Dear Jouni, Thank you for your response ! It is working, however I am getting an error when I read in my private key (the same private key I use while not have enabled the internal crypto ie. using openSSL) What I get from my debug dump is: Ps: I have edited the debug hex_dump to print %c to better compare my "test" key ... and they are identical My guess is that the format is wrong (not that difficult to see that :) )...but the question is what format if not the format is the same as for openssl ? Thx. in advance Achuthan .... .... TLSv1: Added certificate: C=DK, ST=Nord Jylland, O=myorg, CN=acpMyorg client certificate/emailAddress=acp@xxxxxxxx PKCS #8: Does not start with PKCS #8 header (SEQUENCE); assume PKCS #8 not used PKCS #8: Does not start with PKCS #8 header (SEQUENCE); assume encrypted PKCS #8 not used Trying to parse PKCS #1 encoded RSA private key RSA: Expected SEQUENCE (public key) - found class 0 tag 0xd PEM DECODE - hexdump(len=968): M I I C x j B A B g k q h k i G 9 w 0 B B Q 0 w M z A b B g k q h k i G 9 w 0 B B Q w w D g Q I P W G 9 v c p F P V w C A g g A M B Q G C C q G S I b 3 D Q M H B A i s A Z y l F n o W W Q S C A o C S l R D m y q H U 6 E u R N 3 3 H e o U 1 m C S b J P g 3 b y d C h b E I J l N o z e n / R 8 L 7 7 X K W z E K o H 0 J m H l 1 A b 3 f D O v L 6 W b D / 2 E l 9 U 7 r P t 2 n k b 3 2 l 1 v 4 t r 2 b y R D V 5 g v w l S / 9 F + N N C e 7 l 0 6 I 5 z b W I s H t t e m C J C j G 5 X b q G 9 O O u D i R w B Z Z D b H n y 2 S H J a 0 9 D w p 3 b 5 2 J A O r h a K b U E D n E F W 1 p B D h B U m N n H p w 9 F 8 n E 8 8 w e l C / P k h D t v / C S D 3 k H X l M o M x c V H w w n x t I a P 9 I G v W O D p R l 1 c + E 5 E G E a j + D m K 4 t x V K r R 6 Y U J B y C F 1 G 5 3 x Z 2 6 H d N P l C h N 0 d 0 N U F A U q o 9 p Q a m c 8 j I n K V G L 0 z i X y 2 3 C A h F d D s N 7 y H v Z z v M m Q Z w k o 9 f d w P T Q v S W P v h V 6 k t S 5 k J u T M a n a U z e x m 8 K h n g + 2 P 4 S 5 9 V L l 7 N Y Y r O 9 8 t d M h z x R G / f u o Y 9 U X H L e u U k x K 3 Y T U v w + V x p p I U 3 2 g 5 a U q Q m N a 6 j n 1 S h y H b T U D n 2 8 H K r Q o x h D + w 9 D / G 3 h m M s T b z + a Q + g + A V N R 6 n S N B 1 W M X R h q 6 7 / 2 c Q Z 3 f 4 L z H c C V E 9 L 7 i E n B 8 g q 9 p U a 0 6 p d s d 1 o 3 G 4 X n 0 R 1 9 8 J + t t a 1 E w R Y u 8 W 8 0 0 4 S V H N C e W 5 e Q / L g s g D k k x I h B b Y W p s K j T 8 K i y h + E J B L K / 1 0 J k L D Z S W / H 0 m n P x t I y 1 w Z I 1 P K T l g e u K 5 Q 4 B M J Q + R 7 X a T U + 7 2 Y U 1 G u c F G l d m N v U O b 1 Z f B p m y R z v z Q j p 4 4 6 T 6 s 2 u z s p z Z 5 H a g s O O f 3 h s N a j V q z t I / Q / O C m p J e I F b b a B q G X w x / 9 a L s W r g e o a H z C i b L X Y 0 p T N l Y 9 L / w t T K S X h Z 0 a q Q O X m 1 S 9 K 4 t / Z S E 0 m c V B U B L R o c j J O b M O B Z v W G s m d 0 r 2 q x X H B X s M Z P o A 8 x H S s f M [acp test]>>> base64_decode 1 [952 | 0] len 968 PKCS #8: Expected INTEGER - found class 0 tag 0x10; assume PKCS #8 not used PKCS #5: encryption algorithm 1.2.840.113549.1.5.13 PKCS #5: unsupported encryption algorithm 1.2.840.113549.1.5.13 PKCS #5: Unsupported parameters Trying to parse PKCS #1 encoded RSA private key RSA: Expected INTEGER - found class 0 tag 0x10 RSA: Expected zero INTEGER in the beginning of private key; not found TLSv1: Failed to parse private key TLS: Failed to load private key [acp test]>>>>>>>>>>>>>>>>>>> -1 TLS: Failed to set TLS connection parameters TLSv1: Selected cipher suite: 0x0000 TLSv1: Record Layer - New write cipher suite 0x0000 TLSv1: Record Layer - New read cipher suite 0x0000 -----Original Message----- From: Jouni Malinen [mailto:j@xxxxx] Sent: 3. december 2015 23:04 To: Achuthan Paramanathan <acp@xxxxxx> Cc: Hostap@xxxxxxxxxxxxxxxxxxx Subject: Re: how to enable the internal client crypto on WPA_supplicant On Thu, Dec 03, 2015 at 09:47:20AM +0000, Achuthan Paramanathan wrote: > I am currently playing around with wpa_supplicant and as it is now, then the default crypto for an EAP-TLS connection, OPENSSL. > However, I would like to enable the internal one, ie, CONFIG_TLS_INTERNAL_CLIENT > > I am pretty new to this wpa_supplicant stuff .. And so far only build the whole wpa_supplicant as it is, no changes to the make file or build config. > > > Any idea where to add this compiler flag ? or how to enable the internal crypto? Adding these to wpa_supplicant/.config is what I normally use for this: CONFIG_TLS=internal CONFIG_INTERNAL_LIBTOMMATH=y CONFIG_INTERNAL_LIBTOMMATH_FAST=y See wpa_supplicant/defconfig for more details on that. > Ps.: I assume the internal crypto, is similar to OpenSSL.just that it is WPA_Supplicants own version of a TLS similar to OpenSSL and GNUSSL ? Correct. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap