On Fri, Sep 23, 2022 at 12:47 AM krishna t <krish271828@xxxxxxxxx> wrote: > > On Thu, Sep 15, 2022 at 2:48 AM <gs-lists-hostap@xxxxxxxxxxxxx> wrote: > > > > Greetings! > > > > I am a lighttpd developer who has written TLS modules for lighttpd > > to support OpenSSL, mbed TLS, GnuTLS, WolfSSL, and NSS TLS libraries. > > > > I am in the process of porting hostap to have the option to use mbedtls > > in support of https://github.com/openwrt/openwrt/issues/10303 > > > > development branch: > > https://github.com/gstrauss/hostap/tree/mbedtls (work in progress) > > > > My branch builds with mbedtls 2.27.0 or later, and also with mbedtls 3.x > > > > Please note: my effort here is independent from > > https://www.spinics.net/lists/hostap/msg09799.html > > > > > > My development branch (work in progress) passes most tests/hwsim > > tests at the lower layers, though support is limited or incomplete > > for SAE, DPP, and OWE. Also, not all src/crypto/tls.h features are > > implemented. TLS session ticket and master secret handling is not yet > > implemented in tls_mbedtls.c for EAP-FAST and EAP-TEAP. > > > > Of note, mbedtls_ecp_mul() validates ecp point and bignum params. > > This leads to some test failures after calls to crypto_ec_point_mul(): > > e.g. 18 of 39 sae tests which fail are due to mbedtls_ecp_mul() > > rejecting the point param as not being on the curve. sae_tests() in > > common_module_tests() fails due to the hard-coded mask in the test not > > passing mbedtls validation. > > > > More testing is needed, as is augmenting existing automated tests. > > > > > > Running tests/hwsim with mbedtls requires following tests/hwsim/README > > and modifying wpa_supplicant/.config and hostapd/.config to set > > CONFIG_TLS=mbedtls and to comment out CONFIG_TLS=openssl, or to override > > the value on the make command line with 'make CONFIG_TLS=mbedtls ...' > > > > > > My development branch also adds the ability for run-tests to test using > > different crypto libraries (assuming the crypto libraries are installed) > > cd tests > > for crypto_lib in mbedtls openssl gnutls wolfssl internal; do > > make -j 4 CONFIG_TLS=$crypto_lib clean > > make -j 4 CONFIG_TLS=$crypto_lib run-tests > > make -j 4 CONFIG_TLS=$crypto_lib clean > > done > > > > > > Before I post a patch -- which is a work in progress -- containing 6400+ > > lines changed, please let me know if there is a better way to continue > > development of these patches and to obtain feedback. (PRs are welcome > > at https://github.com/gstrauss/hostap to the 'mbedtls' branch) > Hi Glenn, > > I have already submitted a patch which is still under review here > https://www.spinics.net/lists/hostap/msg09799.html. I am awaiting > Jouni's response > for my comment before submitting the next version. > > Please have a look, BTW, it's good to see another user of MbedTLS. Adding community mail address. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
