Menu
▾
▴
[Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN
|
From: Frank Y. <fy...@fy...> - 2009-05-27 17:51:07
|
I posted the following onto the OpenVPN forum, but it was suggested that I would be better off mailing directly to this list. ========================= I seem to have found a bug in 2.1_rc16 that is also apparent in earlier versions. Although OpenVPN claims to support -CFB and -OFB cipher modes, using them seems to cause OpenVPN to crash consistently. For example, when I run the simple TLS example on the 2.1 documentation page, it works fine. But if I add "--cipher bf-cfb" to both the client and server command lines, one or the other will crash. The error message is always "Assertion failed at crypto.c:162". The crasher is always the first one to try and send an encrypted message. Looking at that line of code, we have .... outlen gets number of bytes written from previous EVP_CipherFinal .... ASSERT(outlen == iv_size) While for a block cipher such as the default BF-CBC, it makes sense that EVP_CipherFinal always writes out a final block, this is not the case for a stream ciphers. For stream ciphers, EVP_CipherFinal may write out no bytes whatsover! I don't quite understand the rest of the code, so I'm not quite sure whether this is necessary for the rest of the code to run successfuly, or if this is just an incorrect sanity check. . When I comment out this line, the program runs just fine, and I can successfully use BF-CFB and BF-OFB. Thanks. -- Frank Yellin |