From 02cf8234b4d005ecc858bb5f913272b6f70b1bb8 Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Fri, 7 Oct 2022 13:52:47 +0100
Subject: [PATCH] Fix ots sig length check in LMS validate function

Signed-off-by: Raef Coles <raef.coles@arm.com>
---
 library/lms.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/lms.c b/library/lms.c
index a8411797d2..1e0f319109 100644
--- a/library/lms.c
+++ b/library/lms.c
@@ -733,7 +733,7 @@ int mbedtls_lms_sign( mbedtls_lms_private_t *ctx,
     ret = mbedtls_lmots_sign( &ctx->ots_private_keys[q_leaf_identifier],
                               f_rng, p_rng, msg, msg_size,
                               sig + SIG_OTS_SIG_OFFSET,
-                              MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype),
+                              MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype) - SIG_OTS_SIG_OFFSET,
                               NULL );
     if( ret != 0 )
     {