hostapd - support for embedded very small ssl implementations

Stephan stephan at
Sun Dec 31 16:07:23 PST 2017

Hi Jouni,

Thanks for your answer. It will help me further. So I can check first to
disable SAE and as second approach (if needed) to use SAE with minimal 
via crypto api.

Best for you in 2018 ;-)
Bye Stephan

On 2017-12-30 16:39, Jouni Malinen wrote:
> On Wed, Dec 13, 2017 at 04:55:15PM +0100, Stephan wrote:
>> Because ad-hoc wifi will slowly be replaced by mesh, 
>> openwrt/lede-project
>> should be able to use hostapd with mesh BUT without hard coded 
>> dependencies
>> to
>> openssl.
> hostapd does not support mesh, so I'm assuming you are talking about
> using wpa_supplicant with mesh (CONFIG_MESH=y) and SAE (CONFIG_SAE=y)
> support.
>> It would be create if hostapd implements such a layer between itself 
>> and
>> openssl, so other people may easily switch to different ssl 
>> implementation.
>> The ustream api may be suitable.
> I replaced the direct OpenSSL calls in SAE implementations five years
> ago with crypto wrappers:
> In other words, if someone is willing to work on implementing those
> crypto_*() wrapper functions for various small crypto libraries, SAE
> could be built with other libraries than OpenSSL.
>> Another question: when I only want to use mesh as replacement for 
>> adhoc and
>> without
>> any mesh routing defined by 802.11s, do I need ssl ? If not, can I 
>> configure
>> hostapd
>> build process to only have mesh functionality which is similar to 
>> adhoc?
> Mesh (802.11s) does not use SSL at all. It uses SAE for the secure
> network case and that requires certain crypto/FFC/ECC support from the
> crypto library. Using mesh without SAE (i.e., just open network) should
> work without such conditions, but anyway, I'd rather focus on getting
> small implementations of crypto functionality working with SAE.

Freifunk Dresden

More information about the Hostap mailing list