Fix ML-KEM key equality check when either unset

Fixes #28563

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28569)

diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c
index f93ef92ba6c2402d2fb686120e2d55e961b450c0..26ecafebc1e5d7679925c63ee7a24e93eb7fc2bb 100644 (file)
--- a/crypto/ml_kem/ml_kem.c
+++ b/crypto/ml_kem/ml_kem.c
@@ -2080,5 +2080,5 @@ int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2)
      * No match if just one of the public keys is not available, otherwise both
      * are unavailable, and for now such keys are considered equal.
      */
-    return (ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2));
+    return (!(ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2)));
 }

diff --git a/test/ml_kem_evp_extra_test.c b/test/ml_kem_evp_extra_test.c
index bfa52c9af2e684a36e9182505fb4ec64bd83e0ce..b867b14ad1d44af753e52f7e670e91078396e60a 100644 (file)
--- a/test/ml_kem_evp_extra_test.c
+++ b/test/ml_kem_evp_extra_test.c
@@ -140,9 +140,19 @@ static int test_ml_kem(void)
     if (!TEST_int_gt(EVP_PKEY_copy_parameters(bkey, akey), 0))
         goto err;
 
+    /* Bob's empty key is not equal to Alice's */
+    if (!TEST_false(EVP_PKEY_eq(akey, bkey))
+        || !TEST_false(EVP_PKEY_eq(bkey, akey)))
+        goto err;
+
     if (!TEST_true(EVP_PKEY_set1_encoded_public_key(bkey, rawpub, publen)))
         goto err;
 
+    /* Bob's copy of Alice's public key makes the two equal */
+    if (!TEST_true(EVP_PKEY_eq(akey, bkey))
+        || !TEST_true(EVP_PKEY_eq(bkey, akey)))
+        goto err;
+
     /* Encapsulate Bob's key */
     ctx = EVP_PKEY_CTX_new_from_pkey(testctx, bkey, NULL);
     if (!TEST_ptr(ctx))