Hi, it has been discussed several times and some of core developers would like to include SSL/TLS and WPA3-Personal/SAE support in the next release as we've dropped support for 4/32M devices officialy with 19.07 and it's time to move on and improve the default security features in official images.
wolfSSL and mbed TLS were pre-selected as possible crypto libraries due to the size. mbed TLS currently lacks support in hostapd so I went with wolfSSL for the start. In order to keep the size as small as possible I've created `wpad-basic-wolfssl` variant of currently shipped `wpad-basic` package which just adds support for SAE. I've tested the patchset on my Rambutan board with `sae` and `sae-mixed` encryption settings against my Android 10 phone and installed random package with opkg over HTTPS. Size comparison of openwrt-ath79-nand-8dev_rambutan-squashfs-factory.bin: 5373952 bytes for wolfSSL enabled image 5111808 bytes for current image as of r13926-f94b09867d ------- 262144 bytes is difference I think, that those numbers are not that bad if you consider that the following patchset adds ca-certificates, libustream-wolfssl, libwolfssl and wpad-basic-wolfssl into default packages. Cheers, Petr Petr Štetiar (3): hostapd: add wpad-basic-wolfssl variant treewide: use wpad-basic-wolfssl as default treewide: switch to HTTPS by default README | 2 +- include/target.mk | 8 +- include/version.mk | 2 +- package/network/services/hostapd/Config.in | 2 + package/network/services/hostapd/Makefile | 20 +++ target/linux/apm821xx/image/sata.mk | 2 +- target/linux/apm821xx/nand/target.mk | 2 +- .../apm821xx/sata/profiles/00-default.mk | 2 +- target/linux/ar71xx/generic/target.mk | 2 +- target/linux/ar71xx/image/generic.mk | 4 +- target/linux/ar71xx/mikrotik/target.mk | 2 +- target/linux/ar71xx/nand/target.mk | 2 +- .../arc770/generic/profiles/00-default.mk | 2 +- .../archs38/generic/profiles/00-default.mk | 2 +- target/linux/ath79/generic/target.mk | 2 +- target/linux/ath79/image/generic.mk | 2 +- target/linux/ath79/mikrotik/target.mk | 2 +- target/linux/ath79/nand/target.mk | 2 +- target/linux/bcm27xx/image/Makefile | 8 +- .../generic/profiles/101-Broadcom-wl.mk | 2 +- .../generic/profiles/105-Broadcom-none.mk | 2 +- .../generic/profiles/201-Broadcom-b44-wl.mk | 2 +- .../generic/profiles/205-Broadcom-b44-none.mk | 2 +- .../generic/profiles/211-Broadcom-tg3-wl.mk | 2 +- .../generic/profiles/215-Broadcom-tg3-none.mk | 2 +- .../generic/profiles/221-Broadcom-bgmac-wl.mk | 2 +- .../profiles/225-Broadcom-bgmac-none.mk | 2 +- .../bcm47xx/generic/profiles/PS-1208MFG.mk | 2 +- target/linux/bcm47xx/generic/target.mk | 2 +- .../mips74k/profiles/102-Broadcom-wl.mk | 2 +- .../mips74k/profiles/103-Broadcom-none.mk | 2 +- target/linux/bcm47xx/mips74k/target.mk | 2 +- target/linux/bcm53xx/image/Makefile | 2 +- target/linux/bcm63xx/image/Makefile | 10 +- target/linux/bcm63xx/profiles/default.mk | 2 +- target/linux/cns3xxx/Makefile | 2 +- target/linux/ipq40xx/Makefile | 2 +- target/linux/ipq806x/Makefile | 2 +- target/linux/kirkwood/image/Makefile | 6 +- target/linux/kirkwood/profiles/00-default.mk | 2 +- target/linux/lantiq/image/ar9.mk | 18 +-- target/linux/lantiq/image/danube.mk | 24 ++-- target/linux/lantiq/image/tp-link.mk | 8 +- target/linux/lantiq/image/vr9.mk | 30 ++--- target/linux/lantiq/image/xway_legacy.mk | 2 +- target/linux/malta/Makefile | 2 +- target/linux/mediatek/mt7622/target.mk | 2 +- target/linux/mpc85xx/Makefile | 2 +- target/linux/mvebu/image/cortexa9.mk | 4 +- target/linux/omap/profiles/00-default.mk | 2 +- target/linux/oxnas/image/ox820.mk | 2 +- target/linux/ramips/image/mt7620.mk | 2 +- target/linux/ramips/image/mt7621.mk | 124 +++++++++--------- target/linux/ramips/mt7620/target.mk | 2 +- target/linux/ramips/mt76x8/target.mk | 2 +- target/linux/rb532/Makefile | 2 +- target/linux/sunxi/image/cortexa7.mk | 8 +- target/linux/sunxi/profiles/00-default.mk | 2 +- target/linux/uml/Makefile | 2 +- 59 files changed, 195 insertions(+), 169 deletions(-) _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
