use wpa_supplicant without OpenSSL and GNU-TLS
j at w1.fi
Fri Sep 24 12:47:18 EDT 2010
On Thu, Sep 23, 2010 at 11:48:42AM -0700, jingzhao.ou wrote:
> I need to apply security to a small wireless client node. The node has very
> limited RAM/ROM space. Having OpenSSL or GNU-TLS would be too much for the
> chip. I wonder whether it is possible to use wpa_supplicant without OpenSSL
> or GNU-TLS?
Yes, you can build wpa_supplicant without external TLS library. If you
are not using TLS-based EAP methods (e.g., EAP-TLS or PEAP), you do not
need any TLS implementation; if you use them, you can use the internal
TLS implementation in many cases.
> If I really need OpenSSL, how difficult to replace OpenSSL with some
> embedded encryption libraries like MatrixSSL or cryptlib?
wpa_supplicant has a wrapper interface for TLS libraries which makes it
relatively simple to replace the used library. In addition, the internal
TLS implementation is quite small in size.
Jouni Malinen PGP id EFC895FA
More information about the HostAP