From 6aabf3706fe5bef08f705f6d6f6582513c7a46c7 Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapil.gupta@espressif.com>
Date: Wed, 15 Apr 2026 20:42:24 +0530
Subject: [PATCH 1/2] fix(supplicant): resolve constant expression warning in
 crypto_ecdh_output_size

Use PSA_BITS_TO_BYTES(key_bits) directly instead of
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(PSA_KEY_TYPE_ECC_KEY_PAIR(...))
to eliminate a tautological type check that always evaluates to the same result.
---
 .../esp_supplicant/src/crypto/crypto_mbedtls-ec.c              | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
index bcb60249e0..1959abadf7 100644
--- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
+++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
@@ -1624,8 +1624,7 @@ static size_t crypto_ecdh_output_size(const crypto_ec_key_wrapper_t *wrapper)
         return 0;
     }
 
-    return PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(
-               PSA_KEY_TYPE_ECC_KEY_PAIR(ecc_family), key_bits);
+    return PSA_BITS_TO_BYTES(key_bits);
 }
 
 struct crypto_ec_key * crypto_ec_key_set_pub(const struct crypto_ec_group *group,

From 7774285b7d873ee5e5980216e198efe8ef719d68 Mon Sep 17 00:00:00 2001
From: Kapil Gupta <kapil.gupta@espressif.com>
Date: Fri, 17 Apr 2026 14:34:56 +0530
Subject: [PATCH 2/2] fix(esp_wifi): Move unnecessary PMF prints to verbose

---
 components/wpa_supplicant/src/crypto/aes-ccm.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/components/wpa_supplicant/src/crypto/aes-ccm.c b/components/wpa_supplicant/src/crypto/aes-ccm.c
index e5bb94ca08..8b906890d8 100644
--- a/components/wpa_supplicant/src/crypto/aes-ccm.c
+++ b/components/wpa_supplicant/src/crypto/aes-ccm.c
@@ -41,7 +41,7 @@ static void aes_ccm_auth_start(void *aes, size_t M, size_t L, const u8 *nonce,
 	os_memcpy(&b[1], nonce, 15 - L);
 	WPA_PUT_BE16(&b[AES_BLOCK_SIZE - L], plain_len);
 
-	wpa_hexdump_key(MSG_DEBUG, "CCM B_0", b, AES_BLOCK_SIZE);
+	wpa_hexdump_key(MSG_MSGDUMP, "CCM B_0", b, AES_BLOCK_SIZE);
 	aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */
 
 	if (!aad_len)
@@ -120,13 +120,13 @@ static void aes_ccm_encr_auth(void *aes, size_t M, u8 *x, u8 *a, u8 *auth)
 	size_t i;
 	u8 tmp[AES_BLOCK_SIZE];
 
-	wpa_hexdump_key(MSG_DEBUG, "CCM T", x, M);
+	wpa_hexdump_key(MSG_MSGDUMP, "CCM T", x, M);
 	/* U = T XOR S_0; S_0 = E(K, A_0) */
 	WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], 0);
 	aes_encrypt(aes, a, tmp);
 	for (i = 0; i < M; i++)
 		auth[i] = x[i] ^ tmp[i];
-	wpa_hexdump_key(MSG_DEBUG, "CCM U", auth, M);
+	wpa_hexdump_key(MSG_MSGDUMP, "CCM U", auth, M);
 }
 
 
@@ -135,13 +135,13 @@ static void aes_ccm_decr_auth(void *aes, size_t M, u8 *a, const u8 *auth, u8 *t)
 	size_t i;
 	u8 tmp[AES_BLOCK_SIZE];
 
-	wpa_hexdump_key(MSG_DEBUG, "CCM U", auth, M);
+	wpa_hexdump_key(MSG_MSGDUMP, "CCM U", auth, M);
 	/* U = T XOR S_0; S_0 = E(K, A_0) */
 	WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], 0);
 	aes_encrypt(aes, a, tmp);
 	for (i = 0; i < M; i++)
 		t[i] = auth[i] ^ tmp[i];
-	wpa_hexdump_key(MSG_DEBUG, "CCM T", t, M);
+	wpa_hexdump_key(MSG_MSGDUMP, "CCM T", t, M);
 }