Opened 13 years ago

Closed 11 years ago

#168 closed Bug / Defect (duplicate)

Cipher block modes other than CBC fail with error "Assertion failed at crypto.c:161"

Reported by: ard Owned by:
Priority: major Milestone:
Component: Crypto Version: OpenVPN 2.2.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: CFB OFB cipher block assertion


Using a cipher algorithm with any cipher block modes other than CBC results in error "Assertion failed at crypto.c:161" shortly after connection is established. The connection is aborted. This happens both with TLS and with shared secret modes. Thus, only CBC mode is functional for OpenVPN currently.

This has been tested on a CentOS 5.7 box running rpmforge's openvpn-2.2.0-3.el5.rf package both as a server and client. This problem has also been seen using that server with a Windows XP client running the official openvpn-2.2.1-install.exe binary. The error message appears both on the server and the client. (In my tests, usually the client is the first to abort with it, and then the server will do the same).

This is very easy to test with the provided sample keys and configurations. Shared secret operations can be tested with:

openvpn --test-crypto --secret sample-keys/ta.key --cipher $CIPHER

TLS operation can be tested with:

openvpn --config sample-config-files/loopback-client --cipher $CIPHER &
openvpn --config sample-config-files/loopback-server --cipher $CIPHER

Of course, here the CIPHER environment variable should contain the cipher name to be tested, and this should be repeated over all of the ciphers reported by openvpn --show-ciphers .

Attachments (1) (1.6 KB) - added by ard 13 years ago.
Script that automatically tests this bug for all cipher block modes.

Download all attachments as: .zip

Change History (3)

Changed 13 years ago by ard

Attachment: added

Script that automatically tests this bug for all cipher block modes.

comment:1 Changed 13 years ago by marssi

comment:2 Changed 11 years ago by Samuli Seppänen

Resolution: duplicate
Status: newclosed

Closing as a duplicate of ticket #89.

Note: See TracTickets for help on using tickets.