Summary: | net/openldap24-server: Unable to generate SSHA256/384/512 hashes using SHA2 overlay | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Jonathan Price <freebsd> |
Component: | Individual Port(s) | Assignee: | Xin LI <delphij> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | delphij |
Priority: | --- | Keywords: | needs-qa, security |
Version: | Latest | Flags: | koobs:
maintainer-feedback?
(delphij) |
Hardware: | Any | ||
OS: | Any |
Description
Jonathan Price
2015-01-22 14:09:54 UTC
I should have noted that all testing was carried out on: FreeBSD hostname 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Please contact me if you require any further information / testing. Further to my original findings, I have noticed an important factor. The SHA2 module performs correctly under FreeBSD 9.2-RELEASE (so presumably the entire 9.x family), but does NOT work under FreeBSD 10.1. I shall test it on FreeBSD 10.0 and 9.3 to confirm that it is definitely a breakage going between 9.x and 10.x. Thanks for your submission Jonathan. For future issues, please use the following format for the title: category/port: Summary Aside from being aesthetically more pleasing and easier to read, in this case the [ ] wrapping the category/port prevented our auto-assigner from automatically assigning the issue :) I'll create a separate issue to fix the auto-assigner I have now tested the following versions: 8.4-RELEASE: Works 9.2-RELEASE: Works 9.3-RELEASE: Works 10.0-RELEASE: Broken 10.1-RELEASE: Broken I imagine at this point it's fairly safe to assume the issue is with 9.x->10.x. And thank-you to Kubilay for fixing my title. I had put the square brackets in as I recall seeing them frequently when using GNATS, but it's nice to know there's an official layout. A commit references this bug: Author: delphij Date: Wed May 27 22:08:40 UTC 2015 New revision: 387682 URL: https://svnweb.freebsd.org/changeset/ports/387682 Log: Add a patch to resolve symbol conflict between SHA2 module with OpenSSL's SHA2 implementation. Without this, e.g. SSHA512 scheme would result in a crash due to stack corruption, which is a result of different SHA512 context size in the contributed SHA2 implementation and the OpenSSL one, plus the allocation is on stack. PR: 197004 MFH: 2015Q2 Changes: head/net/openldap24-server/files/patch-contrib_slapd-modules_passwd_sha2_sha2.h A commit references this bug: Author: delphij Date: Wed May 27 22:09:16 UTC 2015 New revision: 387683 URL: https://svnweb.freebsd.org/changeset/ports/387683 Log: MFH: r387682 Add a patch to resolve symbol conflict between SHA2 module with OpenSSL's SHA2 implementation. Without this, e.g. SSHA512 scheme would result in a crash due to stack corruption, which is a result of different SHA512 context size in the contributed SHA2 implementation and the OpenSSL one, plus the allocation is on stack. PR: 197004 Approved by: ports-secteam Changes: _U branches/2015Q2/ branches/2015Q2/net/openldap24-server/files/patch-contrib_slapd-modules_passwd_sha2_sha2.h This should have been fixed now, thanks for reporting. |