On 2009.05.27 at 23:17:39 -0700, Frank Yellin wrote: > [Just to you, not the list.] > I figured that someone had to have noticed this problem before. But > when I googled "OpenVPN BF-OFB" or "OpenVPN BF-CFB", I couldn't find > anything.
Of course you haven't find anything about Blowfish cipher. If you ask about GOST 28147-89, you might be more lucky. Really, mentioned GOST (Russian State Standard) doesn't specify CBC mode at all. It specifies CNT (gammirovanie) and CFB (gammirovanie s obrantoy sv'az'u). RFC 4357 does add CBC mode for GOST, but RFC is just "request for comments", and if I want to deploy OpenVPN in some Russian goverment organization, they would ask for national standard ciphers, not for RFC compliant. So, gost-cbc wasn't added to OpenSSL 1.0 while CFB (named gost89) and gost-cnt were. So, when adding GOST support into OpenVPN (really, that means support for GOST ciphers and TLS ciphersuides, if underlying OpenSSL supports them) I have to use CFB. > This bug is particularly strange because just before the bug, there is > code that's supposed to deal with -CFB and -OFB mode. But then it > doesn't do anything. It almost feels like this code was never tested. It seems so. We haven't yet investigated all problems we encountered with openvpn + gost CFB. Some of our problems was rather related with oldish TUN driver for Solaris (which are hopefully solved). And we have a lot of other OpenSSL-based applications besides OpenVPN to test. > I didn't have any trouble with my brief tests using BF-CFB over UDP, I'll note it. May be we should add this cipher into our test suite to isolate CFB-related problem from problems with dynamically loadable engines (GOST is implemented as engine) and problems with non-HMAC macs (which required a lot more patching than CFB, because at the time OpenVPN was designed, OpenSSL has no support form non-hmac MACs) > once I deleted the offending line. But I wasn't trying anything > difficult. Mainly just making sure the connection was there and that > it didn't die. We typically do following: 1. Start the connection 2. Download some file from peer via HTTP (using wget) 3. Download another, bigger file, to be sure that key renegotiation occur.
