public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SLH-DSA - restrict keygen seed length to exact value of 3*n

Browse source 
It was allowing the seed to be larger, and then just ignoring the
trailing bytes.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26858)
This commit is contained in:
slontis 2025-02-21 08:54:36 +11:00
parent 5b52a6395c
commit 6e770d38c7
5 changed files with 50 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crypto/slh_dsa/slh_dsa_key.c
View file

@ -357,7 +357,7 @@ int ossl_slh_dsa_generate_key(SLH_DSA_HASH_CTX *ctx, SLH_DSA_KEY *out,
uint8_t *pub = SLH_DSA_PUB(out);
if (entropy != NULL && entropy_len != 0) {
if (entropy_len < entropy_len_expected)
if (entropy_len != entropy_len_expected)
goto err;
memcpy(priv, entropy, entropy_len_expected);
} else {