Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread David Sommerseth
On 22/02/17 10:54, Antonio Quartulli wrote:
> On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote:
>> On 22-02-17 08:39, Gert Doering wrote:
>>> On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote:
>> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
>> From: "Simon (simix)" 
>
> Do we have a policy how to handle patches with missing author info?

 I see no reason at all why we should not give proper credit with full
 name.  
>>>
>>> That was only half the question - of course I *want* to give full credits,
>>> but is "not having this information available & no SoB line" a reason
>>> for rejecting a patch?
>>>
>>> The patch in question is quite obvious, so this is not something to bring
>>> in the lawyers - more a matter of general policy.
>>
>> Same here.
>>
>> For this specific patch:  I asked the reporter on trac for full name and
>> email last night.  We can wait for a bit to see if he replies.
>>
>> In general: what do we do when we don't get a full name and email, but
>> do want to apply the patch?  Wait forever?  Claim authorship (but refer
>> to the trac ticket in the commit msg)?  Apply anyway?  ...?
> 
> IMHO somebody has to take ownership of every piece of code release under a 
> given
> license (just to avoid any future problem). So the patch should not be applied
> as is.
> 
> Then ...
> in theory, you can't take ownership of somebody else' work, but nothing 
> prevents
> you from re-writing a "very similar" patch and sign it yourself. In particular
> if the author did not show any interest in pursuing this any further.
> 

+1


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Antonio Quartulli
On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote:
> On 22-02-17 08:39, Gert Doering wrote:
> > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote:
>  >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
>  From: "Simon (simix)" 
> >>>
> >>> Do we have a policy how to handle patches with missing author info?
> >>
> >> I see no reason at all why we should not give proper credit with full
> >> name.  
> > 
> > That was only half the question - of course I *want* to give full credits,
> > but is "not having this information available & no SoB line" a reason
> > for rejecting a patch?
> > 
> > The patch in question is quite obvious, so this is not something to bring
> > in the lawyers - more a matter of general policy.
> 
> Same here.
> 
> For this specific patch:  I asked the reporter on trac for full name and
> email last night.  We can wait for a bit to see if he replies.
> 
> In general: what do we do when we don't get a full name and email, but
> do want to apply the patch?  Wait forever?  Claim authorship (but refer
> to the trac ticket in the commit msg)?  Apply anyway?  ...?

IMHO somebody has to take ownership of every piece of code release under a given
license (just to avoid any future problem). So the patch should not be applied
as is.

Then ...
in theory, you can't take ownership of somebody else' work, but nothing prevents
you from re-writing a "very similar" patch and sign it yourself. In particular
if the author did not show any interest in pursuing this any further.


my 2 cents.

Cheers,


-- 
Antonio Quartulli


signature.asc
Description: Digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Antonio Quartulli
On Wed, Feb 22, 2017 at 02:07:06PM +0500, Илья Шипицин wrote:
> 2017-02-22 13:30 GMT+05:00 Steffan Karger :
> 
> > On 22-02-17 08:39, Gert Doering wrote:
> > > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote:
> >  >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00
> > 2001
> >  From: "Simon (simix)" 
> > >>>
> > >>> Do we have a policy how to handle patches with missing author info?
> > >>
> > >> I see no reason at all why we should not give proper credit with full
> > >> name.
> > >
> > > That was only half the question - of course I *want* to give full
> > credits,
> > > but is "not having this information available & no SoB line" a reason
> > > for rejecting a patch?
> > >
> > > The patch in question is quite obvious, so this is not something to bring
> > > in the lawyers - more a matter of general policy.
> >
> > Same here.
> >
> > For this specific patch:  I asked the reporter on trac for full name and
> > email last night.  We can wait for a bit to see if he replies.
> >
> > In general: what do we do when we don't get a full name and email, but
> > do want to apply the patch?  Wait forever?  Claim authorship (but refer
> > to the trac ticket in the commit msg)?  Apply anyway?  ...?
> >
> 
> if there are trac templates (I'm not very familiar with trac internals), we
> can turn on the requirement of
> 
> 1) full name
> 2) legacy agreements
> 
> on the trac side

personally I think that trac is not the place to submit patches, and this
problem could re-appear anywhere: i.e. a patch for openvpn submitted somewhere
else reporting no name/email.



-- 
Antonio Quartulli


signature.asc
Description: Digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Илья Шипицин
2017-02-22 13:30 GMT+05:00 Steffan Karger :

> On 22-02-17 08:39, Gert Doering wrote:
> > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote:
>  >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00
> 2001
>  From: "Simon (simix)" 
> >>>
> >>> Do we have a policy how to handle patches with missing author info?
> >>
> >> I see no reason at all why we should not give proper credit with full
> >> name.
> >
> > That was only half the question - of course I *want* to give full
> credits,
> > but is "not having this information available & no SoB line" a reason
> > for rejecting a patch?
> >
> > The patch in question is quite obvious, so this is not something to bring
> > in the lawyers - more a matter of general policy.
>
> Same here.
>
> For this specific patch:  I asked the reporter on trac for full name and
> email last night.  We can wait for a bit to see if he replies.
>
> In general: what do we do when we don't get a full name and email, but
> do want to apply the patch?  Wait forever?  Claim authorship (but refer
> to the trac ticket in the commit msg)?  Apply anyway?  ...?
>

if there are trac templates (I'm not very familiar with trac internals), we
can turn on the requirement of

1) full name
2) legacy agreements

on the trac side


>
> (While typing this, I realize this sounds like a topic for the meeting
> tonight.  I'll put it on the agenda.)


> -Steffan
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Steffan Karger
On 22-02-17 08:39, Gert Doering wrote:
> On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote:
 >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
 From: "Simon (simix)" 
>>>
>>> Do we have a policy how to handle patches with missing author info?
>>
>> I see no reason at all why we should not give proper credit with full
>> name.  
> 
> That was only half the question - of course I *want* to give full credits,
> but is "not having this information available & no SoB line" a reason
> for rejecting a patch?
> 
> The patch in question is quite obvious, so this is not something to bring
> in the lawyers - more a matter of general policy.

Same here.

For this specific patch:  I asked the reporter on trac for full name and
email last night.  We can wait for a bit to see if he replies.

In general: what do we do when we don't get a full name and email, but
do want to apply the patch?  Wait forever?  Claim authorship (but refer
to the trac ticket in the commit msg)?  Apply anyway?  ...?

(While typing this, I realize this sounds like a topic for the meeting
tonight.  I'll put it on the agenda.)

-Steffan



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Gert Doering
Hi,

On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote:
> >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
> >> From: "Simon (simix)" 
> > 
> > Do we have a policy how to handle patches with missing author info?
> 
> I see no reason at all why we should not give proper credit with full
> name.  

That was only half the question - of course I *want* to give full credits,
but is "not having this information available & no SoB line" a reason
for rejecting a patch?

The patch in question is quite obvious, so this is not something to bring
in the lawyers - more a matter of general policy.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread David Sommerseth
On 21/02/17 22:12, Gert Doering wrote:
> Hi,
> 
> On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote:
>> ACK to the attached patch.
> 
>> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
>> From: "Simon (simix)" 
> 
> All previous commits (I'm aware of) carry a valid e-mail address, and
> most of them have a full name for the author.
> 
> Do we have a policy how to handle patches with missing author info?

I see no reason at all why we should not give proper credit with full
name.  And we want to be able to reach out to people if there are issues
we can't figure out.  And since I'm one who likes consistency, I think
the policy should be the same for both large as well as small patches.

If someone have issues with that they can get in touch with Samuli or me
directly, as we are employed by OpenVPN Technologies.  Then we will sort
out the details and figure out who will get the credit in the end.

And we should see the Signed-off-by (SoB) line as well.  This carries
more importance if there are legal issues later on (intellectual
property issues, copyright infringements, etc).  The SoB line basically
indicates that "Yes, I am allowed to share this contribution for
inclusion".  The OpenVPN project is far to big to be ignorant to these
possible challenges.  And we never knows whom will be a victim for the
next patent troll.

With that said, I am far more relaxed to the SoB when it comes to
documentation and text snippets (unless it is a massive contribution).


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Steffan Karger
Hi,

On 21-02-17 22:12, Gert Doering wrote:
> On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote:
>> ACK to the attached patch.
> 
>> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
>> From: "Simon (simix)" 
> 
> All previous commits (I'm aware of) carry a valid e-mail address, and
> most of them have a full name for the author.
> 
> Do we have a policy how to handle patches with missing author info?

I don't know, but thought this was more reasonable than claiming
authorship.  We could try to reach out on trac first, and see if Simon
is willing to provide a full name and email address.

-Steffan

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Gert Doering
Hi,

On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote:
> ACK to the attached patch.

> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
> From: "Simon (simix)" 

All previous commits (I'm aware of) carry a valid e-mail address, and
most of them have a full name for the author.

Do we have a policy how to handle patches with missing author info?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


[Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Steffan Karger
Hi,

The attached patch from trac #825 fixes a silly bug in my --tls-crypt
code.  I already confirmed this in trac, but now also on the list:

ACK to the attached patch.

-Steffan
>From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001
From: "Simon (simix)" 
Date: Tue, 21 Feb 2017 20:34:15 +0100
Subject: [PATCH] Fix segfault when using crypto lib without AES-256-CTR or
 SHA256

Openvpn segfaults on RHEL5/CentOS5 when using --tls-crypt, because it
doesn't have AES-256-CTR support:

openvpn[15330]: OpenVPN 2.4.0 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] built on Jan 17 2017
openvpn[15330]: library versions: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008, LZO 2.09, LZ4 1.7.5
openvpn[15331]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
kernel: openvpn[15331]: segfault at 0008 rip 0040ebe0 rsp 7fffdcfc5738 error 4

This patch fixes it so it shows:

openvpn[424]: ERROR: --tls-crypt requires AES-256-CTR support.
openvpn[424]: Exiting due to fatal error

Trac: #825
---
 src/openvpn/tls_crypt.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index a227379..bda14fd 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -51,9 +51,7 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file,
 
 struct key_type kt;
 kt.cipher = cipher_kt_get("AES-256-CTR");
-kt.cipher_length = cipher_kt_key_size(kt.cipher);
 kt.digest = md_kt_get("SHA256");
-kt.hmac_length = md_kt_size(kt.digest);
 
 if (!kt.cipher)
 {
@@ -64,6 +62,9 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file,
 msg(M_FATAL, "ERROR: --tls-crypt requires HMAC-SHA-256 support.");
 }
 
+kt.cipher_length = cipher_kt_key_size(kt.cipher);
+kt.hmac_length = md_kt_size(kt.digest);
+
 crypto_read_openvpn_key(, key, key_file, key_inline, key_direction,
 "Control Channel Encryption", "tls-crypt");
 }
-- 
2.7.4

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel