From 8c2e30618ba07e5c076d4f6492f61fe7dea05412 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sun, 18 Jan 2026 08:58:31 +0000 Subject: mlkem: fix mklem_{generate_key,encap}_external_entropy() declarations The prototypes used sized arrays appropriate only for MLKEM768 while the declarations used pointers. For some reason clang doesn't flag this but gcc does. In any case it was wrong. The callers of these functions check that they pass in the correct size. Which is weird but the mlkem directory has an unbelievable amount of mess and bad code. found by/ok jsing --- src/lib/libcrypto/mlkem/mlkem_internal.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/lib/libcrypto/mlkem/mlkem_internal.h b/src/lib/libcrypto/mlkem/mlkem_internal.h index a8b1a16359..42b5ba03b8 100644 --- a/src/lib/libcrypto/mlkem/mlkem_internal.h +++ b/src/lib/libcrypto/mlkem/mlkem_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mlkem_internal.h,v 1.13 2026/01/18 08:49:42 tb Exp $ */ +/* $OpenBSD: mlkem_internal.h,v 1.14 2026/01/18 08:58:31 tb Exp $ */ /* * Copyright (c) 2023, Google Inc. * Copyright (c) 2025, Bob Beck @@ -251,8 +251,7 @@ int mlkem_parse_private_key(const uint8_t *input, size_t input_len, * regular callers should use the non-deterministic |MLKEM_generate_key| * directly. */ -int mlkem_generate_key_external_entropy( - uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES], +int mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key, MLKEM_private_key *out_private_key, const uint8_t entropy[MLKEM_SEED_LENGTH]); @@ -271,8 +270,7 @@ int mlkem_marshal_private_key(const MLKEM_private_key *private_key, * used for tests, regular callers should use the non-deterministic * |MLKEM_encap| directly. */ -void mlkem_encap_external_entropy( - uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES], +void mlkem_encap_external_entropy(uint8_t *out_ciphertext, uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH], const MLKEM_public_key *public_key, const uint8_t entropy[MLKEM_ENCAP_ENTROPY]); -- cgit v1.2.3-55-g6feb