[Just to you, not the list.] I figured that someone had to have noticed this problem before. But when I googled "OpenVPN BF-OFB" or "OpenVPN BF-CFB", I couldn't find anything.
This bug is particularly strange because just before the bug, there is code that's supposed to deal with -CFB and -OFB mode. But then it doesn't do anything. It almost feels like this code was never tested. I didn't have any trouble with my brief tests using BF-CFB over UDP, once I deleted the offending line. But I wasn't trying anything difficult. Mainly just making sure the connection was there and that it didn't die. On Wed, May 27, 2009 at 10:54 PM, Victor Wagner <vi...@wagner.pp.ru> wrote: > On 2009.05.27 at 10:48:30 -0700, Frank Yellin wrote: > > > I posted the following onto the OpenVPN forum, but it was suggested > > that I would be better off mailing directly to this list. > > ========================= > > I seem to have found a bug in 2.1_rc16 that is also apparent in > earlier > > versions. Although OpenVPN claims to support -CFB and -OFB cipher > > modes, using them seems to cause OpenVPN to crash consistently. > > > > For example, when I run the simple TLS example on the 2.1 > documentation > > page, it works fine. But if I add "--cipher bf-cfb" to both the > client > > and server command lines, one or the other will crash. The error > > message is always "Assertion failed at crypto.c:162". The crasher is > > always the first one to try and send an encrypted message. > > I've reported this problem more than a year ago, but nothing changed. > I really don't understand why openvpn prefers CBC modes. There is > nothing wrong with CFB and OFB neither from securith nor from > performance point of view. > > But it is not only problem with non-CBC ciphers. If you try to use > preshared keys, you'll find out that they are explicitely disabled > unless --test-crypto option is given, even if your compile with > -DALLOW_NON_CBC_CIPHERS. > > Also, I've encountered some problems with UDP transport and stream > ciphers which I haven't find time to debug yet. > > > > > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. > Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp as they present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >