On Tue, 17 Oct 2023, 07:32 Glenn Strauss, <gs-lists-hostap@xxxxxxxxxxxxx> wrote: > > On Tue, Oct 17, 2023 at 12:08:44AM +0530, Krishna Chaitanya wrote: > > Hi Jouni, > > > > This is a query regarding the plan for adding embedded security support > > in Hostap using MbedTLS. > > > > We have two implementations, so, far > > > > 1. Based on Epressif's Apache-2.0-based implementation (Submitted by me) > > - https://lists.infradead.org/pipermail/hostap/2022-April/040470.html > > 2. Based on lighthttpd's BSD-3 implementation > > - http://lists.infradead.org/pipermail/hostap/2022-September/040794.html > > The implementation by the lighttpd developer (me) was polished and is > used *in production* by openwrt 23.05 with mbedtls 2.xx. As I recall, > I completed full support for SAE and OWE, and also most DPP tests in > the hostap hwsim tests. (DPP2 with mbedtls 3.3 (?) when PKCS#7 support > was added to mbedtls) https://github.com/openwrt/openwrt/pull/10727 > > https://github.com/gstrauss/hostap branch mbedtls targets mbedtls > main branch, including support for mbedtls 3.x, which I think was > mbedtls 3.2 when I was coding against it a year ago (last December). > > I have not revisited my mbedtls hostap port to the ARM PSA API. > (ARM PSA is Arm’s Platform Security Architecture) > > > > Given the dated TLSv1.1 implementation native to hostap, I really hope > that Jouni engages with me, and also with the WolfSSL developer (who is > on the WolfSSL team!) to allow us to each maintain mbedtls and WolfSSL > patches, respectively, in hostap. FYI the implementation in #1 is also production ready with MbedTLS 2 and 3. The cleanups are also ready, I just haven't posted them as we haven't concluded, licensing is the only issue with that. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
