[PATCH 12/21] dpp: Use ECDH from crypto.h

Jouni Malinen j at w1.fi
Tue Oct 26 13:26:58 PDT 2021


On Mon, Jun 28, 2021 at 06:25:29PM +0200, Cedric Izoard wrote:
> Use crypto.h API to implement ECDH in DPP.
> Need to add a new init function in crypto.h to initialize an ECDH with
> a given EC key.

This would be removing a workaround described in this commit:
https://w1.fi/cgit/hostap/commit/?id=29ef1c5ee4c1251aa3a70cb45af6888deba040f8

> -	if (*secret_len > DPP_MAX_SHARED_SECRET_LEN) {
> -		u8 buf[200];
> -		int level = *secret_len > 200 ? MSG_ERROR : MSG_DEBUG;
> -
> -		/* It looks like OpenSSL can return unexpectedly large buffer
> -		 * need for shared secret from EVP_PKEY_derive(NULL) in some
> -		 * cases. For example, group 19 has shown cases where secret_len
> -		 * is set to 72 even though the actual length ends up being
> -		 * updated to 32 when EVP_PKEY_derive() is called with a buffer
> -		 * for the value. Work around this by trying to fetch the value
> -		 * and continue if it is within supported range even when the
> -		 * initial buffer need is claimed to be larger. */

I.e., this part would disappear.. I would not want to lose this without
fully understanding what was causing that issue. Alas, I do not know how
to reproduce this and what exactly was causing the issue, but clearly I
felt like it was needed to avoid strange problems under some conditions.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list