OpenSSL 1.0.2b, 1.0.1n, 1.0.0s, 0.9.8zg binary incompatibility

Jouni Malinen j
Fri Jun 12 03:19:36 PDT 2015


Please note that the OpenSSL versions released yesterday are not binary
compatible with the prior releases due to a quite undesired ABI change
(HMAC_CTX size changes). This affects multiple programs using OpenSSL
shared libraries, including wpa_supplicant.

If you are using wpa_supplicant with OpenSSL as a shared library and
update the OpenSSL shared library without rebuilding the wpa_supplicant
binary against the new header files from the new OpenSSL version, you
may hit memory corruption issues at runtime. Rebuilding wpa_supplicant
against the matching OpenSSL version will fix those.

Based on a quick test, this issue did not show up in practice for me on
64-bit Ubuntu 14.04 with gcc build due to the HMAC_CTX struct padding
done by the compiler. However, on 32-bit Ubuntu 14.04, this did result
in memory corruption and process termination due to malloc() memory
corruption and/or stack smashing detection.

This is an OpenSSL issue and I hope that the previous ABI will be
restored in a new release shortly. There is not really anything that
wpa_supplicant can do about this apart from doing that rebuild with new
OpenSSL header files.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list