Import Upstream version 1.0.31

2019-08-26 13:44:47 +02:00 · 2019-08-26 13:44:47 +02:00 · 81ce06b6c9
commit 81ce06b6c9
parent 1077a20a8c
22 changed files with 250 additions and 93 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.
+Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.
 See the AUTHORS file for a complete list.

 This program is free software; you can redistribute it and/or modify it under
--- a/25
+++ b/25
@ -1,3 +1,28 @@
+Version 1.0.31                                           January 15 2017
+------------------------------------------------------------------------
+
+Guus Sliepen (1):
+      Releasing 1.0.31.
+
+Élie Bouttier (1):
+      Remove ExecStop in tinc@.service
+
+Version 1.0.30                                           October 30 2016
+------------------------------------------------------------------------
+
+Guus Sliepen (11):
+      Allow non-empty lines after status code from a HTTP proxy.
+      Fix proxy reply parsing broken by the previous commit.
+      Log only the first line of a proxy request rejection message.
+      Delay sending the real ID request until after a proxy request is granted.
+      Use AES256 and SHA256 by default, also for the meta-connections.
+      Enforce maximum amount of bytes sent/received on meta-connections.
+      Fix bit shifting arithmetic so the code actually does what the last commit message says.
+      Really fix byte budget calculation.
+      Use AES in CTR mode instead of OFB mode for meta-connections.
+      Use CFB mode for meta-connections to improve security.
+      Releasing 1.0.30.
+
 Version 1.0.29                                           October 09 2016
 ------------------------------------------------------------------------

--- a/14
+++ b/14
@ -1,3 +1,17 @@
+Version 1.0.31               January 15 2017
+
+ * Remove ExecStop in tinc@.service.
+
+Thanks to Élie Bouttier for his contribution to this version of tinc.
+
+Version 1.0.30               October 30 2016
+
+ * Fix troubles connecting to some HTTP proxies.
+
+ * Add mitigations for the Sweet32 attack when using a 64-bit block cipher.
+
+ * Use AES256 and SHA256 as the default encryption and digest algorithms.
+
 Version 1.0.29               October 9 2016

 * Fix UDP communication with peers with link-local IPv6 addresses.
--- a/25
+++ b/25
@ -1,7 +1,7 @@
-This is the README file for tinc version 1.0.29. Installation
+This is the README file for tinc version 1.0.31. Installation
 instructions may be found in the INSTALL file.

-tinc is Copyright (C) 1998-2016 by:
+tinc is Copyright (C) 1998-2017 by:

 Ivo Timmermans,
 Guus Sliepen <guus@tinc-vpn.org>,
@ -39,6 +39,8 @@ practice and that the default length of the HMAC for packets is too short in
 his opinion. We do not know of a way to exploit these weaknesses, but these
 issues are being addressed in the tinc 1.1 branch.

+The Sweet32 attack affects versions of tinc prior to 1.0.30.
+
 Cryptography is a hard thing to get right. We cannot make any
 guarantees. Time, review and feedback are the only things that can
 prove the security of any cryptographic product. If you wish to review
@ -52,22 +54,25 @@ Some configuration variables have different names now. Most notably "TapDevice"
 should be changed into "Device", and "Device" should be changed into
 "BindToDevice".

+
 Compatibility
 -------------

-Version 1.0.29 is compatible with 1.0pre8, 1.0 and later, but not with older
-versions of tinc.
+Version 1.0.31 is compatible with 1.0pre8, 1.0 and later, but not with older
+versions of tinc. Note that since version 1.0.30, tinc requires all nodes in
+the VPN to be compiled with a version of LibreSSL or OpenSSL that supports the
+AES256 and SHA256 algorithms.


 Requirements
 ------------

-Since 1.0pre3, we use OpenSSL for all cryptographic functions.  So you
-need to install this library first; grab it from
-http://www.openssl.org/.  You will need version 0.9.7 or later.  If
-this library is not installed on you system, configure will fail.  The
-manual in doc/tinc.texi contains more detailed information on how to
-install this library.
+Since 1.0pre3, we use OpenSSL for all cryptographic functions.  So you need to
+install this library first; grab it from http://www.openssl.org/. You will
+need version 1.0.1 or later with support for AES256 and SHA256 enabled. If
+this library is not installed on you system, configure will fail. The manual
+in doc/tinc.texi contains more detailed information on how to install this
+library. Alternatively, you may also use LibreSSL.

 Since 1.0pre6, the zlib library is used for optional compression. You can
 find it at http://www.gzip.org/zlib/. Because of a possible exploit in
--- a/1
+++ b/1
@ -15,6 +15,7 @@ We would like to thank the following people for their contributions to tinc:
 * David Pflug
 * Delf Eldkraft
 * dnk
+* Élie Bouttier
 * Enrique Zanardi
 * Florent Clairambault
 * Florian Weik
--- a/config.guess
+++ b/config.guess
@ -2,7 +2,7 @@
 # Attempt to guess a canonical system name.
 #   Copyright 1992-2016 Free Software Foundation, Inc.

-timestamp='2016-04-02'
+timestamp='2016-10-02'

 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -186,9 +186,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
 	esac
 	# The Operating System including object format, if it has switched
-	# to ELF recently, or will in the future.
+	# to ELF recently (or will in the future) and ABI.
 	case "${UNAME_MACHINE_ARCH}" in
-	    arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
+	    earm*)
+		os=netbsdelf
+		;;
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
 		eval $set_cc_for_build
 		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
 			| grep -q __ELF__
@ -997,6 +1000,9 @@ EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
 	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
 	;;
+    mips64el:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
    openrisc*:Linux:*:*)
 	echo or1k-unknown-linux-${LIBC}
 	exit ;;
@ -1029,6 +1035,9 @@ EOF
    ppcle:Linux:*:*)
 	echo powerpcle-unknown-linux-${LIBC}
 	exit ;;
+    riscv32:Linux:*:* | riscv64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
    s390:Linux:*:* | s390x:Linux:*:*)
 	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
 	exit ;;
@ -1408,18 +1417,17 @@ esac
 cat >&2 <<EOF
 $0: unable to guess system type

-This script, last modified $timestamp, has failed to recognize
-the operating system you are using. It is advised that you
-download the most up to date version of the config scripts from
+This script (version $timestamp), has failed to recognize the
+operating system you are using. If your script is old, overwrite
+config.guess and config.sub with the latest versions from:

  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 and
  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub

-If the version you run ($0) is already up to date, please
-send the following data and any information you think might be
-pertinent to <config-patches@gnu.org> in order to provide the needed
-information to handle your system.
+If $0 has already been updated, send the following data and any
+information you think might be pertinent to config-patches@gnu.org to
+provide the necessary information to handle your system.

 config.guess timestamp = $timestamp

--- a/config.h.in
+++ b/config.h.in
@ -36,6 +36,10 @@
 /* Darwin (MacOS/X) */
 #undef HAVE_DARWIN

+/* Define to 1 if you have the declaration of `EVP_aes_256_cfb', and to 0 if
+   you don't. */
+#undef HAVE_DECL_EVP_AES_256_CFB
+
 /* Define to 1 if you have the declaration of `freeaddrinfo', and to 0 if you
   don't. */
 #undef HAVE_DECL_FREEADDRINFO
@ -52,6 +56,10 @@
   don't. */
 #undef HAVE_DECL_GETNAMEINFO

+/* Define to 1 if you have the declaration of `OpenSSL_add_all_algorithms',
+   and to 0 if you don't. */
+#undef HAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS
+
 /* Define to 1 if you have the declaration of `res_init', and to 0 if you
   don't. */
 #undef HAVE_DECL_RES_INIT
--- a/config.sub
+++ b/config.sub
@ -2,7 +2,7 @@
 # Configuration validation subroutine script.
 #   Copyright 1992-2016 Free Software Foundation, Inc.

-timestamp='2016-03-30'
+timestamp='2016-11-04'

 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -117,7 +117,7 @@ case $maybe_os in
  nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
  linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
  knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
-  kopensolaris*-gnu* | \
+  kopensolaris*-gnu* | cloudabi*-eabi* | \
  storm-chaos* | os2-emx* | rtmk-nova*)
    os=-$maybe_os
    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
@ -301,6 +301,7 @@ case $basic_machine in
 	| open8 | or1k | or1knd | or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle \
+	| pru \
 	| pyramid \
 	| riscv32 | riscv64 \
 	| rl78 | rx \
@ -428,6 +429,7 @@ case $basic_machine in
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+	| pru-* \
 	| pyramid-* \
 	| riscv32-* | riscv64-* \
 	| rl78-* | romp-* | rs6000-* | rx-* \
@ -643,6 +645,14 @@ case $basic_machine in
 		basic_machine=m68k-bull
 		os=-sysv3
 		;;
+	e500v[12])
+		basic_machine=powerpc-unknown
+		os=$os"spe"
+		;;
+	e500v[12]-*)
+		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=$os"spe"
+		;;
 	ebmon29k)
 		basic_machine=a29k-amd
 		os=-ebmon
@ -1022,7 +1032,7 @@ case $basic_machine in
 	ppc-* | ppcbe-*)
 		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	ppcle | powerpclittle | ppc-le | powerpc-little)
+	ppcle | powerpclittle)
 		basic_machine=powerpcle-unknown
 		;;
 	ppcle-* | powerpclittle-*)
@ -1032,7 +1042,7 @@ case $basic_machine in
 		;;
 	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+	ppc64le | powerpc64little)
 		basic_machine=powerpc64le-unknown
 		;;
 	ppc64le-* | powerpc64little-*)
@ -1389,7 +1399,7 @@ case $os in
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
 	      | -chorusos* | -chorusrdb* | -cegcc* \
 	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+	      | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
 	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
 	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
@ -1399,7 +1409,7 @@ case $os in
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
 	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
-	      | -onefs* | -tirtos*)
+	      | -onefs* | -tirtos* | -phoenix* | -fuchsia*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
--- a/46
+++ b/46
@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tinc 1.0.29.
+# Generated by GNU Autoconf 2.69 for tinc 1.0.31.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@ -577,8 +577,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='tinc'
 PACKAGE_TARNAME='tinc'
-PACKAGE_VERSION='1.0.29'
-PACKAGE_STRING='tinc 1.0.29'
+PACKAGE_VERSION='1.0.31'
+PACKAGE_STRING='tinc 1.0.31'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''

@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures tinc 1.0.29 to adapt to many kinds of systems.
+\`configure' configures tinc 1.0.31 to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@ -1402,7 +1402,7 @@ fi

 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of tinc 1.0.29:";;
+     short | recursive ) echo "Configuration of tinc 1.0.31:";;
   esac
  cat <<\_ACEOF

@ -1528,7 +1528,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-tinc configure 1.0.29
+tinc configure 1.0.31
 generated by GNU Autoconf 2.69

 Copyright (C) 2012 Free Software Foundation, Inc.
@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.

-It was created by tinc $as_me 1.0.29, which was
+It was created by tinc $as_me 1.0.31, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@
@ -2857,7 +2857,7 @@ fi

 # Define the identity of the package.
 PACKAGE='tinc'
- VERSION='1.0.29'
+ VERSION='1.0.31'


 cat >>confdefs.h <<_ACEOF
@ -7172,6 +7172,32 @@ done

 "
 if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+
+else
+  as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
+fi
+ac_fn_c_check_decl "$LINENO" "EVP_aes_256_cfb" "ac_cv_have_decl_EVP_aes_256_cfb" "#include <openssl/evp.h>
+
+"
+if test "x$ac_cv_have_decl_EVP_aes_256_cfb" = xyes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_EVP_AES_256_CFB $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :

 else
  as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
@ -7781,7 +7807,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tinc $as_me 1.0.29, which was
+This file was extended by tinc $as_me 1.0.31, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
@ -7847,7 +7873,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-tinc config.status 1.0.29
+tinc config.status 1.0.31
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

--- a/configure.ac
+++ b/configure.ac
@ -1,7 +1,7 @@
 dnl Process this file with autoconf to produce a configure script.

 AC_PREREQ(2.61)
-AC_INIT([tinc], [1.0.29])
+AC_INIT([tinc], [1.0.31])
 AC_CONFIG_SRCDIR([src/tincd.c])
 AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
 AC_CONFIG_HEADERS([config.h])
--- a/distro/tinc@.service
+++ b/distro/tinc@.service
@ -8,7 +8,6 @@ Type=simple
 WorkingDirectory=/etc/tinc/%i
 ExecStart=/usr/sbin/tincd -n %i -D
 ExecReload=/usr/sbin/tincd -n %i -kHUP
-ExecStop=/usr/sbin/tincd -n %i -k
 TimeoutStopSec=5
 Restart=always
 RestartSec=60
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@ -1,4 +1,4 @@
-.Dd 2016-04-10
+.Dd 2016-10-29
 .Dt TINC.CONF 5
 .\" Manual page created by:
 .\" Ivo Timmermans
@ -468,7 +468,7 @@ Multiple
 .Va Address
 variables can be specified, in which case each address will be tried until a working
 connection has been established.
-.It Va Cipher Li = Ar cipher Pq blowfish
+.It Va Cipher Li = Ar cipher Pq aes-256-cbc
 The symmetric cipher algorithm used to encrypt UDP packets.
 Any cipher supported by LibreSSL or OpenSSL is recognised.
 Furthermore, specifying
@ -483,7 +483,7 @@ Fragmentation Needed or Packet too Big messages are dropped by firewalls.
 This option sets the level of compression used for UDP packets.
 Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
 10 (fast lzo) and 11 (best lzo).
-.It Va Digest Li = Ar digest Pq sha1
+.It Va Digest Li = Ar digest Pq sha256
 The digest algorithm used to authenticate UDP packets.
 Any digest supported by LibreSSL or OpenSSL is recognised.
 Furthermore, specifying
--- a/doc/tinc.info
+++ b/doc/tinc.info
@ -1,14 +1,14 @@
-This is tinc.info, produced by makeinfo version 6.1 from tinc.texi.
+This is tinc.info, produced by makeinfo version 6.3 from tinc.texi.

 INFO-DIR-SECTION Networking tools
 START-INFO-DIR-ENTRY
 * tinc: (tinc).              The tinc Manual.
 END-INFO-DIR-ENTRY

-This is the info manual for tinc version 1.0.27, a Virtual Private
+This is the info manual for tinc version 1.0.29, a Virtual Private
 Network daemon.

-   Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen
+   Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen
 <guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.

   Permission is granted to make and distribute verbatim copies of this
@ -1053,7 +1053,7 @@ Address = <IP ADDRESS|HOSTNAME> [<port>] [recommended]
     can be specified, in which case each address will be tried until a
     working connection has been established.

-Cipher = <CIPHER> (blowfish)
+Cipher = <CIPHER> (aes-256-cbc)
     The symmetric cipher algorithm used to encrypt UDP packets.  Any
     cipher supported by LibreSSL or OpenSSL is recognized.
     Furthermore, specifying "none" will turn off packet encryption.  It
@ -1070,7 +1070,7 @@ Compression = <LEVEL> (0)
     Possible values are 0 (off), 1 (fast zlib) and any integer up to 9
     (best zlib), 10 (fast lzo) and 11 (best lzo).

-Digest = <DIGEST> (sha1)
+Digest = <DIGEST> (sha256)
     The digest algorithm used to authenticate UDP packets.  Any digest
     supported by LibreSSL or OpenSSL is recognized.  Furthermore,
     specifying "none" will turn off packet authentication.
@ -2683,33 +2683,33 @@ Node: How connections work23220
 Node: Configuration files24442
 Node: Main configuration variables25936
 Node: Host configuration variables42193
-Node: Scripts47720
-Node: How to configure50986
-Node: Generating keypairs52244
-Node: Network interfaces52743
-Node: Example configuration54591
-Node: Running tinc59916
-Node: Runtime options60506
-Node: Signals63808
-Node: Debug levels64999
-Node: Solving problems65935
-Node: Error messages67487
-Node: Sending bug reports71496
-Node: Technical information72443
-Node: The connection72674
-Node: The UDP tunnel72986
-Node: The meta-connection76047
-Node: The meta-protocol77516
-Node: Security82533
-Node: Authentication protocol83675
-Node: Encryption of network packets88720
-Node: Security issues90096
-Node: Platform specific information91735
-Node: Interface configuration91963
-Node: Routes94434
-Node: About us96448
-Node: Contact information96623
-Node: Authors97026
-Node: Concept Index97431
+Node: Scripts47725
+Node: How to configure50991
+Node: Generating keypairs52249
+Node: Network interfaces52748
+Node: Example configuration54596
+Node: Running tinc59921
+Node: Runtime options60511
+Node: Signals63813
+Node: Debug levels65004
+Node: Solving problems65940
+Node: Error messages67492
+Node: Sending bug reports71501
+Node: Technical information72448
+Node: The connection72679
+Node: The UDP tunnel72991
+Node: The meta-connection76052
+Node: The meta-protocol77521
+Node: Security82538
+Node: Authentication protocol83680
+Node: Encryption of network packets88725
+Node: Security issues90101
+Node: Platform specific information91740
+Node: Interface configuration91968
+Node: Routes94439
+Node: About us96453
+Node: Contact information96628
+Node: Authors97031
+Node: Concept Index97436

 End Tag Table
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@ -1143,7 +1143,7 @@ Multiple Address variables can be specified, in which case each address will be
 tried until a working connection has been established.

@cindex Cipher
-@item Cipher = <@var{cipher}> (blowfish)
+@item Cipher = <@var{cipher}> (aes-256-cbc)
 The symmetric cipher algorithm used to encrypt UDP packets.
 Any cipher supported by LibreSSL or OpenSSL is recognized.
 Furthermore, specifying "none" will turn off packet encryption.
@ -1162,7 +1162,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
 10 (fast lzo) and 11 (best lzo).

@cindex Digest
-@item Digest = <@var{digest}> (sha1)
+@item Digest = <@var{digest}> (sha256)
 The digest algorithm used to authenticate UDP packets.
 Any digest supported by LibreSSL or OpenSSL is recognized.
 Furthermore, specifying "none" will turn off packet authentication.
--- a/m4/openssl.m4
+++ b/m4/openssl.m4
@ -49,7 +49,7 @@ AC_DEFUN([tinc_OPENSSL],
    [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
  )

-  AC_CHECK_DECL([OpenSSL_add_all_algorithms], ,
+  AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], ,
    [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
    [#include <openssl/evp.h>]
  )
--- a/src/connection.c
+++ b/src/connection.c
@ -1,6 +1,6 @@
 /*
    connection.c -- connection list management
-    Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
                  2000-2005 Ivo Timmermans
                  2008      Max Rijevski <maksuf@gmail.com>

@ -91,6 +91,8 @@ void free_connection_partially(connection_t *c) {
 	c->outbufstart = 0;
 	c->last_ping_time = 0;
 	c->last_flushed_time = 0;
+	c->inbudget = 0;
+	c->outbudget = 0;

 	if(c->inctx) {
 		EVP_CIPHER_CTX_cleanup(c->inctx);
--- a/src/connection.h
+++ b/src/connection.h
@ -1,6 +1,6 @@
 /*
    connection.h -- header for connection.c
-    Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
                  2000-2005 Ivo Timmermans

    This program is free software; you can redistribute it and/or modify
@ -41,7 +41,8 @@ typedef struct connection_status_t {
 	unsigned int encryptout:1;			/* 1 if we can encrypt outgoing traffic */
 	unsigned int decryptin:1;			/* 1 if we have to decrypt incoming traffic */
 	unsigned int mst:1;				/* 1 if this connection is part of a minimum spanning tree */
-	unsigned int unused:23;
+	unsigned int proxy_passed:1;			/* 1 if we are connecting via a proxy and we have finished talking with it */
+	unsigned int unused:22;
 } connection_status_t;

 #include "edge.h"
@ -70,6 +71,8 @@ typedef struct connection_t {
 	const EVP_CIPHER *outcipher;	/* Cipher we will use to send data to him */
 	EVP_CIPHER_CTX *inctx;		/* Context of encrypted meta data that will come from him to us */
 	EVP_CIPHER_CTX *outctx;		/* Context of encrypted meta data that will be sent from us to him */
+	uint64_t inbudget;              /* Encrypted bytes send budget */
+	uint64_t outbudget;             /* Encrypted bytes receive budget */
 	char *inkey;				/* His symmetric meta key + iv */
 	char *outkey;				/* Our symmetric meta key + iv */
 	int inkeylength;			/* Length of his key + iv */
--- a/src/meta.c
+++ b/src/meta.c
@ -1,6 +1,6 @@
 /*
    meta.c -- handle the meta communication
-    Copyright (C) 2000-2015 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
                  2000-2005 Ivo Timmermans
                  2006      Scott Lamb <slamb@slamb.org>

@ -62,6 +62,14 @@ bool send_meta(connection_t *c, const char *buffer, int length) {

 	/* Add our data to buffer */
 	if(c->status.encryptout) {
+		/* Check encryption limits */
+		if(length > c->outbudget) {
+			ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname);
+			return false;
+		} else {
+			c->outbudget -= length;
+		}
+
 		result = EVP_EncryptUpdate(c->outctx, (unsigned char *)c->outbuf + c->outbufstart + c->outbuflen,
 				&outlen, (unsigned char *)buffer, length);
 		if(!result || outlen < length) {
@ -175,6 +183,14 @@ bool receive_meta(connection_t *c) {
 		/* Decrypt */

 		if(c->status.decryptin && !decrypted) {
+			/* Check decryption limits */
+			if(lenin > c->inbudget) {
+				ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname);
+				return false;
+			} else {
+				c->inbudget -= lenin;
+			}
+
 			result = EVP_DecryptUpdate(c->inctx, (unsigned char *)inbuf, &lenout, (unsigned char *)c->buffer + oldlen, lenin);
 			if(!result || lenout != lenin) {
 				logger(LOG_ERR, "Error while decrypting metadata from %s (%s): %s",
--- a/src/net_setup.c
+++ b/src/net_setup.c
@ -650,14 +650,25 @@ static bool setup_myself(void) {
 		}
 		free(cipher);
 	} else
-		myself->incipher = EVP_bf_cbc();
+		myself->incipher = EVP_aes_256_cbc();

 	if(myself->incipher)
 		myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher);
 	else
 		myself->inkeylength = 1;

-	myself->connection->outcipher = EVP_bf_ofb();
+	/* We need to use a stream mode for the meta protocol. Use AES for this,
+	   but try to match the key size with the one from the cipher selected
+	   by Cipher.
+	*/
+
+	int keylen = EVP_CIPHER_key_length(myself->incipher);
+	if(keylen <= 16)
+		myself->connection->outcipher = EVP_aes_128_cfb();
+	else if(keylen <= 24)
+		myself->connection->outcipher = EVP_aes_192_cfb();
+	else
+		myself->connection->outcipher = EVP_aes_256_cfb();

 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
@ -681,9 +692,9 @@ static bool setup_myself(void) {

 		free(digest);
 	} else
-		myself->indigest = EVP_sha1();
+		myself->indigest = EVP_sha256();

-	myself->connection->outdigest = EVP_sha1();
+	myself->connection->outdigest = EVP_sha256();

 	if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
 		if(myself->indigest) {
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@ -41,9 +41,8 @@
 #include "xalloc.h"

 bool send_id(connection_t *c) {
-	if(proxytype && c->outgoing)
-		if(!send_proxyrequest(c))
-			return false;
+	if(proxytype && c->outgoing && !c->status.proxy_passed)
+		return send_proxyrequest(c);

 	return send_request(c, "%d %s %d", ID, myself->connection->name,
 						myself->connection->protocol_version);
@ -114,6 +113,21 @@ bool id_h(connection_t *c) {
 	return send_metakey(c);
 }

+static uint64_t byte_budget(const EVP_CIPHER *cipher) {
+	/* Hopefully some failsafe way to calculate the maximum amount of bytes to
+	   send/receive with a given cipher before we might run into birthday paradox
+	   attacks. Because we might use different modes, the block size of the mode
+	   might be 1 byte. In that case, use the IV length. Ensure the whole thing
+	   is limited to what can be represented with a 64 bits integer.
+	 */
+
+	int ivlen = EVP_CIPHER_iv_length(cipher);
+	int blklen = EVP_CIPHER_block_size(cipher);
+	int len = blklen > 1 ? blklen : ivlen > 1 ? ivlen : 8;
+	int bits = len * 4 - 1;
+	return bits < 64 ? UINT64_C(1) << bits : UINT64_MAX;
+}
+
 bool send_metakey(connection_t *c) {
 	bool x;

@ -196,6 +210,7 @@ bool send_metakey(connection_t *c) {
 			return false;
 		}

+		c->outbudget = byte_budget(c->outcipher);
 		c->status.encryptout = true;
 	}

@ -274,6 +289,7 @@ bool metakey_h(connection_t *c) {
 			return false;
 		}

+		c->inbudget = byte_budget(c->incipher);
 		c->status.decryptin = true;
 	} else {
 		c->incipher = NULL;
--- a/src/proxy.c
+++ b/src/proxy.c
@ -1,6 +1,6 @@
 /*
    proxy.c -- Proxy handling functions.
-    Copyright (C) 2015 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2015-2016 Guus Sliepen <guus@tinc-vpn.org>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -194,6 +194,8 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) {

 			ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
 			c->allow_request = ID;
+			c->status.proxy_passed = true;
+			send_id(c);
 			return 8;
 		} else {
 			logger(LOG_ERR, "Proxy request rejected");
@ -249,6 +251,8 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) {
 		} else {
 			ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
 			c->allow_request = ID;
+			c->status.proxy_passed = true;
+			send_id(c);
 			return replen;
 		}

@ -256,7 +260,12 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) {
 		char *p = memchr(c->buffer, '\n', c->buflen);
 		if(!p || p - c->buffer >= c->buflen)
 			return 0;
-		p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer));
+
+		while((p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer)))) {
+			if(p > c->buffer + 3 && !memcmp(p - 3, "\r\n\r\n", 4))
+				break;
+		}
+
 		if(!p)
 			return 0;

@ -270,8 +279,12 @@ int receive_proxy_meta(connection_t *c, int start, int lenin) {
 				logger(LOG_DEBUG, "Proxy request granted");
 				replen = p  + 1 - c->buffer;
 				c->allow_request = ID;
+				c->status.proxy_passed = true;
+				send_id(c);
 				return replen;
 			} else {
+				p = memchr(c->buffer, '\n', c->buflen);
+				p[-1] = 0;
 				logger(LOG_ERR, "Proxy request rejected: %s", c->buffer + 9);
 				return false;
 			}
--- a/src/tincd.c
+++ b/src/tincd.c
@ -1,7 +1,7 @@
 /*
    tincd.c -- the main file for tincd
    Copyright (C) 1998-2005 Ivo Timmermans
-                  2000-2016 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
                  2008      Max Rijevski <maksuf@gmail.com>
                  2009      Michael Tokarev <mjt@tls.msk.ru>
                  2010      Julien Muchembled <jm@jmuchemb.eu>
@ -583,7 +583,7 @@ int main(int argc, char **argv) {

 	if(show_version) {
 		printf("%s version %s\n", PACKAGE, VERSION);
-		printf("Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.\n"
+		printf("Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.\n"
 				"See the AUTHORS file for a complete list.\n\n"
 				"tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
 				"and you are welcome to redistribute it under certain conditions;\n"