]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0577a4) | patch
Refactor ML-KEM decap, also cleanse failure_key
authorViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 26 Mar 2026 17:02:34 +0000 (04:02 +1100)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 31 Mar 2026 05:35:30 +0000 (16:35 +1100)
commit61b795a6a7ea166eecdbd7afd1aa2c789d8100f8
treea2767f8e8ec7099802c3f1d103dcc887c2d2a694tree | snapshot
parentd0577a4c4bf665724590aed9ce98d4cb93526ae8commit | diff
Refactor ML-KEM decap, also cleanse failure_key

Pedantically cleanse the typically unused decap failure_key's stack
copy.

When actually used, it is copied into the caller's shared secret result,
perhaps to be cleansed there after use, or not, that's the callers
business.

While at it, slightly refactor the internal decap() implementation to
consolidate all the data to be cleansed into a single buffer, but now
avoid copying the public key hash, instead, when computing "K || r" as
"G(m || h)" include "h" via a separate EVP_DigestUpdate() call.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Tue Mar 31 05:35:12 2026
(Merged from https://github.com/openssl/openssl/pull/30598)
crypto/ml_kem/ml_kem.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git