MLKEM_SHARED_SECRET_LENGTH
if ((secret = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)
*out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;
freezero(secret, MLKEM_SHARED_SECRET_LENGTH);
if ((s = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)
*out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;
freezero(s, MLKEM_SHARED_SECRET_LENGTH);
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH],
size_t ciphertext_len, uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH])
arc4random_buf(out_shared_secret, MLKEM_SHARED_SECRET_LENGTH);
arc4random_buf(out_shared_secret, MLKEM_SHARED_SECRET_LENGTH);
for (i = 0; i < MLKEM_SHARED_SECRET_LENGTH; i++) {
kdf(uint8_t out[MLKEM_SHARED_SECRET_LENGTH], const uint8_t failure_secret[32],
shake_out(&ctx, out, MLKEM_SHARED_SECRET_LENGTH);
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH]);
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH],
if (shared_secret_buf_len != MLKEM_SHARED_SECRET_LENGTH) {
shared_secret_buf_len, MLKEM_SHARED_SECRET_LENGTH);
MLKEM_SHARED_SECRET_LENGTH, CBS_len(&k)))
if (shared_secret_len != MLKEM_SHARED_SECRET_LENGTH) {
shared_secret_len, MLKEM_SHARED_SECRET_LENGTH);
if (shared_secret_buf_len != MLKEM_SHARED_SECRET_LENGTH) {
shared_secret_buf_len, MLKEM_SHARED_SECRET_LENGTH);
if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
MLKEM_SHARED_SECRET_LENGTH);
if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
MLKEM_SHARED_SECRET_LENGTH);
if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
MLKEM_SHARED_SECRET_LENGTH);