Authentication with SHA256 fails

[flesueur]

Hi,

It seems that the SHA256 calculation in pw-sha2 is wrong in 2.5.17.1, which prevents using SHA256/SSHA256 passwords. SHA, SHA384 and SHA512 are ok.

What version is affected ? 2.5.17.1 version on Debian Stable is affected.

What happens ? Users with (correct) SHA256 passwords cannot authenticate with bind. Same users are ok if I change their password hash to SHA, SHA384 or SHA512

How to check ? On a correct implementation :

$ /usr/sbin/slappasswd -h {SHA256} -o module-load=pw-sha2 -s "toto" {SHA256}MfemXjFVhqwZi9eYtmKc5JA9CJlHbVdBqfMuLlIbamY=
$ /usr/sbin/slappasswd -h {SHA384} -o module-load=pw-sha2 -s "toto" {SHA384}7reqpVZaqO9zLsmimZzXIliy3zVPuvc1uc3zYWnNDoSExmfkLDG8DZMplXI7iKPc

On 2.5.17.1 :

$ /usr/sbin/slappasswd -h {SHA256} -o module-load=pw-sha2 -s "toto" {SHA256}GKvzPYvSSEcNo1cT7Mle0opNkK1O+cOOb8sYaBjMa+A=
$ /usr/sbin/slappasswd -h {SHA384} -o module-load=pw-sha2 -s "toto" {SHA384}7reqpVZaqO9zLsmimZzXIliy3zVPuvc1uc3zYWnNDoSExmfkLDG8DZMplXI7iKPc

The SHA256 (without salt) is different. The correct value can be obtained with

$ echo -n toto | openssl dgst -sha256 -binary | openssl enc -base64
MfemXjFVhqwZi9eYtmKc5JA9CJlHbVdBqfMuLlIbamY=

It seems similar to https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817

Cheers, François

[davidcoutadeur]

Thanks for the report.

The bug was reported to the OpenLDAP core team about 1 year ago. See: https://bugs.openldap.org/show_bug.cgi?id=10010

The code of pw-sha2 has not changed since 2015. Seems this is a bug in gcc.

[davidcoutadeur]

Bug reproduced on:

• debian 12.5 / gcc 12.2.0-14
• debian trixie/sid / gcc 13.2.0-25

Problem is not present on debian 10 (gcc 8.3.0-6) and debian 11 (gcc 10.2.1-6)

[davidcoutadeur]

Done in 8b4ab33 and f54504e