diff options
| author | Зишан Мирза <zmirza@tutanota.de> | 2024-12-24 07:05:21 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-12-30 17:13:43 +0100 |
| commit | c93f4a1e75efbb10153b2520a10e5a19a4479fdf (patch) | |
| tree | 2a0207bfdacf647785d9d541a6194941259e2cc3 /providers | |
| parent | Add a daily run-checker test for the TLS security level (diff) | |
| download | openssl-c93f4a1e75efbb10153b2520a10e5a19a4479fdf.tar.xz openssl-c93f4a1e75efbb10153b2520a10e5a19a4479fdf.zip | |
ec_kem.c: Fix ikmlen check
This makes `ikmlen` have a length of at least `Nsk`.
Closes #26213
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26254)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/kem/ec_kem.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/providers/implementations/kem/ec_kem.c b/providers/implementations/kem/ec_kem.c index 9d8f94270e..c58727c9e2 100644 --- a/providers/implementations/kem/ec_kem.c +++ b/providers/implementations/kem/ec_kem.c @@ -405,10 +405,10 @@ int ossl_ec_dhkem_derive_private(EC_KEY *ec, BIGNUM *priv, return 0; /* ikmlen should have a length of at least Nsk */ - if (ikmlen < info->Nsecret) { + if (ikmlen < info->Nsk) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH, "ikm length is :%zu, should be at least %zu", - ikmlen, info->Nsecret); + ikmlen, info->Nsk); goto err; } |