use wpa_supplicant without OpenSSL and GNU-TLS

Jouni Malinen j
Fri Sep 24 09:47:18 PDT 2010

On Thu, Sep 23, 2010 at 11:48:42AM -0700, jingzhao.ou wrote:

> I need to apply security to a small wireless client node. The node has very
> limited RAM/ROM space. Having OpenSSL or GNU-TLS would be too much for the
> chip. I wonder whether it is possible to use wpa_supplicant without OpenSSL
> or GNU-TLS?

Yes, you can build wpa_supplicant without external TLS library. If you
are not using TLS-based EAP methods (e.g., EAP-TLS or PEAP), you do not
need any TLS implementation; if you use them, you can use the internal
TLS implementation in many cases.

> If I really need OpenSSL, how difficult to replace OpenSSL with some
> embedded encryption libraries like MatrixSSL or cryptlib?

wpa_supplicant has a wrapper interface for TLS libraries which makes it
relatively simple to replace the used library. In addition, the internal
TLS implementation is quite small in size.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list