diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index a97ab1968..aae29104d 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -987,7 +987,8 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
 
 static void
 hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data *hapd, const u8 *src,
-				 const u8 *buf, size_t len, unsigned int freq)
+				 const u8 *buf, size_t len,
+				 unsigned int freq)
 {
 	struct wpabuf *msg;
 
@@ -1063,7 +1064,7 @@ hostapd_dpp_rx_pkex_exchange_resp(struct hostapd_data *hapd, const u8 *src,
 
 static void
 hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
-				      const u8 *buf, size_t len,
+				      const u8 *hdr, const u8 *buf, size_t len,
 				      unsigned int freq)
 {
 	struct wpabuf *msg;
@@ -1078,7 +1079,7 @@ hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
 		return;
 	}
 
-	msg = dpp_pkex_rx_commit_reveal_req(pkex, buf, len);
+	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
 	if (!msg) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
 		return;
@@ -1114,7 +1115,7 @@ hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
 
 static void
 hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data *hapd, const u8 *src,
-				       const u8 *buf, size_t len,
+				       const u8 *hdr, const u8 *buf, size_t len,
 				       unsigned int freq)
 {
 	int res;
@@ -1130,7 +1131,7 @@ hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data *hapd, const u8 *src,
 		return;
 	}
 
-	res = dpp_pkex_rx_commit_reveal_resp(pkex, buf, len);
+	res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
 	if (res < 0) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
 		return;
@@ -1222,10 +1223,11 @@ void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src,
 		hostapd_dpp_rx_pkex_exchange_resp(hapd, src, buf, len, freq);
 		break;
 	case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
-		hostapd_dpp_rx_pkex_commit_reveal_req(hapd, src, buf, len, freq);
+		hostapd_dpp_rx_pkex_commit_reveal_req(hapd, src, hdr, buf, len,
+						      freq);
 		break;
 	case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
-		hostapd_dpp_rx_pkex_commit_reveal_resp(hapd, src, buf, len,
+		hostapd_dpp_rx_pkex_commit_reveal_resp(hapd, src, hdr, buf, len,
 						       freq);
 		break;
 	default:
diff --git a/src/common/dpp.c b/src/common/dpp.c
index c1906791f..51079506b 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -5574,10 +5574,13 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
 	wpabuf_put_le16(clear, curve->hash_len);
 	wpabuf_put_data(clear, u, curve->hash_len);
 
+	addr[0] = wpabuf_head_u8(msg) + 2;
+	len[0] = DPP_HDR_LEN;
 	octet = 0;
-	addr[0] = &octet;
-	len[0] = sizeof(octet);
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+	addr[1] = &octet;
+	len[1] = sizeof(octet);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 	wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
 	wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
@@ -5586,7 +5589,7 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
 	wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
 	if (aes_siv_encrypt(pkex->z, curve->hash_len,
 			    wpabuf_head(clear), wpabuf_len(clear),
-			    1, addr, len, wrapped) < 0)
+			    2, addr, len, wrapped) < 0)
 		goto fail;
 	wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
 		    wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
@@ -5614,6 +5617,7 @@ fail:
 
 
 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
+					      const u8 *hdr,
 					      const u8 *buf, size_t buflen)
 {
 	const struct dpp_curve_params *curve = pkex->own_bi->curve;
@@ -5678,14 +5682,17 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 	if (!unwrapped)
 		goto fail;
 
+	addr[0] = hdr;
+	len[0] = DPP_HDR_LEN;
 	octet = 0;
-	addr[0] = &octet;
-	len[0] = sizeof(octet);
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+	addr[1] = &octet;
+	len[1] = sizeof(octet);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 	if (aes_siv_decrypt(pkex->z, curve->hash_len,
 			    wrapped_data, wrapped_data_len,
-			    1, addr, len, unwrapped) < 0) {
+			    2, addr, len, unwrapped) < 0) {
 		wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
 		goto fail;
 	}
@@ -5811,10 +5818,13 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 	wpabuf_put_le16(clear, curve->hash_len);
 	wpabuf_put_data(clear, v, curve->hash_len);
 
+	addr[0] = wpabuf_head_u8(msg) + 2;
+	len[0] = DPP_HDR_LEN;
 	octet = 1;
-	addr[0] = &octet;
-	len[0] = sizeof(octet);
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+	addr[1] = &octet;
+	len[1] = sizeof(octet);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 	wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
 	wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
@@ -5823,7 +5833,7 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 	wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
 	if (aes_siv_encrypt(pkex->z, curve->hash_len,
 			    wpabuf_head(clear), wpabuf_len(clear),
-			    1, addr, len, wrapped) < 0)
+			    2, addr, len, wrapped) < 0)
 		goto fail;
 	wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
 		    wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
@@ -5843,7 +5853,7 @@ fail:
 }
 
 
-int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex,
+int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
 				   const u8 *buf, size_t buflen)
 {
 	const struct dpp_curve_params *curve = pkex->own_bi->curve;
@@ -5876,14 +5886,17 @@ int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex,
 	if (!unwrapped)
 		goto fail;
 
+	addr[0] = hdr;
+	len[0] = DPP_HDR_LEN;
 	octet = 1;
-	addr[0] = &octet;
-	len[0] = sizeof(octet);
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+	addr[1] = &octet;
+	len[1] = sizeof(octet);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 	if (aes_siv_decrypt(pkex->z, curve->hash_len,
 			    wrapped_data, wrapped_data_len,
-			    1, addr, len, unwrapped) < 0) {
+			    2, addr, len, unwrapped) < 0) {
 		wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
 		goto fail;
 	}
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 4011696ed..dfee49918 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -268,8 +268,9 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(struct dpp_bootstrap_info *bi,
 struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
 					  const u8 *buf, size_t len);
 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
+					      const u8 *hdr,
 					      const u8 *buf, size_t len);
-int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex,
+int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
 				   const u8 *buf, size_t len);
 void dpp_pkex_free(struct dpp_pkex *pkex);
 
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 1eb6fb35d..bf29f192d 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1441,7 +1441,8 @@ wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
 
 static void
 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
-				   const u8 *buf, size_t len, unsigned int freq)
+				   const u8 *hdr, const u8 *buf, size_t len,
+				   unsigned int freq)
 {
 	struct wpabuf *msg;
 	unsigned int wait_time;
@@ -1456,7 +1457,7 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
 		return;
 	}
 
-	msg = dpp_pkex_rx_commit_reveal_req(pkex, buf, len);
+	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
 	if (!msg) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
 		return;
@@ -1497,7 +1498,7 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
 
 static void
 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
-				    const u8 *buf, size_t len,
+				    const u8 *hdr, const u8 *buf, size_t len,
 				    unsigned int freq)
 {
 	int res;
@@ -1513,7 +1514,7 @@ wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
 		return;
 	}
 
-	res = dpp_pkex_rx_commit_reveal_resp(pkex, buf, len);
+	res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
 	if (res < 0) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
 		return;
@@ -1605,10 +1606,12 @@ void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
 		wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
 		break;
 	case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
-		wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, buf, len, freq);
+		wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
+						   freq);
 		break;
 	case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
-		wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, buf, len, freq);
+		wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
+						    freq);
 		break;
 	default:
 		wpa_printf(MSG_DEBUG,