[PATCH 12/21] dpp: Use ECDH from crypto.h
Jouni Malinen
j at w1.fi
Tue Oct 26 13:26:58 PDT 2021
On Mon, Jun 28, 2021 at 06:25:29PM +0200, Cedric Izoard wrote:
> Use crypto.h API to implement ECDH in DPP.
> Need to add a new init function in crypto.h to initialize an ECDH with
> a given EC key.
This would be removing a workaround described in this commit:
https://w1.fi/cgit/hostap/commit/?id=29ef1c5ee4c1251aa3a70cb45af6888deba040f8
> - if (*secret_len > DPP_MAX_SHARED_SECRET_LEN) {
> - u8 buf[200];
> - int level = *secret_len > 200 ? MSG_ERROR : MSG_DEBUG;
> -
> - /* It looks like OpenSSL can return unexpectedly large buffer
> - * need for shared secret from EVP_PKEY_derive(NULL) in some
> - * cases. For example, group 19 has shown cases where secret_len
> - * is set to 72 even though the actual length ends up being
> - * updated to 32 when EVP_PKEY_derive() is called with a buffer
> - * for the value. Work around this by trying to fetch the value
> - * and continue if it is within supported range even when the
> - * initial buffer need is claimed to be larger. */
I.e., this part would disappear.. I would not want to lose this without
fully understanding what was causing that issue. Alas, I do not know how
to reproduce this and what exactly was causing the issue, but clearly I
felt like it was needed to avoid strange problems under some conditions.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list