openvpn-2.4_rc1 assertion failure in AEAD code on renegotiation (AES-256-OFB)

[marcan]

OpenVPN crashes with an assertion failure during renegotiation, in AES-256-OFB cipher mode (1h after startup by default):

Dec  6 20:52:02 hub openvpn[5785]: Assertion failed at crypto.c:608 (opt->flags & CO_USE_IV)
Dec  6 20:52:02 hub openvpn[5785]: Exiting due to fatal error

reneg-sec 10 can be used to force the assert to happen earlier.

Version: 2.4_rc1 (not available in the bugtracker picker yet)
Distro: Gentoo Linux (installed via portage)

Client config:

client
proto udp6
remote <remote addr/port>
resolv-retry infinite
nobind
ca <ca file>
cert <cert file>
key <key file>
dev tun0
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
replay-window 256 15
remote-cert-tls server
cipher AES-256-OFB

[Gert Döring]

thanks for the report. setting "git master" as version as that's (today) the same as 2.4_rc1, and this is likely not specific to rc1 but older.

@syzzer: yours :-)

@marcan: do you have a particular reason not to use AES-256-GCM (2.4 to 2.4) or AES-256-CBC?

[marcan]

The other end is still 2.3; not entirely sure why I wound up with OFB and not CBC though. I could've sworn I read it was recommended somewhere but I can't locate that now. CBC mode indeed works fine.

[Steffan Karger]

Definitely a bug. So, thanks for using unusual ciphers and running our RCs! I'll send a fix soon.

[Steffan Karger]

I didn't manage to reproduce triggering the ASSERT, but I did find bugs there, and managed to trigger other bugs. I think the supplied patch will also fix your problems, could you apply this and test if it fixes the issue for you?

[marcan]

Looks like it does, I can't repro with the patch. Thanks for taking a look so quickly! I'll leave it running in OFB mode and let you know if something breaks.

[Steffan Karger]

Great! Thanks for reporting back.

Fix has been applied in commit 84f88ca4d57cd0dc40fd945e09ab1cea1b2cd0b7.