use wpa_supplicant without OpenSSL and GNU-TLS

Jouni Malinen j at w1.fi
Fri Sep 24 12:47:18 EDT 2010


On Thu, Sep 23, 2010 at 11:48:42AM -0700, jingzhao.ou wrote:

> I need to apply security to a small wireless client node. The node has very
> limited RAM/ROM space. Having OpenSSL or GNU-TLS would be too much for the
> chip. I wonder whether it is possible to use wpa_supplicant without OpenSSL
> or GNU-TLS?

Yes, you can build wpa_supplicant without external TLS library. If you
are not using TLS-based EAP methods (e.g., EAP-TLS or PEAP), you do not
need any TLS implementation; if you use them, you can use the internal
TLS implementation in many cases.

> If I really need OpenSSL, how difficult to replace OpenSSL with some
> embedded encryption libraries like MatrixSSL or cryptlib?

wpa_supplicant has a wrapper interface for TLS libraries which makes it
relatively simple to replace the used library. In addition, the internal
TLS implementation is quite small in size.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list