From 48bae57f247f58e4242dd28bcb0a76cb7d5b0756 Mon Sep 17 00:00:00 2001
From: Thom Wiggers <thom@thomwiggers.nl>
Date: Tue, 16 Apr 2019 15:25:18 +0200
Subject: [PATCH] Fix NTRU implementation according to
 https://github.com/jschanck/ntru/commit/c7fa0b98bcf446077ca3c83c2f9fa81d6bd6f212

---
 crypto_kem/ntruhps2048509/clean/kem.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto_kem/ntruhps2048509/clean/kem.c b/crypto_kem/ntruhps2048509/clean/kem.c
index 09757cb2..97351508 100644
--- a/crypto_kem/ntruhps2048509/clean/kem.c
+++ b/crypto_kem/ntruhps2048509/clean/kem.c
@@ -37,7 +37,6 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
     int i, fail;
     uint8_t rm[NTRU_OWCPA_MSGBYTES];
     uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
-    uint8_t *cmp = buf + NTRU_PRFKEYBYTES;
 
     fail = PQCLEAN_NTRUHPS2048509_CLEAN_owcpa_dec(rm, c, sk);
     /* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
@@ -50,9 +49,9 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
         buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
     }
     for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
-        cmp[i] = c[i];
+        buf[NTRU_PRFKEYBYTES + i] = c[i];
     }
-    sha3_256(rm, cmp, NTRU_CIPHERTEXTBYTES);
+    sha3_256(rm, buf, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
 
     PQCLEAN_NTRUHPS2048509_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);