On Mon, Jun 28, 2021 at 06:25:29PM +0200, Cedric Izoard wrote: > Use crypto.h API to implement ECDH in DPP. > Need to add a new init function in crypto.h to initialize an ECDH with > a given EC key. This would be removing a workaround described in this commit: https://w1.fi/cgit/hostap/commit/?id=29ef1c5ee4c1251aa3a70cb45af6888deba040f8 > - if (*secret_len > DPP_MAX_SHARED_SECRET_LEN) { > - u8 buf[200]; > - int level = *secret_len > 200 ? MSG_ERROR : MSG_DEBUG; > - > - /* It looks like OpenSSL can return unexpectedly large buffer > - * need for shared secret from EVP_PKEY_derive(NULL) in some > - * cases. For example, group 19 has shown cases where secret_len > - * is set to 72 even though the actual length ends up being > - * updated to 32 when EVP_PKEY_derive() is called with a buffer > - * for the value. Work around this by trying to fetch the value > - * and continue if it is within supported range even when the > - * initial buffer need is claimed to be larger. */ I.e., this part would disappear.. I would not want to lose this without fully understanding what was causing that issue. Alas, I do not know how to reproduce this and what exactly was causing the issue, but clearly I felt like it was needed to avoid strange problems under some conditions. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap