1 files changed, 40 insertions, 24 deletions
diff --git a/src/lib/libcrypto/mlkem/mlkem1024.c b/src/lib/libcrypto/mlkem/mlkem1024.c
index 27e34898d1..59ebaaa3cb 100644
--- a/src/lib/libcrypto/mlkem/mlkem1024.c
+++ b/src/lib/libcrypto/mlkem/mlkem1024.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mlkem1024.c,v 1.9 2025/05/19 07:40:17 beck Exp $ */
+/* $OpenBSD: mlkem1024.c,v 1.10 2025/05/20 00:33:40 beck Exp $ */
 /*
 * Copyright (c) 2024, Google Inc.
 * Copyright (c) 2024, Bob Beck <beck@obtuse.com>
@@ -612,6 +612,19 @@ vector_encode(uint8_t *out, const vector *a, int bits)
        }
 }
+/* Encodes an entire vector as above, but adding it to a CBB */
+static int
+vector_encode_cbb(CBB *cbb, const vector *a, int bits)
+{
+        uint8_t *encoded_vector;
+        if (!CBB_add_space(cbb, &encoded_vector, kEncodedVectorSize))
+                return 0;
+        vector_encode(encoded_vector, a, bits);
+        return 1;
+}
 /*
 * scalar_decode parses |DEGREE * bits| bits from |in| into |DEGREE| values in
 * |out|. It returns one on success and zero if any parsed value is >=
@@ -851,16 +864,9 @@ LCRYPTO_ALIAS(MLKEM1024_private_key_from_seed);
 static int
 mlkem_marshal_public_key(CBB *out, const struct public_key *pub)
 {
-        uint8_t *vector_output;
+        if (!vector_encode_cbb(out, &pub->t, kLog2Prime))
-        if (!CBB_add_space(out, &vector_output, kEncodedVectorSize)) {
                return 0;
-        }
+        return CBB_add_bytes(out, pub->rho, sizeof(pub->rho));
-        vector_encode(vector_output, &pub->t, kLog2Prime);
-        if (!CBB_add_bytes(out, pub->rho, sizeof(pub->rho))) {
-                return 0;
-        }
-        return 1;
 }
 int
@@ -1120,27 +1126,37 @@ MLKEM1024_parse_public_key(struct MLKEM1024_public_key *public_key,
 LCRYPTO_ALIAS(MLKEM1024_parse_public_key);
 int
-MLKEM1024_marshal_private_key(CBB *out,
+MLKEM1024_marshal_private_key(const struct MLKEM1024_private_key *private_key,
-    const struct MLKEM1024_private_key *private_key)
+    uint8_t **out_private_key, size_t *out_private_key_len)
 {
        const struct private_key *const priv = private_key_1024_from_external(
            private_key);
-        uint8_t *s_output;
+        CBB cbb;
+        int ret = 0;
-        if (!CBB_add_space(out, &s_output, kEncodedVectorSize)) {
+        if (!CBB_init(&cbb, MLKEM1024_PRIVATE_KEY_BYTES))
-                return 0;
+                goto err;
-        }
-        vector_encode(s_output, &priv->s, kLog2Prime);
+        if (!vector_encode_cbb(&cbb, &priv->s, kLog2Prime))
-        if (!mlkem_marshal_public_key(out, &priv->pub))
+                goto err;
-                return 0;
+        if (!mlkem_marshal_public_key(&cbb, &priv->pub))
-        if (!CBB_add_bytes(out, priv->pub.public_key_hash,
+                goto err;
+        if (!CBB_add_bytes(&cbb, priv->pub.public_key_hash,
            sizeof(priv->pub.public_key_hash)))
-                return 0;
+                goto err;
-        if (!CBB_add_bytes(out, priv->fo_failure_secret,
+        if (!CBB_add_bytes(&cbb, priv->fo_failure_secret,
            sizeof(priv->fo_failure_secret)))
-                return 0;
+                goto err;
-        return 1;
+        if (!CBB_finish(&cbb, out_private_key, out_private_key_len))
+                goto err;
+        ret = 1;
+ err:
+        CBB_cleanup(&cbb);
+        return ret;
 }
 int

diff --git a/src/lib/libcrypto/mlkem/mlkem1024.c b/src/lib/libcrypto/mlkem/mlkem1024.c index 27e34898d1..59ebaaa3cb 100644 --- a/src/lib/libcrypto/mlkem/mlkem1024.c +++ b/src/lib/libcrypto/mlkem/mlkem1024.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem1024.c,v 1.9 2025/05/19 07:40:17 beck Exp $ */	1	/* $OpenBSD: mlkem1024.c,v 1.10 2025/05/20 00:33:40 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2024, Google Inc.	3	* Copyright (c) 2024, Google Inc.
4	* Copyright (c) 2024, Bob Beck <beck@obtuse.com>	4	* Copyright (c) 2024, Bob Beck <beck@obtuse.com>
@@ -612,6 +612,19 @@ vector_encode(uint8_t out, const vector a, int bits)
612	}	612	}
613	}	613	}
614		614
		615	/* Encodes an entire vector as above, but adding it to a CBB */
		616	static int
		617	vector_encode_cbb(CBB cbb, const vector a, int bits)
		618	{
		619	uint8_t *encoded_vector;
		620
		621	if (!CBB_add_space(cbb, &encoded_vector, kEncodedVectorSize))
		622	return 0;
		623	vector_encode(encoded_vector, a, bits);
		624
		625	return 1;
		626	}
		627
615	/*	628	/*
616	* scalar_decode parses \|DEGREE * bits\| bits from \|in\| into \|DEGREE\| values in	629	* scalar_decode parses \|DEGREE * bits\| bits from \|in\| into \|DEGREE\| values in
617	* \|out\|. It returns one on success and zero if any parsed value is >=	630	* \|out\|. It returns one on success and zero if any parsed value is >=
@@ -851,16 +864,9 @@ LCRYPTO_ALIAS(MLKEM1024_private_key_from_seed);
851	static int	864	static int
852	mlkem_marshal_public_key(CBB out, const struct public_key pub)	865	mlkem_marshal_public_key(CBB out, const struct public_key pub)
853	{	866	{
854	uint8_t *vector_output;	867	if (!vector_encode_cbb(out, &pub->t, kLog2Prime))
855
856	if (!CBB_add_space(out, &vector_output, kEncodedVectorSize)) {
857	return 0;	868	return 0;
858	}	869	return CBB_add_bytes(out, pub->rho, sizeof(pub->rho));
859	vector_encode(vector_output, &pub->t, kLog2Prime);
860	if (!CBB_add_bytes(out, pub->rho, sizeof(pub->rho))) {
861	return 0;
862	}
863	return 1;
864	}	870	}
865		871
866	int	872	int
@@ -1120,27 +1126,37 @@ MLKEM1024_parse_public_key(struct MLKEM1024_public_key *public_key,
1120	LCRYPTO_ALIAS(MLKEM1024_parse_public_key);	1126	LCRYPTO_ALIAS(MLKEM1024_parse_public_key);
1121		1127
1122	int	1128	int
1123	MLKEM1024_marshal_private_key(CBB *out,	1129	MLKEM1024_marshal_private_key(const struct MLKEM1024_private_key *private_key,
1124	const struct MLKEM1024_private_key *private_key)	1130	uint8_t *out_private_key, size_t out_private_key_len)
1125	{	1131	{
1126	const struct private_key *const priv = private_key_1024_from_external(	1132	const struct private_key *const priv = private_key_1024_from_external(
1127	private_key);	1133	private_key);
1128	uint8_t *s_output;	1134	CBB cbb;
		1135	int ret = 0;
1129		1136
1130	if (!CBB_add_space(out, &s_output, kEncodedVectorSize)) {	1137	if (!CBB_init(&cbb, MLKEM1024_PRIVATE_KEY_BYTES))
1131	return 0;	1138	goto err;
1132	}	1139
1133	vector_encode(s_output, &priv->s, kLog2Prime);	1140	if (!vector_encode_cbb(&cbb, &priv->s, kLog2Prime))
1134	if (!mlkem_marshal_public_key(out, &priv->pub))	1141	goto err;
1135	return 0;	1142	if (!mlkem_marshal_public_key(&cbb, &priv->pub))
1136	if (!CBB_add_bytes(out, priv->pub.public_key_hash,	1143	goto err;
		1144	if (!CBB_add_bytes(&cbb, priv->pub.public_key_hash,
1137	sizeof(priv->pub.public_key_hash)))	1145	sizeof(priv->pub.public_key_hash)))
1138	return 0;	1146	goto err;
1139	if (!CBB_add_bytes(out, priv->fo_failure_secret,	1147	if (!CBB_add_bytes(&cbb, priv->fo_failure_secret,
1140	sizeof(priv->fo_failure_secret)))	1148	sizeof(priv->fo_failure_secret)))
1141	return 0;	1149	goto err;
1142		1150
1143	return 1;	1151	if (!CBB_finish(&cbb, out_private_key, out_private_key_len))
		1152	goto err;
		1153
		1154	ret = 1;
		1155
		1156	err:
		1157	CBB_cleanup(&cbb);
		1158
		1159	return ret;
1144	}	1160	}
1145		1161
1146	int	1162	int