ML_KEM init refactoring, unconditional entropy cleanup

author Igor Ustinov <igus68@gmail.com>

Tue, 4 Nov 2025 13:20:47 +0000 (14:20 +0100)

committer Tomas Mraz <tomas@openssl.org>

Tue, 18 Nov 2025 17:11:54 +0000 (18:11 +0100)
author Igor Ustinov <igus68@gmail.com>
Tue, 4 Nov 2025 13:20:47 +0000 (14:20 +0100)
committer Tomas Mraz <tomas@openssl.org>
Tue, 18 Nov 2025 17:11:54 +0000 (18:11 +0100)
diff --git a/providers/implementations/kem/ml_kem_kem.c b/providers/implementations/kem/ml_kem_kem.c

index bb27c9626668af8609abae2a29d5ae3dcb37bed4..13b097823e0038fa98e8a34c6488651931f014ea 100644 (file)
--- a/providers/implementations/kem/ml_kem_kem.c
+++ b/providers/implementations/kem/ml_kem_kem.c
@@ -70,6 +70,10 @@ static int ml_kem_init(void *vctx, int op, void *key,
          return 0;
      ctx->key = key;
      ctx->op = op;
+    if (ctx->entropy != NULL) {
+        OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
+        ctx->entropy = NULL;
+    }
      return ml_kem_set_ctx_params(vctx, params);
  }
  
@@ -105,12 +109,6 @@ static int ml_kem_set_ctx_params(void *vctx, const OSSL_PARAM params[])
      if (ctx == NULL || !ml_kem_set_ctx_params_decoder(params, &p))
          return 0;
  
-    if (ctx->op == EVP_PKEY_OP_DECAPSULATE && ctx->entropy != NULL) {
-        /* Decapsulation is deterministic */
-        OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
-        ctx->entropy = NULL;
-    }
-
      /* Encapsulation ephemeral input key material "ikmE" */
      if (ctx->op == EVP_PKEY_OP_ENCAPSULATE && p.ikme != NULL) {
          size_t len = ML_KEM_RANDOM_BYTES;
author	Igor Ustinov <igus68@gmail.com>
	Tue, 4 Nov 2025 13:20:47 +0000 (14:20 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 18 Nov 2025 17:11:54 +0000 (18:11 +0100)