From afb1ddc0824ce0052d72ac0d6917f144a1207424 Mon Sep 17 00:00:00 2001
From: Lars Lehtonen <lars.lehtonen@gmail.com>
Date: Fri, 22 Sep 2023 23:37:57 -0700
Subject: [PATCH] Fix missing error check in X448 (#181)

When encapsulating, we generate an ephemeral key. If the randomness provider returns an error, the key material should be discarded
---
 openpgp/internal/ecc/x448.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/openpgp/internal/ecc/x448.go b/openpgp/internal/ecc/x448.go
index ffdd51513..df04262e9 100644
--- a/openpgp/internal/ecc/x448.go
+++ b/openpgp/internal/ecc/x448.go
@@ -73,7 +73,9 @@ func (c *x448) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err er
 func (c *x448) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
 	var pk, ss x448lib.Key
 	seed, e, err := c.generateKeyPairBytes(rand)
-
+	if err != nil {
+		return nil, nil, err
+	}
 	copy(pk[:], point)
 	x448lib.Shared(&ss, &seed, &pk)