Hi Jouni,
Thanks for your answer. It will help me further. So I can check first to
disable SAE and as second approach (if needed) to use SAE with minimal
implementation
via crypto api.
Best for you in 2018 ;-)
Bye Stephan
On 2017-12-30 16:39, Jouni Malinen wrote:
On Wed, Dec 13, 2017 at 04:55:15PM +0100, Stephan wrote:
Because ad-hoc wifi will slowly be replaced by mesh,
openwrt/lede-project
should be able to use hostapd with mesh BUT without hard coded
dependencies
to
openssl.
hostapd does not support mesh, so I'm assuming you are talking about
using wpa_supplicant with mesh (CONFIG_MESH=y) and SAE (CONFIG_SAE=y)
support.
It would be create if hostapd implements such a layer between itself
and
openssl, so other people may easily switch to different ssl
implementation.
The ustream api may be suitable.
I replaced the direct OpenSSL calls in SAE implementations five years
ago with crypto wrappers:
https://w1.fi/cgit/hostap/commit/?id=aadabe7045fe38846793cc577d78fae9cfe13d76
In other words, if someone is willing to work on implementing those
crypto_*() wrapper functions for various small crypto libraries, SAE
could be built with other libraries than OpenSSL.
Another question: when I only want to use mesh as replacement for
adhoc and
without
any mesh routing defined by 802.11s, do I need ssl ? If not, can I
configure
hostapd
build process to only have mesh functionality which is similar to
adhoc?
Mesh (802.11s) does not use SSL at all. It uses SAE for the secure
network case and that requires certain crypto/FFC/ECC support from the
crypto library. Using mesh without SAE (i.e., just open network) should
work without such conditions, but anyway, I'd rather focus on getting
small implementations of crypto functionality working with SAE.
--
..............................................
Freifunk Dresden
www.freifunk-dresden.de
..............................................
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
