From ec89739d50226a2959e7635e5c3df01e703e6869 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 11 Oct 2022 12:32:04 +0200 Subject: [PATCH] nts: make sure encrypted S2C and C2S keys have equal length Don't allow a cookie to contain keys with different lengths to not break the assumption made in decoding, if there will ever be a case where this could be requested. --- nts_ke_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nts_ke_server.c b/nts_ke_server.c index ece1b4c..948058a 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -869,7 +869,7 @@ NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie) } if (context->c2s.length < 0 || context->c2s.length > NKE_MAX_KEY_LENGTH || - context->s2c.length < 0 || context->s2c.length > NKE_MAX_KEY_LENGTH) { + context->s2c.length != context->c2s.length) { DEBUG_LOG("Invalid key length"); return 0; }