Re: [Openvpn-devel] Add support for pushable encryption.

On Thu, Apr 21, 2016 at 10:36 PM, Gert Doering wrote: > On Thu, Apr 21, 2016 at 10:27:50PM +0200, Jan Just Keijser wrote: >> there are a few notes about this patch: >> >> - I've tested it on Linux only >> - it works when pushing both --cipher andi/or --auth >> - works by re-doing part of the encry

Re: [Openvpn-devel] Unit testing in openvpn?

On 21/04/16 20:01, Gert Doering wrote: > Hi, > > On Thu, Apr 21, 2016 at 07:40:16PM +0200, Jens Neuhalfen wrote: >> The first candidate would be the U2F integration that I???d like >> to write. A proven strategy for starting unit testing is to write >> tests for all new features. This way the up-f

Re: [Openvpn-devel] Add support for pushable encryption.

Hi, On Thu, Apr 21, 2016 at 10:27:50PM +0200, Jan Just Keijser wrote: > there are a few notes about this patch: > > - I've tested it on Linux only > - it works when pushing both --cipher andi/or --auth > - works by re-doing part of the encryption setup (you'll see some > messages fly by twice )

Re: [Openvpn-devel] Add support for pushable encryption.

Hi, I hope I got my git skills right this time ;) there are a few notes about this patch: - I've tested it on Linux only - it works when pushing both --cipher andi/or --auth - works by re-doing part of the encryption setup (you'll see some messages fly by twice ) - pushing an HMAC (e.g. push

[Openvpn-devel] Add support for pushable encryption.

--- src/openvpn/init.c | 128 + 1 file changed, 91 insertions(+), 37 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 2beec72..d21a862 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -60,6 +60,13 @@ static stru

Re: [Openvpn-devel] [PATCH] auth-pam:Fix buffer overflow by user supplied data

Hi, On Thu, Apr 21, 2016 at 07:48:01PM +0200, Jens Neuhalfen wrote: > *sigh*. Thanks for finding out && providing the patch! > > Learning: Try on multiple machines (It ???compiles on my machine [Mac]??? > apparently is not enough) > > My test vm (precise) fails with the same error. Mac is spec

Re: [Openvpn-devel] Unit testing in openvpn?

Hi, On Thu, Apr 21, 2016 at 07:40:16PM +0200, Jens Neuhalfen wrote: > The first candidate would be the U2F integration that I???d like > to write. A proven strategy for starting unit testing is to write > tests for all new features. This way the up-front cost is reduced > to the invest for ???the

Re: [Openvpn-devel] Unit testing in openvpn?

Hi, On Thu, Apr 21, 2016 at 09:12:28AM +0200, Jens wrote: > I think that adding unit tests would greatly improve the ease of > implementing new features for openvpn. I have spend a lot of time > coding Java (and others), and unit testing greatly improved my code > quality, my throughput, and last

[Openvpn-devel] [PATCH applied] Re: Fix buffer overflow by user supplied data

Your patch has been applied to the master and release/2.3 branch. As discussed downthread, I've added to fix the MAX_SIZE compilation error on Linux and FreeBSD. commit 7c0ecd1191e66fa242708f93baa4006ba0a73c7a (master) commit b15d511aa6ca75c643a46b703b5536016a77d395 (release/2.3) Author: Jens N

Re: [Openvpn-devel] [PATCH] auth-pam:Fix buffer overflow by user supplied data

Hi Gert, […] *sigh*. Thanks for finding out && providing the patch! Learning: Try on multiple machines (It “compiles on my machine [Mac]” apparently is not enough) My test vm (precise) fails with the same error. Jens > While this looks totally reasonable, it does not compile... both in >

Re: [Openvpn-devel] Unit testing in openvpn?

Hi Arne, […] >> > The problem with unit tests and existing software is that, if the > software hasn't been written with testing in mind, it is often hard > without major refactoring to do the small java style unit tests. Also > someone has to write these unit tests and free time is currently spa

Re: [Openvpn-devel] Unit testing in openvpn?

Hi Samuli, […] > I think the first step would be to identify the places where unit tests could > be implemented easily (if any), and where they would do most good. If > something falls to both of these categories then writing a unit test there > would probably make sense. The first candidate

Re: [Openvpn-devel] [PATCH] auth-pam:Fix buffer overflow by user supplied data

On 21 Apr 2016 7:25 p.m., "Gert Doering" wrote: > ... you need to #include to get that symbol... > > Steffan: for the sake of "avoid yet another full loop and a v3", could > you just ACK this change as well? Yes, ACK. -Steffan

Re: [Openvpn-devel] [PATCH] auth-pam:Fix buffer overflow by user supplied data

Hi, On Thu, Apr 21, 2016 at 08:51:27AM +0200, Jens wrote: > > This is without a doubt an improvement, but it still leaves an > > opportunity open to achieve a buffer overflow through an integer > > overflow. Consider a tosearch with len 11, and a replacewith with len > > [???] > > Good point. P

[Openvpn-devel] Tap-windows-9.21.2 installers available

Hi, Tap-windows-9.21.2 installer is now available here: The driver files are also available separately:

Re: [Openvpn-devel] Unit testing in openvpn?

Adding a test framework would require a way to include & track this dependency. I see three possibilities * Copy-and-forget: Add a copy the upstream testing framework and add it as-is to the source code repo. * Include-dependency-management: Add some kind of dependency management, e.g. cmake

Re: [Openvpn-devel] [PATCH] auth-pam:Fix buffer overflow by user supplied data

On Thu, Apr 21, 2016 at 8:51 AM, Jens wrote: > Passing very long usernames/passwords for pam authentication could possibly > lead to a stack based buffer overrun in the auth-pam plugin. > > Adds a dependency to C99 (includes stdbool.h) > > Signed-off-by: Jens Neuhalfen > --- > src/plugins/auth-

Re: [Openvpn-devel] Unit testing in openvpn?

Am 21.04.16 um 09:12 schrieb Jens: > Hi > > I think that adding unit tests would greatly improve the ease of implementing > new features for openvpn. I have spend a lot of time coding Java (and > others), and unit testing greatly improved my code quality, my throughput, > and last, but not le

Re: [Openvpn-devel] Unit testing in openvpn?

the most comfortable for github is travis-ci (it runs tests even for pull requests). we already use it for openvpn-gui and openvpn-build projects (just build, those projects do not have any tests yet): https://travis-ci.org/OpenVPN/openvpn-gui https://travis-ci.org/OpenVPN/openvpn-build as for op

[Openvpn-devel] Unit testing in openvpn?

Hi I think that adding unit tests would greatly improve the ease of implementing new features for openvpn. I have spend a lot of time coding Java (and others), and unit testing greatly improved my code quality, my throughput, and last, but not least, my confidence in the code. Indeed I have be

Re: [Openvpn-devel] New EV-signed tap-windows6 driver ready for testing

Hi Selva, Thanks for doing the tests! Hi, On Wed, Apr 20, 2016 at 2:51 AM, Samuli Seppänen mailto:sam...@openvpn.net>> wrote: Hi, So far the new driver (tap6-dual-sha1-sha2ev) looks promising: it works on 64-bit Vista, 7 and 10:

Re: [Openvpn-devel] [PATCH] auth-pam:Fix buffer overflow by user supplied data

Hi Steffan, […] > > This is without a doubt an improvement, but it still leaves an > opportunity open to achieve a buffer overflow through an integer > overflow. Consider a tosearch with len 11, and a replacewith with len […] Good point. Patch attached. Cheers Jens From 7d76d224096d26a6d19