On Tue, Oct 17, 2023 at 12:08:44AM +0530, Krishna Chaitanya wrote: > Hi Jouni, > > This is a query regarding the plan for adding embedded security support > in Hostap using MbedTLS. > > We have two implementations, so, far > > 1. Based on Epressif's Apache-2.0-based implementation (Submitted by me) > - https://lists.infradead.org/pipermail/hostap/2022-April/040470.html > 2. Based on lighthttpd's BSD-3 implementation > - http://lists.infradead.org/pipermail/hostap/2022-September/040794.html The implementation by the lighttpd developer (me) was polished and is used *in production* by openwrt 23.05 with mbedtls 2.xx. As I recall, I completed full support for SAE and OWE, and also most DPP tests in the hostap hwsim tests. (DPP2 with mbedtls 3.3 (?) when PKCS#7 support was added to mbedtls) https://github.com/openwrt/openwrt/pull/10727 https://github.com/gstrauss/hostap branch mbedtls targets mbedtls main branch, including support for mbedtls 3.x, which I think was mbedtls 3.2 when I was coding against it a year ago (last December). I have not revisited my mbedtls hostap port to the ARM PSA API. (ARM PSA is Arm’s Platform Security Architecture) Given the dated TLSv1.1 implementation native to hostap, I really hope that Jouni engages with me, and also with the WolfSSL developer (who is on the WolfSSL team!) to allow us to each maintain mbedtls and WolfSSL patches, respectively, in hostap. Cheers, Glenn _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
