diff --git a/src/sae.c b/src/sae.c
index eff50977..d80fd506 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -495,12 +495,6 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
 		goto reject;
 	}
 
-	/* Scalar + Point + group */
-	if (len < nbytes + nbytes * 2 + 2) {
-		l_error("bad packet length");
-		goto reject;
-	}
-
 	ptr += 2;
 
 	sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes);
@@ -860,6 +854,11 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction,
 			return -EPROTO;
 		}
 
+		len -= 2;
+
+		if (len < l_ecc_curve_get_scalar_bytes(sm->curve) * 3)
+			return -EBADMSG;
+
 		return 0;
 	default:
 		/*