mlkem: use timingsafe_memcmp() in decapsulation - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	kenjiro <>	2026-03-06 09:22:29 +0000
committer	kenjiro <>	2026-03-06 09:22:29 +0000
commit	e6b7b55ad0eccc084f5757d7c3e4380079fc99b8 (patch)
tree	05e5460fb6abc0dd5175010436dd906cbe6f6aa2 /src/lib/libcrypto/comp
parent	3e8e3350f28d719a890f42302d9a6ea79c6ccd11 (diff)
download	openbsd-e6b7b55ad0eccc084f5757d7c3e4380079fc99b8.tar.gz openbsd-e6b7b55ad0eccc084f5757d7c3e4380079fc99b8.tar.bz2 openbsd-e6b7b55ad0eccc084f5757d7c3e4380079fc99b8.zip

mlkem: use timingsafe_memcmp() in decapsulation

Replace memcmp() with timingsafe_memcmp() when comparing the re-encrypted ciphertext. FIPS 203 Section 6.3 defines this comparison result as a secret piece of intermediate data that must not be revealed in any form. ok tb

Diffstat (limited to 'src/lib/libcrypto/comp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: