf, &lenout, (unsigned char *)c->buffer + oldlen, lenin); if(!result || lenout != lenin) { logger(LOG_ERR, "Error while decrypting metadata from %s (%s): %s", diff --git a/src/net_setup.c b/src/net_setup.c index 6c50f9d..d766888 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -650,14 +650,25 @@ static bool setup_myself(void) { } free(cipher); } else - myself->incipher = EVP_bf_cbc(); + myself->incipher = EVP_aes_256_cbc(); if(myself->incipher) myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher); else myself->inkeylength = 1; - myself->connection->outcipher = EVP_bf_ofb(); + /* We need to use a stream mode for the meta protocol. Use AES for this, + but try to match the key size with the one from the cipher selected + by Cipher. + */ + + int keylen = EVP_CIPHER_key_length(myself->incipher); + if(keylen <= 16) + myself->connection->outcipher = EVP_aes_128_cfb(); + else if(keylen <= 24) + myself->connection->outcipher = EVP_aes_192_cfb(); + else + myself->connection->outcipher = EVP_aes_256_cfb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; @@ -681,9 +692,9 @@ static bool setup_myself(void) { free(digest); } else - myself->indigest = EVP_sha1(); + myself->indigest = EVP_sha256(); - myself->connection->outdigest = EVP_sha1(); + myself->connection->outdigest = EVP_sha256(); if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) { diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 13dae1d..8288847 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -41,9 +41,8 @@ #include "xalloc.h" bool send_id(connection_t *c) { - if(proxytype && c->outgoing) - if(!send_proxyrequest(c)) - return false; + if(proxytype && c->outgoing && !c->status.proxy_passed) + return send_proxyrequest(c); return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); @@ -114,6 +113,21 @@ bool id_h(connection_t *c) { return send_metakey(c); } +static uint64_t byte_budget(const EVP_CIPHER *cipher) { + /* Hopefully some failsafe way to calculate the maximum amount of bytes to + send/receive with a given cipher before we might run into birthday paradox + attacks. Because we might use different modes, the block size of the mode + might be 1 byte. In that case, use the IV length. Ensure the whole thing + is limited to what can be represented with a 64 bits integer. + */ + + int ivlen = EVP_CIPHER_iv_length(cipher); + int blklen = EVP_CIPHER_block_size(cipher); + int len = blklen > 1 ? blklen : ivlen > 1 ? ivlen : 8; + int bits = len * 4 - 1; + return bits < 64 ? UINT64_C(1) << bits : UINT64_MAX; +} + bool send_metakey(connection_t *c) { bool x; @@ -196,6 +210,7 @@ bool send_metakey(connection_t *c) { return false; } + c->outbudget = byte_budget(c->outcipher); c->status.encryptout = true; } @@ -274,6 +289,7 @@ bool metakey_h(connection_t *c) { return false; } + c->inbudget = byte_budget(c->incipher); c->status.decryptin = true; } else { c->incipher = NULL; diff --git a/src/proxy.c b/src/proxy.c index e30c1fb..5268272 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -1,6 +1,6 @@ /* proxy.c -- Proxy handling functions. - Copyright (C) 2015 Guus Sliepen + Copyright (C) 2015-2016 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -194,6 +194,8 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) { ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted"); c->allow_request = ID; + c->status.proxy_passed = true; + send_id(c); return 8; } else { logger(LOG_ERR, "Proxy request rejected"); @@ -249,6 +251,8 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) { } else { ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted"); c->allow_request = ID; + c->status.proxy_passed = true; + send_id(c); return replen; } @@ -256,7 +260,12 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) { char *p = memchr(c->buffer, '\n', c->buflen); if(!p || p - c->buffer >= c->buflen) return 0; - p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer)); + + while((p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer)))) { + if(p > c->buffer + 3 && !memcmp(p - 3, "\r\n\r\n", 4)) + break; + } + if(!p) return 0; @@ -270,8 +279,12 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) { logger(LOG_DEBUG, "Proxy request granted"); replen = p + 1 - c->buffer; c->allow_request = ID; + c->status.proxy_passed = true; + send_id(c); return replen; } else { + p = memchr(c->buffer, '\n', c->buflen); + p[-1] = 0; logger(LOG_ERR, "Proxy request rejected: %s", c->buffer + 9); return false; } diff --git a/src/tincd.c b/src/tincd.c index aaf40e2..22fb726 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd Copyright (C) 1998-2005 Ivo Timmermans - 2000-2016 Guus Sliepen + 2000-2017 Guus Sliepen 2008 Max Rijevski 2009 Michael Tokarev 2010 Julien Muchembled @@ -583,7 +583,7 @@ int main(int argc, char **argv) { if(show_version) { printf("%s version %s\n", PACKAGE, VERSION); - printf("Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.\n" + printf("Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n"