From: Viktor Dukhovni Date: Tue, 16 Sep 2025 12:40:32 +0000 (+1000) Subject: Fix ML-KEM key equality check when either unset X-Git-Tag: openssl-3.6.0~44 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3cf5e10317c266449885ff830a45681ecec6f410;p=thirdparty%2Fopenssl.git Fix ML-KEM key equality check when either unset Fixes #28563 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/28569) (cherry picked from commit d20cbc90e48cdd2a56444fc5d6f244d36362cb49) --- diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c index f93ef92ba6c..26ecafebc1e 100644 --- a/crypto/ml_kem/ml_kem.c +++ b/crypto/ml_kem/ml_kem.c @@ -2080,5 +2080,5 @@ int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2) * No match if just one of the public keys is not available, otherwise both * are unavailable, and for now such keys are considered equal. */ - return (ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2)); + return (!(ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2))); } diff --git a/test/ml_kem_evp_extra_test.c b/test/ml_kem_evp_extra_test.c index bfa52c9af2e..b867b14ad1d 100644 --- a/test/ml_kem_evp_extra_test.c +++ b/test/ml_kem_evp_extra_test.c @@ -140,9 +140,19 @@ static int test_ml_kem(void) if (!TEST_int_gt(EVP_PKEY_copy_parameters(bkey, akey), 0)) goto err; + /* Bob's empty key is not equal to Alice's */ + if (!TEST_false(EVP_PKEY_eq(akey, bkey)) + || !TEST_false(EVP_PKEY_eq(bkey, akey))) + goto err; + if (!TEST_true(EVP_PKEY_set1_encoded_public_key(bkey, rawpub, publen))) goto err; + /* Bob's copy of Alice's public key makes the two equal */ + if (!TEST_true(EVP_PKEY_eq(akey, bkey)) + || !TEST_true(EVP_PKEY_eq(bkey, akey))) + goto err; + /* Encapsulate Bob's key */ ctx = EVP_PKEY_CTX_new_from_pkey(testctx, bkey, NULL); if (!TEST_ptr(ctx))