CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2025/09/14 10:47:37
Modified files:
lib/libcrypto/mlkem: mlkem_internal.c
Log message:
mlkem_public_to_private: fix overread/information leak
After the guts of MLKEM_public_key were changed from a union to a struct,
the aligner grew the struct, leaking as many bytes of private key data as
the struct grew (on normal platforms that would be 2).
Ideally this would all be a bit more robust.
CID 621603 621604
ok jsing kenjiro
