ec_kem.c: Fix ikmlen check

This makes `ikmlen` have a length of at least `Nsk`.

Closes #26213

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26254)

(cherry picked from commit c93f4a1e75efbb10153b2520a10e5a19a4479fdf)

diff --git a/providers/implementations/kem/ec_kem.c b/providers/implementations/kem/ec_kem.c
index b82f9036623882b954becbeaeee37ed12b2099a3..7f84fcbb2fae9b57563630b47ec12dcf56d1e20e 100644 (file)
--- a/providers/implementations/kem/ec_kem.c
+++ b/providers/implementations/kem/ec_kem.c
@@ -405,10 +405,10 @@ int ossl_ec_dhkem_derive_private(EC_KEY *ec, BIGNUM *priv,
         return 0;
 
     /* ikmlen should have a length of at least Nsk */
-    if (ikmlen < info->Nsecret) {
+    if (ikmlen < info->Nsk) {
         ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH,
                        "ikm length is :%zu, should be at least %zu",
-                       ikmlen, info->Nsecret);
+                       ikmlen, info->Nsk);
         goto err;
     }