[Pkg-openssl-devel] Bug#450934: libssl0.9.8g-2 breaks wpa_supplicant because of bug in _x86_AES_decrypt

Mon Nov 12 12:29:25 UTC 2007

Package: libssl0.9.8
Version: 0.9.8g-2
Severity: important

After upgrade to version 0.9.8g-2 of libssl I'm no longer able to 
connect to WPA2 network. Funny thing is that it segfaults in moment when 
RADIUS send access-accept response. Output from gdb:

> Starting program: /usr/src/hostap/wpa_supplicant/wpa_supplicant -D wext -i eth1 -c /etc/wpa_supplicant/eduroam.conf
> CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> Trying to associate with 00:17:df:95:53:70 (SSID='eduroam' freq=2412 MHz)
> Associated with 00:17:df:95:53:70
> CTRL-EVENT-EAP-STARTED EAP authentication started
> CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
> OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
> EAP-MSCHAPV2: Authentication succeeded
> EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
> CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
> 
> Program received signal SIGSEGV, Segmentation fault.
> 
> _x86_AES_decrypt () at ax86-elf.s:482
> 482     ax86-elf.s: No such file or directory.
>         in ax86-elf.s
> Current language:  auto; currently asm
> (gdb) where
> #0  _x86_AES_decrypt () at ax86-elf.s:482
> #1  0xb7ddb51b in AES_decrypt () at ax86-elf.s:965
> #2  0xbfb7c61c in ?? ()
> #3  0xbfb7c654 in ?? ()
> #4  0x0000002d in ?? ()
> #5  0x00000009 in ?? ()
> #6  0x080b26a0 in ?? ()
> #7  0xbfb7c678 in ?? ()
> #8  0x08073398 in aes_unwrap (
>     kek=0x809e4dc "äüÝ~.\225^ĺ\220\022xG(\0375č!ű&\213/\030ĺ]fÜámE\006ÔŁü\234=zyR\237qÂă2eč%}^+\031jČx(SP\025OjŚYy.çäüÝ~.\225^ĺ\220\022xG(\0375č!ű&\213/\030ĺ]fÜámE\006ÔŁü\234=zyR\237qÂă2eč%}^\001", 
>     n=9, 
>     cipher=0x80b260b "WŽ\024FrMŹ1Wy\220Ň6\037<\f~\204\200\206ú0ÄŮ\001˘'ĺ\223Ë\022úNę\027ąUJˇ\213żë\234U\234\220O\200\"I×ś<Oĺ^´(˝=\224\177a\202=\2041ţ&\032'§\220ď[ţť´/e", 
>     plain=0x80b2660 "Wy\220Ň6\037<\f~\204\200\206ú0ÄŮ\001˘'ĺ\223Ë\022úNę\027ąUJˇ\213żë\234U\234\220O\200\"I×ś<Oĺ^´(˝=\224\177a\202=\2041ţ&\032'§\220ď[ţť´/eÝ÷\022.ů") at ../hostapd/aes_wrap.c:125
> #9  0x080704af in wpa_sm_rx_eapol (sm=0x809e4a8, src_addr=0xbfb7d124 "", 
>     buf=0xbfb7c81c "\002\003", len=179) at wpa.c:1340
> #10 0x080529a7 in l2_packet_receive (sock=7, eloop_ctx=0x809e658, sock_ctx=0x0)
>     at l2_packet_linux.c:89
> #11 0x080502b2 in eloop_sock_table_dispatch (table=0x80939c8, fds=0x809ff48)
>     at ../hostapd/eloop.c:159
> #12 0x08050805 in eloop_run () at ../hostapd/eloop.c:484
> #13 0x08073ebb in wpa_supplicant_run (global=0x80942f8) at wpa_supplicant.c:2628
> #14 0x08079e91 in main (argc=Cannot access memory at address 0xfe5bef90

I'm running Debian/Sid on DELL Latitude D410 with ipw2200 wireless card. 
All used software is in latest versions from Sid. wpa_supplicant = 0.6.0-4.

After downgrade to libssl0.9.8_0.9.8g-1 is wpa_supplicant working again. 
  That is reason why I blame libssl and not wpa_supplicant.

If I can provide more info to debug and fix this problem let me know, I 
will try to help.

PS: Older version of libssl: 
http://www.tomasek.cz/software/debarch/deb/ftp.cz.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8g-1_i386.deb

Best regards
-- 
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/