https://bugs.openldap.org/show_bug.cgi?id=10010
Issue ID: 10010 Summary: password/sha2 produces incorrect SHA256 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs@openldap.org Reporter: pmenzel+bugs.openldap.org@molgen.mpg.de Target Milestone: ---
From [Debian BTS report #1030716](https://bugs.debian.org/1030716):
Dear Maintainer,
we got a report[1] on Ubuntu that the contrib module password/sha2 was producing an incorrect SHA256 hash. It was confirmed for a number of releases (22.04, 22.10 and the upcoming 23.04). I checked and it also happens on current debian/sid:
$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
$ echo "{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)" {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
The suggested fix was to rebuild just this module with `-fno-strict-aliasing`, and indeed that fixed it in Ubuntu. Other options include: - finding the offending piece of code that is causing this optimization to misbehave - updating the module to use gnutls or openssl, whatever openldap ends up being linked with - not building/shipping this module
1. https://bugs.launchpad.net/bugs/2000817