Opened 9 years ago

Closed 6 years ago

#89 closed Bug / Defect (fixed)

CFB and OFB broken: Assertion failed at crypto.c:162

Reported by: JJK Owned by: Steffan Karger
Priority: major Milestone: release 2.3.5
Component: Crypto Version: OpenVPN 2.1.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: crypto, cipher, cfb, ofb
Cc:

Description

when using a CFB cipher, OpenVPN 2.0.x and 2.1.x fail with the error:

Assertion failed at crypto.c:162

An easy test for this is

openvpn --secret secret.key --test-crypto --cipher AES-256-CFB8

where 'secret.key' is an OpenVPN secret/tls-auth key file.

Change History (13)

comment:1 Changed 9 years ago by JJK

a user on forums.openvpn.net reported similar issues:
(https://forums.openvpn.net/topic8007.html)

My command for testing all the ciphers was
Code:

for a in $(openvpn --show-ciphers|sed '1,7d;$d;s/\(\([ ]*\) \)\{1\}.*/\2/;'|tr '\n' ' '); do openvpn --secret ta.key --cipher ${a} --test-crypto &>/dev/null
echo ${a}; done

There probably would be some simpler method if anyone would want to share.

The list of failing ciphers is the following, they mostly seem to be using CFB or OFB mode. They all work for me with openssl, which I tested with the command
Code:

for a in $(openvpn --show-ciphers|sed '1,7d;$d;s/\(\([ ]*\) \)\{1\}.*/\2/;'|tr '\n' ' '); do openssl speed -evp $a &> /dev/null
echo $a; done

DES-CFB
RC2-CFB
RC2-OFB
DES-OFB
DES-EDE-CFB
DES-EDE3-CFB
DES-EDE-OFB
DES-EDE3-OFB
BF-CFB
BF-OFB
CAST5-CFB
CAST5-OFB
AES-128-OFB
AES-128-CFB
AES-192-OFB
AES-192-CFB
AES-256-OFB
AES-256-CFB
AES-128-CFB1
AES-192-CFB1
AES-256-CFB1
AES-128-CFB8
AES-192-CFB8
AES-256-CFB8
DES-CFB1
DES-CFB8
DES-EDE3-CFB1
DES-EDE3-CFB8
CAMELLIA-128-CFB
CAMELLIA-192-CFB
CAMELLIA-256-CFB
CAMELLIA-128-CFB1
CAMELLIA-192-CFB1
CAMELLIA-256-CFB1
CAMELLIA-128-CFB8
CAMELLIA-192-CFB8
CAMELLIA-256-CFB8
CAMELLIA-128-OFB
CAMELLIA-192-OFB
CAMELLIA-256-OFB
SEED-OFB
SEED-CFB

The following ciphers work, they all seem to using the CBC mode.

AES-128-CBC
AES-192-CBC
AES-256-CBC
BF-CBC
CAMELLIA-128-CBC
CAMELLIA-192-CBC
CAMELLIA-256-CBC
CAST5-CBC
DES-CBC
DES-EDE-CBC
DES-EDE3-CBC
DESX-CBC
RC2-40-CBC
RC2-64-CBC
RC2-CBC
SEED-CBC

comment:2 Changed 9 years ago by marssi

I tested with newer 2.2 series of OpenVPN and the issue remains. I downloaded them from openvpns site http://build.openvpn.net/downloads/releases/debian/5/
The following packages were tested, the result were similar to the reported.

openvpn_2.2-RC2-debian0_amd64.deb
openvpn_2.2-RC-debian0_amd64.deb
openvpn_2.2-beta5-debian0_amd64.deb
openvpn_2.2.0-debian0_amd64.deb

I also tested to compile the 1.6 version of the OpenVPN. But that version only supported the CBC modes of the ciphers and they worked with the (--test-crypto) test. I dunno if I should have included them with some configure parameter.

comment:3 Changed 9 years ago by hoshino

just ran into the same issue today

it seems that assertion doesnt seem to hold for cfb and ofb modes
currently running a self compiled version without

opening tunnel and using an ssh session all works fine so far
will post more later

comment:4 Changed 9 years ago by hoshino

tunnel is working reliably

transferred 4+ gb using scp

on openvpn 2.1.1, openssl 1.0.0
with AES-256-OFB cipher

--test-crypto succeeds for the follwing ciphers:

DES-CFB
DES-CBC
IDEA-CBC
IDEA-CFB
RC2-CBC
RC2-CFB
RC2-OFB
DES-EDE-CBC
DES-EDE3-CBC
DES-OFB
IDEA-OFB
DES-EDE-CFB
DES-EDE3-CFB
DES-EDE-OFB
DES-EDE3-OFB
DESX-CBC
BF-CBC
BF-CFB
BF-OFB
RC2-40-CBC
CAST5-CBC
CAST5-CFB
CAST5-OFB
RC2-64-CBC
AES-128-CBC
AES-128-OFB
AES-128-CFB
AES-192-CBC
AES-192-OFB
AES-192-CFB
AES-256-CBC
AES-256-OFB
AES-256-CFB
AES-128-CFB1
AES-192-CFB1
AES-256-CFB1
AES-128-CFB8
AES-192-CFB8
AES-256-CFB8
DES-CFB1
DES-CFB8
DES-EDE3-CFB8
CAMELLIA-128-CBC
CAMELLIA-192-CBC
CAMELLIA-256-CBC
CAMELLIA-128-CFB
CAMELLIA-192-CFB
CAMELLIA-256-CFB
CAMELLIA-128-CFB1
CAMELLIA-192-CFB1
CAMELLIA-256-CFB1
CAMELLIA-128-CFB8
CAMELLIA-192-CFB8
CAMELLIA-256-CFB8
CAMELLIA-128-OFB
CAMELLIA-192-OFB
CAMELLIA-256-OFB
SEED-CBC
SEED-OFB
SEED-CFB

one remains that fails, being DES-EDE3-CFB1
but that could be an ssl issue

comment:5 Changed 7 years ago by Samuli Seppänen

So is it enough to test that openvpn --test-crypto succeeds for all ciphers? Or are more elaborate tests required to ensure this problem is gone?

Anyways, I hacked together a nasty script to test all the available ciphers:

#!/bin/sh

openvpn --genkey --secret test.key 

openvpn --show-ciphers|cut -d " " -f 1|grep "-"|while read CIPHER; 
do
    openvpn --secret test.key --cipher $CIPHER --test-crypto > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        echo "$CIPHER seemed to work ok"
    fi
done

On Ubuntu 12.10 amd64 and OpenVPN 2.3.1 from OpenVPN apt repos all available ciphers worked:

DES-CBC seemed to work ok
RC2-CBC seemed to work ok
DES-EDE-CBC seemed to work ok
DES-EDE3-CBC seemed to work ok
DESX-CBC seemed to work ok
BF-CBC seemed to work ok
RC2-40-CBC seemed to work ok
CAST5-CBC seemed to work ok
RC2-64-CBC seemed to work ok
AES-128-CBC seemed to work ok
AES-192-CBC seemed to work ok
AES-256-CBC seemed to work ok

This particular version of OpenVPN is linked with OpenSSL 0.9.8x, so some of above ciphers are unavailable.

comment:6 Changed 7 years ago by Samuli Seppänen

This was also reported in ticket #168.

comment:7 Changed 7 years ago by Samuli Seppänen

Is reproducible on latest Git "master" or latest release (currently 2.3.2)?

comment:8 Changed 7 years ago by Gert Döring

Well, there seem to be multiple aspects to it

  • openvpn --show-ciphers will only list a smaller subset than what OpenSSL can do - and those all work
  • I'm not sure why the other ciphers will work for hoshino - but I can reproduce that, for example, AES-256-CFB will not work for me either. But that might be due to "my local build of OpenSSL not having it"
  • some ciphers lead to that interesting message...

Wed Jan 8 20:16:05 2014 Cipher 'aes-256-ecb' uses a mode not supported by OpenVPN in your current configuration. CBC mode is always supported, while CFB and OFB modes are supported only when using SSL/TLS authentication and key exchange mode, and when OpenVPN has been built with ALLOW_NON_CBC_CIPHERS.

... so I tend to "some of the crypto guys, please explain to me whether this is an issue or not" - as long as --show-ciphers only lists ciphers that actually work, I'm inclined to see this as "not an urgent bug, but maybe a feature wish"

Last edited 7 years ago by Gert Döring (previous) (diff)

comment:9 Changed 7 years ago by JJK

whatever we choose as the solution , openvpn should not fail with an 'Assertion failed' message. What I don't understand is why some of the other ciphers do not work - esp CBC ciphers are not considered as 'best practice' anymore (you can find some info on padding attacks when using CBC ciphers).

My proposal would be to

  • only list those ciphers that work (or at the very least, don't cause assertion failures)
  • investigate how we can support as many ciphers (CBC, OFB etc) as possible.

comment:10 Changed 6 years ago by Steffan Karger

Keywords: ofb added
Summary: Assertion failed at crypto.c:162CFB and OFB broken: Assertion failed at crypto.c:162

comment:11 Changed 6 years ago by Steffan Karger

Component: Generic / unclassifiedCrypto
Owner: set to Steffan Karger

comment:12 Changed 6 years ago by Steffan Karger

Milestone: release 2.4
Status: newaccepted

This specific problem has been fixed in the master branch (see https://github.com/OpenVPN/openvpn/commit/be46a2c083a6bd77754bc1674249eab583d25dac), but some small fixes are remaining. Patches are on the mailinglist, but awaiting approval. I'm leaving this ticket open until those are accepted too.

comment:13 Changed 6 years ago by Steffan Karger

Milestone: release 2.4release 2.3.5
Resolution: fixed
Status: acceptedclosed

Fixes have been applied to release/2.3 and master branches. New OpenVPN releases will contain these.

Note: See TracTickets for help on using tickets.