** Description changed: [ Impact ] - * An explanation of the effects of the bug on users and + OpenLDAP deployments using the contrib pw-sha2 module are not able to + authenticate their users because the SHA2 calculation is done + incorrectly. - * justification for backporting the fix to the stable release. + Even though this is a contrib module, from an upstream PoV, it is + shipped in the Ubuntu (and Debian) OpenLDAP packages, and available for + use. - * In addition, it is helpful, but not required, to include an - explanation of how the upload fixes this bug. + Some fix possibilities were discussed in comment #5, and we selected the + one with the least impact to OpenLDAP users at large, which is to + recompile that module only without the strict-aliasing optimization. + + This update makes that change, and also includes a DEP8 change to verify + it. + + We didn't use a patch for the pw-sha2 Makefile because d/rules overrides + the OPT variable in the make command line + (https://git.launchpad.net/~ahasenack/ubuntu/+source/openldap/tree/debian/rules?h=lunar- + slapd-sha2-2000817#n44) + [ Test Plan ] - * detailed instructions how to reproduce the bug + # Install slapd and openssl + $ sudo apt install slapd openssl - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package fixes - the problem. + # Run the following script - * if other testing is appropriate to perform before landing this update, - this should also be described here. + #!/bin/bash + + reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)" + test_hash=$(slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2) + + echo "Reference hash of \"secret\" (openssl): ${reference_hash}" + echo "slapd's pw-sha2 hash: ${test_hash}" + + if [ "${reference_hash}" != "${test_hash}" ]; then + echo "ERROR: hashes differ" + exit 1 + else + echo "PASS: hashes are identical" + fi + + + With the affected openldap package installed, the script should print an error. With the packages from proposed, the hashes should be identical. + [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the change is - wrong or breaks something else: how would this show up? - - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the - event of a regression. - - * This must '''never''' be "None" or "Low", or entirely an argument as to why - your upload is low risk. - - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. + The fix is a change of a compiler option strictly when building only the + pw-sha2 module, so it's very localized. It could affect the performance + of this module (for the worse), but it's already not working correctly. [ Other Info ] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + Not at this time. [Original Description] The OpenLDAP-contrib module sha2 (located in contrib/slapd- modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu kinetic. This breaks our current password-authentication in ldap. The problematic computation: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= The (correct) reference-value on the same system (or older ubuntu Versions): $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= We nailed the problem down to a bug in the gcc-optimizer for strict- aliasing. so most probably the gcc-version on kinetic (v12.2.0) is the reason. The workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". Then the correct value is computed. An example taken from a git-compiled version of OpenLDAP 2.5.13: $ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Ubuntu: Description: Ubuntu 22.10 Release: 22.10 OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1
** Description changed: [ Impact ] OpenLDAP deployments using the contrib pw-sha2 module are not able to authenticate their users because the SHA2 calculation is done incorrectly. Even though this is a contrib module, from an upstream PoV, it is shipped in the Ubuntu (and Debian) OpenLDAP packages, and available for use. Some fix possibilities were discussed in comment #5, and we selected the one with the least impact to OpenLDAP users at large, which is to recompile that module only without the strict-aliasing optimization. This update makes that change, and also includes a DEP8 change to verify it. We didn't use a patch for the pw-sha2 Makefile because d/rules overrides the OPT variable in the make command line (https://git.launchpad.net/~ahasenack/ubuntu/+source/openldap/tree/debian/rules?h=lunar- slapd-sha2-2000817#n44) - [ Test Plan ] # Install slapd and openssl $ sudo apt install slapd openssl # Run the following script #!/bin/bash reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)" test_hash=$(slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2) echo "Reference hash of \"secret\" (openssl): ${reference_hash}" echo "slapd's pw-sha2 hash: ${test_hash}" if [ "${reference_hash}" != "${test_hash}" ]; then - echo "ERROR: hashes differ" - exit 1 + echo "ERROR: hashes differ" + exit 1 else - echo "PASS: hashes are identical" + echo "PASS: hashes are identical" fi - - With the affected openldap package installed, the script should print an error. With the packages from proposed, the hashes should be identical. - + With the affected openldap package installed, the script should print an + error. With the packages from proposed, the hashes should be identical. [ Where problems could occur ] The fix is a change of a compiler option strictly when building only the pw-sha2 module, so it's very localized. It could affect the performance of this module (for the worse), but it's already not working correctly. [ Other Info ] Not at this time. [Original Description] The OpenLDAP-contrib module sha2 (located in contrib/slapd- modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu kinetic. This breaks our current password-authentication in ldap. The problematic computation: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= The (correct) reference-value on the same system (or older ubuntu Versions): $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= We nailed the problem down to a bug in the gcc-optimizer for strict- aliasing. so most probably the gcc-version on kinetic (v12.2.0) is the reason. The workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". Then the correct value is computed. An example taken from a git-compiled version of OpenLDAP 2.5.13: $ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Ubuntu: Description: Ubuntu 22.10 Release: 22.10 OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2000817 Title: Wrong SHA256-value computed on kinetic Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: In Progress Status in openldap source package in Lunar: Fix Released Status in openldap package in Debian: Unknown Bug description: [ Impact ] OpenLDAP deployments using the contrib pw-sha2 module are not able to authenticate their users because the SHA2 calculation is done incorrectly. Even though this is a contrib module, from an upstream PoV, it is shipped in the Ubuntu (and Debian) OpenLDAP packages, and available for use. Some fix possibilities were discussed in comment #5, and we selected the one with the least impact to OpenLDAP users at large, which is to recompile that module only without the strict-aliasing optimization. This update makes that change, and also includes a DEP8 change to verify it. We didn't use a patch for the pw-sha2 Makefile because d/rules overrides the OPT variable in the make command line (https://git.launchpad.net/~ahasenack/ubuntu/+source/openldap/tree/debian/rules?h=lunar- slapd-sha2-2000817#n44) [ Test Plan ] # Install slapd and openssl $ sudo apt install slapd openssl # Run the following script #!/bin/bash reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)" test_hash=$(slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2) echo "Reference hash of \"secret\" (openssl): ${reference_hash}" echo "slapd's pw-sha2 hash: ${test_hash}" if [ "${reference_hash}" != "${test_hash}" ]; then echo "ERROR: hashes differ" exit 1 else echo "PASS: hashes are identical" fi With the affected openldap package installed, the script should print an error. With the packages from proposed, the hashes should be identical. [ Where problems could occur ] The fix is a change of a compiler option strictly when building only the pw-sha2 module, so it's very localized. It could affect the performance of this module (for the worse), but it's already not working correctly. [ Other Info ] Not at this time. [Original Description] The OpenLDAP-contrib module sha2 (located in contrib/slapd- modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu kinetic. This breaks our current password-authentication in ldap. The problematic computation: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= The (correct) reference-value on the same system (or older ubuntu Versions): $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= We nailed the problem down to a bug in the gcc-optimizer for strict- aliasing. so most probably the gcc-version on kinetic (v12.2.0) is the reason. The workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". Then the correct value is computed. An example taken from a git-compiled version of OpenLDAP 2.5.13: $ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Ubuntu: Description: Ubuntu 22.10 Release: 22.10 OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp