Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
On 22/02/17 10:54, Antonio Quartulli wrote: > On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote: >> On 22-02-17 08:39, Gert Doering wrote: >>> On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 >> From: "Simon (simix)" > > Do we have a policy how to handle patches with missing author info? I see no reason at all why we should not give proper credit with full name. >>> >>> That was only half the question - of course I *want* to give full credits, >>> but is "not having this information available & no SoB line" a reason >>> for rejecting a patch? >>> >>> The patch in question is quite obvious, so this is not something to bring >>> in the lawyers - more a matter of general policy. >> >> Same here. >> >> For this specific patch: I asked the reporter on trac for full name and >> email last night. We can wait for a bit to see if he replies. >> >> In general: what do we do when we don't get a full name and email, but >> do want to apply the patch? Wait forever? Claim authorship (but refer >> to the trac ticket in the commit msg)? Apply anyway? ...? > > IMHO somebody has to take ownership of every piece of code release under a > given > license (just to avoid any future problem). So the patch should not be applied > as is. > > Then ... > in theory, you can't take ownership of somebody else' work, but nothing > prevents > you from re-writing a "very similar" patch and sign it yourself. In particular > if the author did not show any interest in pursuing this any further. > +1 -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote: > On 22-02-17 08:39, Gert Doering wrote: > > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 > From: "Simon (simix)" > >>> > >>> Do we have a policy how to handle patches with missing author info? > >> > >> I see no reason at all why we should not give proper credit with full > >> name. > > > > That was only half the question - of course I *want* to give full credits, > > but is "not having this information available & no SoB line" a reason > > for rejecting a patch? > > > > The patch in question is quite obvious, so this is not something to bring > > in the lawyers - more a matter of general policy. > > Same here. > > For this specific patch: I asked the reporter on trac for full name and > email last night. We can wait for a bit to see if he replies. > > In general: what do we do when we don't get a full name and email, but > do want to apply the patch? Wait forever? Claim authorship (but refer > to the trac ticket in the commit msg)? Apply anyway? ...? IMHO somebody has to take ownership of every piece of code release under a given license (just to avoid any future problem). So the patch should not be applied as is. Then ... in theory, you can't take ownership of somebody else' work, but nothing prevents you from re-writing a "very similar" patch and sign it yourself. In particular if the author did not show any interest in pursuing this any further. my 2 cents. Cheers, -- Antonio Quartulli signature.asc Description: Digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
On Wed, Feb 22, 2017 at 02:07:06PM +0500, Илья Шипицин wrote: > 2017-02-22 13:30 GMT+05:00 Steffan Karger : > > > On 22-02-17 08:39, Gert Doering wrote: > > > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > > >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 > > 2001 > > From: "Simon (simix)" > > >>> > > >>> Do we have a policy how to handle patches with missing author info? > > >> > > >> I see no reason at all why we should not give proper credit with full > > >> name. > > > > > > That was only half the question - of course I *want* to give full > > credits, > > > but is "not having this information available & no SoB line" a reason > > > for rejecting a patch? > > > > > > The patch in question is quite obvious, so this is not something to bring > > > in the lawyers - more a matter of general policy. > > > > Same here. > > > > For this specific patch: I asked the reporter on trac for full name and > > email last night. We can wait for a bit to see if he replies. > > > > In general: what do we do when we don't get a full name and email, but > > do want to apply the patch? Wait forever? Claim authorship (but refer > > to the trac ticket in the commit msg)? Apply anyway? ...? > > > > if there are trac templates (I'm not very familiar with trac internals), we > can turn on the requirement of > > 1) full name > 2) legacy agreements > > on the trac side personally I think that trac is not the place to submit patches, and this problem could re-appear anywhere: i.e. a patch for openvpn submitted somewhere else reporting no name/email. -- Antonio Quartulli signature.asc Description: Digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
2017-02-22 13:30 GMT+05:00 Steffan Karger : > On 22-02-17 08:39, Gert Doering wrote: > > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 > 2001 > From: "Simon (simix)" > >>> > >>> Do we have a policy how to handle patches with missing author info? > >> > >> I see no reason at all why we should not give proper credit with full > >> name. > > > > That was only half the question - of course I *want* to give full > credits, > > but is "not having this information available & no SoB line" a reason > > for rejecting a patch? > > > > The patch in question is quite obvious, so this is not something to bring > > in the lawyers - more a matter of general policy. > > Same here. > > For this specific patch: I asked the reporter on trac for full name and > email last night. We can wait for a bit to see if he replies. > > In general: what do we do when we don't get a full name and email, but > do want to apply the patch? Wait forever? Claim authorship (but refer > to the trac ticket in the commit msg)? Apply anyway? ...? > if there are trac templates (I'm not very familiar with trac internals), we can turn on the requirement of 1) full name 2) legacy agreements on the trac side > > (While typing this, I realize this sounds like a topic for the meeting > tonight. I'll put it on the agenda.) > -Steffan > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
On 22-02-17 08:39, Gert Doering wrote: > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 From: "Simon (simix)" >>> >>> Do we have a policy how to handle patches with missing author info? >> >> I see no reason at all why we should not give proper credit with full >> name. > > That was only half the question - of course I *want* to give full credits, > but is "not having this information available & no SoB line" a reason > for rejecting a patch? > > The patch in question is quite obvious, so this is not something to bring > in the lawyers - more a matter of general policy. Same here. For this specific patch: I asked the reporter on trac for full name and email last night. We can wait for a bit to see if he replies. In general: what do we do when we don't get a full name and email, but do want to apply the patch? Wait forever? Claim authorship (but refer to the trac ticket in the commit msg)? Apply anyway? ...? (While typing this, I realize this sounds like a topic for the meeting tonight. I'll put it on the agenda.) -Steffan signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
Hi, On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 > >> From: "Simon (simix)" > > > > Do we have a policy how to handle patches with missing author info? > > I see no reason at all why we should not give proper credit with full > name. That was only half the question - of course I *want* to give full credits, but is "not having this information available & no SoB line" a reason for rejecting a patch? The patch in question is quite obvious, so this is not something to bring in the lawyers - more a matter of general policy. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
On 21/02/17 22:12, Gert Doering wrote: > Hi, > > On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote: >> ACK to the attached patch. > >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 >> From: "Simon (simix)" > > All previous commits (I'm aware of) carry a valid e-mail address, and > most of them have a full name for the author. > > Do we have a policy how to handle patches with missing author info? I see no reason at all why we should not give proper credit with full name. And we want to be able to reach out to people if there are issues we can't figure out. And since I'm one who likes consistency, I think the policy should be the same for both large as well as small patches. If someone have issues with that they can get in touch with Samuli or me directly, as we are employed by OpenVPN Technologies. Then we will sort out the details and figure out who will get the credit in the end. And we should see the Signed-off-by (SoB) line as well. This carries more importance if there are legal issues later on (intellectual property issues, copyright infringements, etc). The SoB line basically indicates that "Yes, I am allowed to share this contribution for inclusion". The OpenVPN project is far to big to be ignorant to these possible challenges. And we never knows whom will be a victim for the next patent troll. With that said, I am far more relaxed to the SoB when it comes to documentation and text snippets (unless it is a massive contribution). -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
Hi, On 21-02-17 22:12, Gert Doering wrote: > On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote: >> ACK to the attached patch. > >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 >> From: "Simon (simix)" > > All previous commits (I'm aware of) carry a valid e-mail address, and > most of them have a full name for the author. > > Do we have a policy how to handle patches with missing author info? I don't know, but thought this was more reasonable than claiming authorship. We could try to reach out on trac first, and see if Simon is willing to provide a full name and email address. -Steffan -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
Hi, On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote: > ACK to the attached patch. > >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 > From: "Simon (simix)" All previous commits (I'm aware of) carry a valid e-mail address, and most of them have a full name for the author. Do we have a policy how to handle patches with missing author info? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256
Hi, The attached patch from trac #825 fixes a silly bug in my --tls-crypt code. I already confirmed this in trac, but now also on the list: ACK to the attached patch. -Steffan >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 From: "Simon (simix)" Date: Tue, 21 Feb 2017 20:34:15 +0100 Subject: [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256 Openvpn segfaults on RHEL5/CentOS5 when using --tls-crypt, because it doesn't have AES-256-CTR support: openvpn[15330]: OpenVPN 2.4.0 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] built on Jan 17 2017 openvpn[15330]: library versions: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008, LZO 2.09, LZ4 1.7.5 openvpn[15331]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts kernel: openvpn[15331]: segfault at 0008 rip 0040ebe0 rsp 7fffdcfc5738 error 4 This patch fixes it so it shows: openvpn[424]: ERROR: --tls-crypt requires AES-256-CTR support. openvpn[424]: Exiting due to fatal error Trac: #825 --- src/openvpn/tls_crypt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index a227379..bda14fd 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -51,9 +51,7 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, struct key_type kt; kt.cipher = cipher_kt_get("AES-256-CTR"); -kt.cipher_length = cipher_kt_key_size(kt.cipher); kt.digest = md_kt_get("SHA256"); -kt.hmac_length = md_kt_size(kt.digest); if (!kt.cipher) { @@ -64,6 +62,9 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, msg(M_FATAL, "ERROR: --tls-crypt requires HMAC-SHA-256 support."); } +kt.cipher_length = cipher_kt_key_size(kt.cipher); +kt.hmac_length = md_kt_size(kt.digest); + crypto_read_openvpn_key(&kt, key, key_file, key_inline, key_direction, "Control Channel Encryption", "tls-crypt"); } -- 2.7.4 -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel