Issue 8198 - pw-pbkdf2: optionally use libnettle for crypto
Summary: pw-pbkdf2: optionally use libnettle for crypto
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: contrib (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-13 20:44 UTC by luca.bruno@rocket-internet.de
Modified: 2015-11-30 18:20 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description luca.bruno@rocket-internet.de 2015-07-13 20:44:49 UTC 
Full_Name: Luca BRUNO
Version: git:master
OS: Debian
URL: https://github.com/lucab/openldap/commits/lucab/pbkdf2-nettle
Submission from: (NULL) (78.55.218.166)


This is a followup to ITS#7977.
Here below are two patches against the pw-pbkdf2 contrib module to:
 1) fix an always-true check
 2) optionally make use of libnettle

Corresponding patches are available online:
 1) https://github.com/lucab/openldap/commit/f9e42bc1ce85a8c2bc7f3daa06a553b0f79ea6d8.patch
 2) https://github.com/lucab/openldap/commit/b98457fbb009e92d394e0d99851fc720df334db7.patch

Those have been already reviewed by Tsukasa HAMANO:
 * https://github.com/hamano/openldap-pbkdf2/pull/3
 * https://github.com/hamano/openldap-pbkdf2/pull/4

IPR statement follows:

"""
The attached patch is derived from OpenLDAP Software. All of the modifications 
to OpenLDAP Software represented in the following patch(es) were developed by 
Luca BRUNO, on balalf of "Rocket Internet SE". 

By virtue of my employment agreement with "Rocket Internet SE", I have 
assigned my rights and interest in this work to "Rocket Internet SE".

"Rocket Internet AG" has not assigned rights and/or interest in this work to 
any party. I, Luca BRUNO, am authorized by "Rocket Internet SE", my employer, 
to release this work under the following terms.

"Rocket Internet SE" hereby places the following modifications to OpenLDAP 
Software (and only these modifications) into the public domain. Hence, these 
modifications may be freely used and/or redistributed for any purpose with or 
without attribution and/or other notice. 
"""
Comment 1 peter@adpm.de 2015-08-08 19:12:42 UTC 
Hi,

you may want to have a look at Followup 1 for ITS#8205:
I added a manual page for pbkdf2 and adapted it's Makefile to install it too.

The commit can be found on my github repo:
https://github.com/marschap/openldap/commit/f63202e8aa68e3391f52d2481f649ca22aeb5ae4

BTW: I successfully tested your nettle patch with by Debian-based server.
Thank you!

Best
Peter

-- 
Peter Marschall
peter@adpm.de
Comment 2 Ryan Tandy 2015-08-23 17:13:21 UTC 
On Mon, Jul 13, 2015 at 08:44:49PM +0000, luca.bruno@rocket-internet.de wrote:
>This is a followup to ITS#7977.
>Here below are two patches against the pw-pbkdf2 contrib module to:
> 1) fix an always-true check
> 2) optionally make use of libnettle

These are in git master now, along with the #else->#elif fixup. Thank 
you for the contribution!
Comment 3 Ryan Tandy 2015-08-23 17:14:08 UTC 
changed notes
changed state Open to Test
moved from Incoming to Contrib
Comment 4 Quanah Gibson-Mount 2015-08-31 15:31:35 UTC 
changed notes
changed state Test to Release
Comment 5 OpenLDAP project 2015-11-30 18:20:19 UTC 
fixed in master
fixed in RE25
fixed in RE24 (2.4.43)
Comment 6 Quanah Gibson-Mount 2015-11-30 18:20:19 UTC 
changed notes
changed state Release to Closed