Add missing goto for checking encapsulation invariants.

vcsjones · web-flow · commit 1fb92aa670f2 · 2025-11-13T09:22:41.000-05:00
When we encapsulate something with ML-KEM on OpenSSL, we were checking
that the amount written is what we expected, but a missing `goto` caused
it to be marked as a success.

This isn't really a reliability problem since we already know how much
encapsulation sizes are, we're just making sure OpenSSL and the managed
side agree on it.
diff --git a/src/native/libs/System.Security.Cryptography.Native/pal_evp_kem.c b/src/native/libs/System.Security.Cryptography.Native/pal_evp_kem.c
@@ -187,6 +187,7 @@ int32_t CryptoNative_EvpKemEncapsulate(EVP_PKEY* pKey,
             sharedSecretLengthT != Int32ToSizeT(sharedSecretLength))
         {
             ret = -1;
+            goto done;
         }
 
         ret = 1;

Original file line number	Diff line number	Diff line change
`@@ -187,6 +187,7 @@ int32_t CryptoNative_EvpKemEncapsulate(EVP_PKEY* pKey,`
`187`	`187`	`sharedSecretLengthT != Int32ToSizeT(sharedSecretLength))`
`188`	`188`	`{`
`189`	`189`	`ret = -1;`
	`190`	`+ goto done;`
`190`	`191`	`}`
`191`	`192`
`192`	`193`	`ret = 1;`