From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 24 Mar 2025 07:06:11 +0000 (+0900)
Subject: liboqs: fix shared secret assignment after decaps
X-Git-Tag: 3.8.10~31^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a456e6b73fb9bdb0278eefd5f685cdebc5d15a50;p=thirdparty%2Fgnutls.git

liboqs: fix shared secret assignment after decaps

Although we are removing liboqs support, this fixes the
_gnutls_pk_decaps implementation, where the returned shared_secret is
overridden with an empty shared secret.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 91eaffd689..769cd274a1 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1005,15 +1005,14 @@ static int ml_kem_decaps(gnutls_pk_algorithm_t algo,
 	if (kem == NULL)
 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
-	shared_secret->data = gnutls_malloc(kem->length_shared_secret);
-	if (shared_secret->data == NULL) {
-		GNUTLS_OQS_FUNC(OQS_KEM_free)(kem);
+	tmp_shared_secret.size = kem->length_shared_secret;
+	tmp_shared_secret.data = gnutls_malloc(tmp_shared_secret.size);
+	if (tmp_shared_secret.data == NULL) {
 		ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 		goto cleanup;
 	}
-	shared_secret->size = kem->length_shared_secret;
 
-	rc = GNUTLS_OQS_FUNC(OQS_KEM_decaps)(kem, shared_secret->data,
+	rc = GNUTLS_OQS_FUNC(OQS_KEM_decaps)(kem, tmp_shared_secret.data,
 					     ciphertext->data, priv->data);
 	if (rc != OQS_SUCCESS) {
 		GNUTLS_OQS_FUNC(OQS_KEM_free)(kem);