Add additional internal HPKE hardening checks resulting from code audit.

Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22493) (cherry picked from commit a1c0306895bf6cf28056aaf9cd22cb3b65d4bb0a)
author: Stephen Farrell <stephen.farrell@cs.tcd.ie> 2023-10-16 21:04:06 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-11-03 09:10:50 +0100
commit: 2a4f8da45c73cff771ae45de46ef73095a6ca29e (patch)
tree: 11529a01d3586f9fda24f189ddc1ede71f35f1ab /include
parent: 96e58e32ffd7deaf5184d5e502b476554d39216b (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index dbe6c72969..ea7620d631 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -35,6 +35,7 @@
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
 # define EVP_MAX_BLOCK_LENGTH            32
+# define EVP_MAX_AEAD_TAG_LENGTH         16
 
 # define PKCS5_SALT_LEN                  8
 /* Default PKCS#5 iteration count */
diff --git a/include/openssl/hpke.h b/include/openssl/hpke.h
index 1bb9ada3c4..af637ac61a 100644
--- a/include/openssl/hpke.h
+++ b/include/openssl/hpke.h
@@ -26,6 +26,7 @@
  * Appendix A.6.1 with a 66 octet IKM so we'll allow that.
  */
 # define OSSL_HPKE_MAX_PARMLEN        66
+# define OSSL_HPKE_MIN_PSKLEN         32
 # define OSSL_HPKE_MAX_INFOLEN        1024
 
 /*
author	Stephen Farrell <stephen.farrell@cs.tcd.ie>	2023-10-16 21:04:06 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-11-03 09:10:50 +0100
commit	2a4f8da45c73cff771ae45de46ef73095a6ca29e (patch)
tree	11529a01d3586f9fda24f189ddc1ede71f35f1ab /include
parent	96e58e32ffd7deaf5184d5e502b476554d39216b (diff)