From d52be132c779f198aa026b8a76f41dffae81c837 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 4 Aug 2025 17:45:53 +0900
Subject: gpg: Fix a regression composite KEM with PQC and ECC.

* g10/pkglue.c (do_encrypt_kem): Length of shared secret is the hash
length in this case, not the scalar length.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/pkglue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/pkglue.c b/g10/pkglue.c
index a6bd893b3..11d252f0a 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -486,8 +486,8 @@ do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo,
       goto leave;
     }
   ecc_ct_len = ecc_ecdh_len = ecc->point_len;
-  ecc_ss_len = ecc->scalar_len;
   ecc_hash_algo = ecc->hash_algo;
+  ecc_ss_len = gcry_md_get_algo_dlen (ecc_hash_algo);
 
   ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
   ecc_pubkey_len = (nbits+7)/8;
-- 
cgit v1.2.3