Resend: hostap option to use mbedtls

Sun Oct 16 06:31:28 PDT 2022

Resending from a month ago:
http://lists.infradead.org/pipermail/hostap/2022-September/040794.html

Greetings!

I am a lighttpd developer who has written TLS modules for lighttpd
to support OpenSSL, mbed TLS, GnuTLS, WolfSSL, and NSS TLS libraries.

I am in the process of porting hostap to have the option to use mbedtls
in support of https://github.com/openwrt/openwrt/issues/10303
My patches are available for wider testing with OpenWRT
  https://github.com/openwrt/openwrt/pull/10727

development branch:
  https://github.com/gstrauss/hostap/tree/mbedtls

My branch builds with mbedtls 2.27.0 or later, and also with mbedtls 3.x

Please note: my effort here is independent from
  https://www.spinics.net/lists/hostap/msg09799.html

Status: My development branch now passes almost all tests/hwsim tests,
except for tests/hwsim tests which also fail for openssl, and not
including features skipped in the framework.  Skipped features include
EAP-FAST, EAP-TEAP, DPP2, DPP3, OCSP, TLSv1.3).

Running tests/hwsim with mbedtls requires following tests/hwsim/README
and modifying wpa_supplicant/.config and hostapd/.config to set
CONFIG_TLS=mbedtls and to comment out CONFIG_TLS=openssl, or to override
the value on the make command line with 'make CONFIG_TLS=mbedtls ...'

My development branch also adds the ability for run-tests to test using
different crypto libraries (assuming the crypto libraries are installed)
  cd tests
  for crypto_lib in mbedtls openssl gnutls wolfssl internal; do
    make -j 4 CONFIG_TLS=$crypto_lib clean
    make -j 4 CONFIG_TLS=$crypto_lib run-tests
    make -j 4 CONFIG_TLS=$crypto_lib clean
  done

Before I post a patchset containing 7500+ lines changed, please let me
know if there is a better way to continue development of these patches
and to obtain feedback.  (PRs are welcome at
https://github.com/gstrauss/hostap to the 'mbedtls' branch)

Thank you.  Glenn