public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ec_kem.c: Fix ikmlen check

Browse source 
This makes `ikmlen` have a length of at least `Nsk`.

Closes #26213

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26254)

(cherry picked from commit c93f4a1e75)
This commit is contained in:
Зишан Мирза 2024-12-24 11:05:21 +05:00 committed by Tomas Mraz
parent 9499fb2807
commit 29a4dc665b
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
providers/implementations/kem/ec_kem.c
View file

@ -405,10 +405,10 @@ int ossl_ec_dhkem_derive_private(EC_KEY *ec, BIGNUM *priv,
return 0;
/* ikmlen should have a length of at least Nsk */
if (ikmlen < info->Nsecret) {
if (ikmlen < info->Nsk) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH,
"ikm length is :%zu, should be at least %zu",
ikmlen, info->Nsecret);
ikmlen, info->Nsk);
goto err;
}