[PATCH 19.07 v2 0/3] wolfssl security updates

Eneas U de Queiroz cotequeiroz at gmail.com
Thu Feb 17 14:49:34 PST 2022

On Mon, Feb 14, 2022 at 10:16 PM Luiz Angelo Daros de Luca
<luizluca at gmail.com> wrote:

> Sure. And I do have interest in getting it fixed.

I've done most of the work here:

However, I got stuck with this issue, about MitM attack when the
client-side resumption cache is full:

The patch for it is over 1,500 lines, and I would not be so confident
that backporting changes in many places will not create a new problem.

libcurl and hostapd use client-side session resumption, so openwrt is
possibly impacted.  I don't know if the session cache can get filled
by hostapd or not, but with libcurl, anything is possible.  They both
use the wolfSSL_get_session call, not the wolfSSL_get1_session that
would avoid/work around the problem.

Wolfssl should get bumped to 5.1.1 despite the API/ABI/soname change.


More information about the openwrt-devel mailing list