hostapd - support for embedded very small ssl implementations

Jouni Malinen j at w1.fi
Sat Dec 30 07:39:33 PST 2017


On Wed, Dec 13, 2017 at 04:55:15PM +0100, Stephan wrote:
> Because ad-hoc wifi will slowly be replaced by mesh, openwrt/lede-project
> should be able to use hostapd with mesh BUT without hard coded dependencies
> to
> openssl.

hostapd does not support mesh, so I'm assuming you are talking about
using wpa_supplicant with mesh (CONFIG_MESH=y) and SAE (CONFIG_SAE=y)
support.

> It would be create if hostapd implements such a layer between itself and
> openssl, so other people may easily switch to different ssl implementation.
> The ustream api may be suitable.

I replaced the direct OpenSSL calls in SAE implementations five years
ago with crypto wrappers:

https://w1.fi/cgit/hostap/commit/?id=aadabe7045fe38846793cc577d78fae9cfe13d76

In other words, if someone is willing to work on implementing those
crypto_*() wrapper functions for various small crypto libraries, SAE
could be built with other libraries than OpenSSL.

> Another question: when I only want to use mesh as replacement for adhoc and
> without
> any mesh routing defined by 802.11s, do I need ssl ? If not, can I configure
> hostapd
> build process to only have mesh functionality which is similar to adhoc?

Mesh (802.11s) does not use SSL at all. It uses SAE for the secure
network case and that requires certain crypto/FFC/ECC support from the
crypto library. Using mesh without SAE (i.e., just open network) should
work without such conditions, but anyway, I'd rather focus on getting
small implementations of crypto functionality working with SAE.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list