Re: hostapd - support for embedded very small ssl implementations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jouni,

Thanks for your answer. It will help me further. So I can check first to
disable SAE and as second approach (if needed) to use SAE with minimal implementation
via crypto api.

Best for you in 2018 ;-)
Bye Stephan

On 2017-12-30 16:39, Jouni Malinen wrote:
On Wed, Dec 13, 2017 at 04:55:15PM +0100, Stephan wrote:
Because ad-hoc wifi will slowly be replaced by mesh, openwrt/lede-project should be able to use hostapd with mesh BUT without hard coded dependencies
to
openssl.

hostapd does not support mesh, so I'm assuming you are talking about
using wpa_supplicant with mesh (CONFIG_MESH=y) and SAE (CONFIG_SAE=y)
support.

It would be create if hostapd implements such a layer between itself and openssl, so other people may easily switch to different ssl implementation.
The ustream api may be suitable.

I replaced the direct OpenSSL calls in SAE implementations five years
ago with crypto wrappers:

https://w1.fi/cgit/hostap/commit/?id=aadabe7045fe38846793cc577d78fae9cfe13d76

In other words, if someone is willing to work on implementing those
crypto_*() wrapper functions for various small crypto libraries, SAE
could be built with other libraries than OpenSSL.

Another question: when I only want to use mesh as replacement for adhoc and
without
any mesh routing defined by 802.11s, do I need ssl ? If not, can I configure
hostapd
build process to only have mesh functionality which is similar to adhoc?

Mesh (802.11s) does not use SSL at all. It uses SAE for the secure
network case and that requires certain crypto/FFC/ECC support from the
crypto library. Using mesh without SAE (i.e., just open network) should
work without such conditions, but anyway, I'd rather focus on getting
small implementations of crypto functionality working with SAE.

--
..............................................
Freifunk Dresden
www.freifunk-dresden.de
..............................................

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux