Fix up MLKEM768_marshal_private_key to not use a passed in CBB

Even though this should remain internal, make it the same
as the public key marshal function, and make the needed
fallout changes in regress.

This does not yet do the bikeshed of renaming the structure
field in the regress ctx, that will wait until a follow on
to convert 1024 in a similar manner

ok tb@

1 files changed, 40 insertions, 24 deletions

diff --git a/src/lib/libcrypto/mlkem/mlkem768.c b/src/lib/libcrypto/mlkem/mlkem768.c
index b20545defc..82adea7b42 100644
--- a/src/lib/libcrypto/mlkem/mlkem768.c
+++ b/src/lib/libcrypto/mlkem/mlkem768.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mlkem768.c,v 1.10 2025/05/19 07:40:17 beck Exp $ */
+/* $OpenBSD: mlkem768.c,v 1.11 2025/05/19 07:53:00 beck Exp $ */
 /*
  * Copyright (c) 2024, Google Inc.
  * Copyright (c) 2024, Bob Beck <beck@obtuse.com>
@@ -611,6 +611,19 @@ vector_encode(uint8_t *out, const vector *a, int bits)
         }
 }
 
+/* Encodes an entire vector as above, but adding it to a CBB */
+static int
+vector_encode_cbb(CBB *cbb, const vector *a, int bits)
+{
+        uint8_t *encoded_vector;
+
+        if (!CBB_add_space(cbb, &encoded_vector, kEncodedVectorSize))
+                return 0;
+        vector_encode(encoded_vector, a, bits);
+
+        return 1;
+}
+
 /*
  * scalar_decode parses |DEGREE * bits| bits from |in| into |DEGREE| values in
  * |out|. It returns one on success and zero if any parsed value is >=
@@ -850,16 +863,9 @@ LCRYPTO_ALIAS(MLKEM768_private_key_from_seed);
 static int
 mlkem_marshal_public_key(CBB *out, const struct public_key *pub)
 {
-        uint8_t *vector_output;
-
-        if (!CBB_add_space(out, &vector_output, kEncodedVectorSize)) {
+        if (!vector_encode_cbb(out, &pub->t, kLog2Prime))
                 return 0;
-        }
-        vector_encode(vector_output, &pub->t, kLog2Prime);
-        if (!CBB_add_bytes(out, pub->rho, sizeof(pub->rho))) {
-                return 0;
-        }
-        return 1;
+        return CBB_add_bytes(out, pub->rho, sizeof(pub->rho));
 }
 
 int
@@ -1117,27 +1123,37 @@ MLKEM768_parse_public_key(struct MLKEM768_public_key *public_key,
 LCRYPTO_ALIAS(MLKEM768_parse_public_key);
 
 int
-MLKEM768_marshal_private_key(CBB *out,
-    const struct MLKEM768_private_key *private_key)
+MLKEM768_marshal_private_key(const struct MLKEM768_private_key *private_key,
+    uint8_t **out_private_key, size_t *out_private_key_len)
 {
         const struct private_key *const priv = private_key_768_from_external(
             private_key);
-        uint8_t *s_output;
+        CBB cbb;
+        int ret = 0;
 
-        if (!CBB_add_space(out, &s_output, kEncodedVectorSize)) {
-                return 0;
-        }
-        vector_encode(s_output, &priv->s, kLog2Prime);
-        if (!mlkem_marshal_public_key(out, &priv->pub))
-                return 0;
-        if (!CBB_add_bytes(out, priv->pub.public_key_hash,
+        if (!CBB_init(&cbb, MLKEM768_PRIVATE_KEY_BYTES))
+                goto err;
+
+        if (!vector_encode_cbb(&cbb, &priv->s, kLog2Prime))
+                goto err;
+        if (!mlkem_marshal_public_key(&cbb, &priv->pub))
+                goto err;
+        if (!CBB_add_bytes(&cbb, priv->pub.public_key_hash,
             sizeof(priv->pub.public_key_hash)))
-                return 0;
-        if (!CBB_add_bytes(out, priv->fo_failure_secret,
+                goto err;
+        if (!CBB_add_bytes(&cbb, priv->fo_failure_secret,
             sizeof(priv->fo_failure_secret)))
-                return 0;
+                goto err;
 
-        return 1;
+        if (!CBB_finish(&cbb, out_private_key, out_private_key_len))
+                goto err;
+
+        ret = 1;
+
+ err:
+        CBB_cleanup(&cbb);
+
+        return ret;
 }
 
 int