5 files changed, 50 insertions, 50 deletions
diff --git a/src/lib/libcrypto/mlkem/mlkem.c b/src/lib/libcrypto/mlkem/mlkem.c
index 9461a338e9..006937c39d 100644
--- a/src/lib/libcrypto/mlkem/mlkem.c
+++ b/src/lib/libcrypto/mlkem/mlkem.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem.c,v 1.4 2025/09/05 23:30:12 beck Exp $ */
+/*      $OpenBSD: mlkem.c,v 1.5 2026/01/01 12:47:52 tb Exp $ */
 /*
 * Copyright (c) 2025, Bob Beck <beck@obtuse.com>
 *
@@ -24,7 +24,7 @@ private_key_is_new(const MLKEM_private_key *key)
 {
        return (key != NULL &&
            key->state == MLKEM_PRIVATE_KEY_UNINITIALIZED &&
-            (key->rank == RANK768 || key->rank == RANK1024));
+            (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK));
 }
 static inline int
@@ -32,7 +32,7 @@ private_key_is_valid(const MLKEM_private_key *key)
 {
        return (key != NULL &&
            key->state == MLKEM_PRIVATE_KEY_INITIALIZED &&
-            (key->rank == RANK768 || key->rank == RANK1024));
+            (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK));
 }
 static inline int
@@ -40,7 +40,7 @@ public_key_is_new(const MLKEM_public_key *key)
 {
        return (key != NULL &&
            key->state == MLKEM_PUBLIC_KEY_UNINITIALIZED &&
-            (key->rank == RANK768 || key->rank == RANK1024));
+            (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK));
 }
 static inline int
@@ -48,7 +48,7 @@ public_key_is_valid(const MLKEM_public_key *key)
 {
        return (key != NULL &&
            key->state == MLKEM_PUBLIC_KEY_INITIALIZED &&
-            (key->rank == RANK768 || key->rank == RANK1024));
+            (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK));
 }
 /*
@@ -71,7 +71,7 @@ MLKEM_generate_key_external_entropy(MLKEM_private_key *private_key,
                goto err;
        k_len = MLKEM768_PUBLIC_KEY_BYTES;
-        if (private_key->rank == RANK1024)
+        if (private_key->rank == MLKEM1024_RANK)
                k_len = MLKEM1024_PUBLIC_KEY_BYTES;
        if ((k = calloc(1, k_len)) == NULL)
diff --git a/src/lib/libcrypto/mlkem/mlkem.h b/src/lib/libcrypto/mlkem/mlkem.h
index dac3cf24de..17978782a7 100644
--- a/src/lib/libcrypto/mlkem/mlkem.h
+++ b/src/lib/libcrypto/mlkem/mlkem.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem.h,v 1.8 2025/08/19 21:37:08 tb Exp $ */
+/*      $OpenBSD: mlkem.h,v 1.9 2026/01/01 12:47:52 tb Exp $ */
 /*
 * Copyright (c) 2025 Bob Beck <beck@obtuse.com>
 *
@@ -29,8 +29,8 @@ extern "C" {
 * ML-KEM constants
 */
-#define RANK768 3
+#define MLKEM768_RANK   3
-#define RANK1024 4
+#define MLKEM1024_RANK  4
 /*
 * ML-KEM keys
@@ -41,8 +41,8 @@ typedef struct MLKEM_public_key_st MLKEM_public_key;
 /*
 * MLKEM_private_key_new allocates a new uninitialized ML-KEM private key for
- * |rank|, which must be RANK768 or RANK1024. It returns a pointer to an
+ * |rank|, which must be MLKEM768_RANK or MLKEM1024_RANK. It returns a pointer
- * allocated structure suitable for holding a generated private key of the
+ * to an allocated structure suitable for holding a generated private key of the
 * corresponding rank on success, NULL is returned on failure. The caller is
 * responsible for deallocating the resulting key with |MLKEM_private_key_free|.
 */
@@ -71,8 +71,8 @@ size_t MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key);
 /*
 * MLKEM_public_key_new allocates a new uninitialized ML-KEM public key for
- * |rank|, which must be RANK768 or RANK1024. It returns a pointer to an
+ * |rank|, which must be MLKEM768_RANK or MLKEM1024_RANK. It returns a pointer
- * allocated structure suitable for holding a generated public key of the
+ * to an allocated structure suitable for holding a generated public key of the
 * corresponding rank on success, NULL is returned on failure. The caller is
 * responsible for deallocating the resulting key with |MLKEM_public_key_free|.
 */
@@ -94,8 +94,8 @@ size_t MLKEM_public_key_encoded_length(const MLKEM_public_key *key);
 /*
 * MLKEM_public_key_cipertext_length returns the number of bytes produced as the
- * ciphertext when encrypting a shared secret with |key| using |MLKEM_encap|. Zero
+ * ciphertext when encrypting a shared secret with |key| using |MLKEM_encap|.
- * is returned if |key| is NULL or has an invalid rank.
+ * Zero is returned if |key| is NULL or has an invalid rank.
 */
 size_t MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key);
diff --git a/src/lib/libcrypto/mlkem/mlkem_internal.c b/src/lib/libcrypto/mlkem/mlkem_internal.c
index cdc198b7cd..903b1ea2a3 100644
--- a/src/lib/libcrypto/mlkem/mlkem_internal.c
+++ b/src/lib/libcrypto/mlkem/mlkem_internal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mlkem_internal.c,v 1.3 2025/09/16 06:12:04 tb Exp $ */
+/* $OpenBSD: mlkem_internal.c,v 1.4 2026/01/01 12:47:52 tb Exp $ */
 /*
 * Copyright (c) 2024, Google Inc.
 * Copyright (c) 2024, 2025 Bob Beck <beck@obtuse.com>
@@ -103,7 +103,7 @@ encoded_vector_size(uint16_t rank)
 static inline size_t
 compressed_vector_size(uint16_t rank)
 {
-        return ((rank == RANK768) ? kDU768 : kDU1024) * rank * DEGREE / 8;
+        return ((rank == MLKEM768_RANK) ? kDU768 : kDU1024) * rank * DEGREE / 8;
 }
 typedef struct scalar {
@@ -615,7 +615,7 @@ scalar_encode_1(uint8_t out[32], const scalar *s)
 }
 /*
- * Encodes an entire vector into 32*|RANK768|*|bits| bytes. Note that since 256
+ * Encodes an entire vector into 32*|MLKEM768_RANK|*|bits| bytes. Since 256
 * (DEGREE) is divisible by 8, the individual vector entries will always fill a
 * whole number of bytes, so we do not need to worry about bit packing here.
 */
@@ -707,7 +707,7 @@ scalar_decode_1(scalar *out, const uint8_t in[32])
 }
 /*
- * Decodes 32*|RANK768|*|bits| bytes from |in| into |out|. It returns one on
+ * Decodes 32*|MLKEM768_RANK|*|bits| bytes from |in| into |out|. It returns one on
 * success or zero if any parsed value is >= |kPrime|.
 */
 static int
@@ -831,7 +831,7 @@ public_key_from_external(const MLKEM_public_key *external,
        uint8_t *bytes = external->key_768->bytes;
        size_t offset = 0;
-        if (external->rank == RANK1024)
+        if (external->rank == MLKEM1024_RANK)
                bytes = external->key_1024->bytes;
        pub->t = (struct scalar *)bytes + offset;
@@ -858,7 +858,7 @@ private_key_from_external(const MLKEM_private_key *external,
        size_t offset = 0;
        uint8_t *bytes = external->key_768->bytes;
-        if (external->rank == RANK1024)
+        if (external->rank == MLKEM1024_RANK)
                bytes = external->key_1024->bytes;
        priv->pub.t = (struct scalar *)(bytes + offset);
@@ -898,7 +898,7 @@ mlkem_private_key_from_seed(const uint8_t *seed, size_t seed_len,
    MLKEM_private_key *out_private_key)
 {
        uint8_t *public_key_buf = NULL;
-        size_t public_key_buf_len = out_private_key->rank == RANK768 ?
+        size_t public_key_buf_len = out_private_key->rank == MLKEM768_RANK ?
            MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES;
        int ret = 0;
@@ -937,7 +937,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key,
        uint8_t *rho, *sigma;
        uint8_t counter = 0;
        uint8_t hashed[64];
-        scalar error[RANK1024];
+        scalar error[MLKEM1024_RANK];
        CBB cbb;
        int ret = 0;
@@ -961,7 +961,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key,
        vector_add(priv.pub.t, &error[0], out_private_key->rank);
        if (!CBB_init_fixed(&cbb, out_encoded_public_key,
-            out_private_key->rank == RANK768 ? MLKEM768_PUBLIC_KEY_BYTES :
+            out_private_key->rank == MLKEM768_RANK ? MLKEM768_PUBLIC_KEY_BYTES :
            MLKEM1024_PUBLIC_KEY_BYTES))
                goto err;
@@ -970,7 +970,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key,
                goto err;
        hash_h(priv.pub.public_key_hash, out_encoded_public_key,
-            out_private_key->rank == RANK768 ? MLKEM768_PUBLIC_KEY_BYTES :
+            out_private_key->rank == MLKEM768_RANK ? MLKEM768_PUBLIC_KEY_BYTES :
            MLKEM1024_PUBLIC_KEY_BYTES);
        memcpy(priv.fo_failure_secret, entropy + 32, 32);
@@ -987,12 +987,12 @@ mlkem_public_from_private(const MLKEM_private_key *private_key,
    MLKEM_public_key *out_public_key)
 {
        switch (private_key->rank) {
-        case RANK768:
+        case MLKEM768_RANK:
                memcpy(out_public_key->key_768->bytes,
                    private_key->key_768->bytes,
                    sizeof(out_public_key->key_768->bytes));
                break;
-        case RANK1024:
+        case MLKEM1024_RANK:
                memcpy(out_public_key->key_1024->bytes,
                    private_key->key_1024->bytes,
                    sizeof(out_public_key->key_1024->bytes));
@@ -1010,7 +1010,7 @@ encrypt_cpa(uint8_t *out, const struct public_key *pub,
    const uint8_t message[32], const uint8_t randomness[32],
    size_t rank)
 {
-        scalar secret[RANK1024], error[RANK1024], u[RANK1024];
+        scalar secret[MLKEM1024_RANK], error[MLKEM1024_RANK], u[MLKEM1024_RANK];
        scalar expanded_message, scalar_error;
        uint8_t counter = 0;
        uint8_t input[33];
@@ -1018,7 +1018,7 @@ encrypt_cpa(uint8_t *out, const struct public_key *pub,
        int u_bits = kDU768;
        int v_bits = kDV768;
-        if (rank == RANK1024) {
+        if (rank == MLKEM1024_RANK) {
                u_bits = kDU1024;
                v_bits = kDV1024;
        }
@@ -1082,12 +1082,12 @@ static void
 decrypt_cpa(uint8_t out[32], const struct private_key *priv,
    const uint8_t *ciphertext, size_t rank)
 {
-        scalar u[RANK1024];
+        scalar u[MLKEM1024_RANK];
        scalar mask, v;
        int u_bits = kDU768;
        int v_bits = kDV768;
-        if (rank == RANK1024) {
+        if (rank == MLKEM1024_RANK) {
                u_bits = kDU1024;
                v_bits = kDV1024;
        }
@@ -1109,7 +1109,7 @@ mlkem_decap(const MLKEM_private_key *private_key, const uint8_t *ciphertext,
    size_t ciphertext_len, uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH])
 {
        struct private_key priv;
-        size_t expected_ciphertext_length = private_key->rank == RANK768 ?
+        size_t expected_ciphertext_length = private_key->rank == MLKEM768_RANK ?
            MLKEM768_CIPHERTEXT_BYTES : MLKEM1024_CIPHERTEXT_BYTES;
        uint8_t *expected_ciphertext = NULL;
        uint8_t key_and_randomness[64];
@@ -1161,7 +1161,7 @@ mlkem_marshal_public_key(const MLKEM_public_key *public_key,
        int ret = 0;
        CBB cbb;
-        if (!CBB_init(&cbb, public_key->rank == RANK768 ?
+        if (!CBB_init(&cbb, public_key->rank == MLKEM768_RANK ?
            MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES))
                goto err;
        public_key_from_external(public_key, &pub);
@@ -1223,7 +1223,7 @@ mlkem_marshal_private_key(const MLKEM_private_key *private_key,
    uint8_t **out_private_key, size_t *out_private_key_len)
 {
        struct private_key priv;
-        size_t key_length = private_key->rank == RANK768 ?
+        size_t key_length = private_key->rank == MLKEM768_RANK ?
            MLKEM768_PRIVATE_KEY_BYTES : MLKEM1024_PRIVATE_KEY_BYTES;
        CBB cbb;
        int ret = 0;
diff --git a/src/lib/libcrypto/mlkem/mlkem_key.c b/src/lib/libcrypto/mlkem/mlkem_key.c
index 7c6476d971..d4e3d69d88 100644
--- a/src/lib/libcrypto/mlkem/mlkem_key.c
+++ b/src/lib/libcrypto/mlkem/mlkem_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mlkem_key.c,v 1.4 2025/09/16 06:10:24 tb Exp $ */
+/* $OpenBSD: mlkem_key.c,v 1.5 2026/01/01 12:47:52 tb Exp $ */
 /*
 * Copyright (c) 2025 Bob Beck <beck@obtuse.com>
 *
@@ -32,11 +32,11 @@ MLKEM_private_key_new(int rank)
                goto err;
        switch (rank) {
-        case RANK768:
+        case MLKEM768_RANK:
                if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL)
                        goto err;
                break;
-        case RANK1024:
+        case MLKEM1024_RANK:
                if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL)
                        goto err;
                break;
@@ -75,9 +75,9 @@ MLKEM_private_key_encoded_length(const MLKEM_private_key *key)
                return 0;
        switch (key->rank) {
-        case RANK768:
+        case MLKEM768_RANK:
                return MLKEM768_PRIVATE_KEY_BYTES;
-        case RANK1024:
+        case MLKEM1024_RANK:
                return MLKEM1024_PRIVATE_KEY_BYTES;
        default:
                return 0;
@@ -93,9 +93,9 @@ MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key)
                return 0;
        switch (key->rank) {
-        case RANK768:
+        case MLKEM768_RANK:
                return MLKEM768_CIPHERTEXT_BYTES;
-        case RANK1024:
+        case MLKEM1024_RANK:
                return MLKEM1024_CIPHERTEXT_BYTES;
        default:
                return 0;
@@ -114,11 +114,11 @@ MLKEM_public_key_new(int rank)
                goto err;
        switch (rank) {
-        case RANK768:
+        case MLKEM768_RANK:
                if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL)
                        goto err;
                break;
-        case RANK1024:
+        case MLKEM1024_RANK:
                if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL)
                        goto err;
                break;
@@ -158,9 +158,9 @@ MLKEM_public_key_encoded_length(const MLKEM_public_key *key)
                return 0;
        switch (key->rank) {
-        case RANK768:
+        case MLKEM768_RANK:
                return MLKEM768_PUBLIC_KEY_BYTES;
-        case RANK1024:
+        case MLKEM1024_RANK:
                return MLKEM1024_PUBLIC_KEY_BYTES;
        default:
                return 0;
@@ -176,9 +176,9 @@ MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key)
                return 0;
        switch (key->rank) {
-        case RANK768:
+        case MLKEM768_RANK:
                return MLKEM768_CIPHERTEXT_BYTES;
-        case RANK1024:
+        case MLKEM1024_RANK:
                return MLKEM1024_CIPHERTEXT_BYTES;
        default:
                return 0;
diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c
index 3f4c44f558..9e04cb7b75 100644
--- a/src/lib/libssl/tls_key_share.c
+++ b/src/lib/libssl/tls_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_key_share.c,v 1.9 2025/12/04 21:03:42 beck Exp $ */
+/* $OpenBSD: tls_key_share.c,v 1.10 2026/01/01 12:47:52 tb Exp $ */
 /*
 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
 *
@@ -285,7 +285,7 @@ tls_key_share_generate_mlkem(struct tls_key_share *ks, int rank)
 static int
 tls_key_share_client_generate_mlkem768x25519(struct tls_key_share *ks)
 {
-        if (!tls_key_share_generate_mlkem(ks, RANK768))
+        if (!tls_key_share_generate_mlkem(ks, MLKEM768_RANK))
                return 0;
        if (!tls_key_share_generate_x25519(ks))
@@ -586,7 +586,7 @@ tls_key_share_server_peer_public_mlkem768x25519(struct tls_key_share *ks,
                return 0;
        /* Nein, ist nur normal (1024 ist gigantisch) */
-        if ((ks->mlkem_peer_public = MLKEM_public_key_new(RANK768)) == NULL)
+        if ((ks->mlkem_peer_public = MLKEM_public_key_new(MLKEM768_RANK)) == NULL)
                goto err;
        if (!CBS_get_bytes(cbs, &mlkem768_cbs,

diff --git a/src/lib/libcrypto/mlkem/mlkem.c b/src/lib/libcrypto/mlkem/mlkem.c index 9461a338e9..006937c39d 100644 --- a/src/lib/libcrypto/mlkem/mlkem.c +++ b/src/lib/libcrypto/mlkem/mlkem.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem.c,v 1.4 2025/09/05 23:30:12 beck Exp $ */	1	/* $OpenBSD: mlkem.c,v 1.5 2026/01/01 12:47:52 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2025, Bob Beck <beck@obtuse.com>	3	* Copyright (c) 2025, Bob Beck <beck@obtuse.com>
4	*	4	*
@@ -24,7 +24,7 @@ private_key_is_new(const MLKEM_private_key *key)
24	{	24	{
25	return (key != NULL &&	25	return (key != NULL &&
26	key->state == MLKEM_PRIVATE_KEY_UNINITIALIZED &&	26	key->state == MLKEM_PRIVATE_KEY_UNINITIALIZED &&
27	(key->rank == RANK768 \|\| key->rank == RANK1024));	27	(key->rank == MLKEM768_RANK \|\| key->rank == MLKEM1024_RANK));
28	}	28	}
29		29
30	static inline int	30	static inline int
@@ -32,7 +32,7 @@ private_key_is_valid(const MLKEM_private_key *key)
32	{	32	{
33	return (key != NULL &&	33	return (key != NULL &&
34	key->state == MLKEM_PRIVATE_KEY_INITIALIZED &&	34	key->state == MLKEM_PRIVATE_KEY_INITIALIZED &&
35	(key->rank == RANK768 \|\| key->rank == RANK1024));	35	(key->rank == MLKEM768_RANK \|\| key->rank == MLKEM1024_RANK));
36	}	36	}
37		37
38	static inline int	38	static inline int
@@ -40,7 +40,7 @@ public_key_is_new(const MLKEM_public_key *key)
40	{	40	{
41	return (key != NULL &&	41	return (key != NULL &&
42	key->state == MLKEM_PUBLIC_KEY_UNINITIALIZED &&	42	key->state == MLKEM_PUBLIC_KEY_UNINITIALIZED &&
43	(key->rank == RANK768 \|\| key->rank == RANK1024));	43	(key->rank == MLKEM768_RANK \|\| key->rank == MLKEM1024_RANK));
44	}	44	}
45		45
46	static inline int	46	static inline int
@@ -48,7 +48,7 @@ public_key_is_valid(const MLKEM_public_key *key)
48	{	48	{
49	return (key != NULL &&	49	return (key != NULL &&
50	key->state == MLKEM_PUBLIC_KEY_INITIALIZED &&	50	key->state == MLKEM_PUBLIC_KEY_INITIALIZED &&
51	(key->rank == RANK768 \|\| key->rank == RANK1024));	51	(key->rank == MLKEM768_RANK \|\| key->rank == MLKEM1024_RANK));
52	}	52	}
53		53
54	/*	54	/*
@@ -71,7 +71,7 @@ MLKEM_generate_key_external_entropy(MLKEM_private_key *private_key,
71	goto err;	71	goto err;
72		72
73	k_len = MLKEM768_PUBLIC_KEY_BYTES;	73	k_len = MLKEM768_PUBLIC_KEY_BYTES;
74	if (private_key->rank == RANK1024)	74	if (private_key->rank == MLKEM1024_RANK)
75	k_len = MLKEM1024_PUBLIC_KEY_BYTES;	75	k_len = MLKEM1024_PUBLIC_KEY_BYTES;
76		76
77	if ((k = calloc(1, k_len)) == NULL)	77	if ((k = calloc(1, k_len)) == NULL)


diff --git a/src/lib/libcrypto/mlkem/mlkem.h b/src/lib/libcrypto/mlkem/mlkem.h index dac3cf24de..17978782a7 100644 --- a/src/lib/libcrypto/mlkem/mlkem.h +++ b/src/lib/libcrypto/mlkem/mlkem.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem.h,v 1.8 2025/08/19 21:37:08 tb Exp $ */	1	/* $OpenBSD: mlkem.h,v 1.9 2026/01/01 12:47:52 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2025 Bob Beck <beck@obtuse.com>	3	* Copyright (c) 2025 Bob Beck <beck@obtuse.com>
4	*	4	*
@@ -29,8 +29,8 @@ extern "C" {
29	* ML-KEM constants	29	* ML-KEM constants
30	*/	30	*/
31		31
32	#define RANK768 3	32	#define MLKEM768_RANK 3
33	#define RANK1024 4	33	#define MLKEM1024_RANK 4
34		34
35	/*	35	/*
36	* ML-KEM keys	36	* ML-KEM keys
@@ -41,8 +41,8 @@ typedef struct MLKEM_public_key_st MLKEM_public_key;
41		41
42	/*	42	/*
43	* MLKEM_private_key_new allocates a new uninitialized ML-KEM private key for	43	* MLKEM_private_key_new allocates a new uninitialized ML-KEM private key for
44	* \|rank\|, which must be RANK768 or RANK1024. It returns a pointer to an	44	* \|rank\|, which must be MLKEM768_RANK or MLKEM1024_RANK. It returns a pointer
45	* allocated structure suitable for holding a generated private key of the	45	* to an allocated structure suitable for holding a generated private key of the
46	* corresponding rank on success, NULL is returned on failure. The caller is	46	* corresponding rank on success, NULL is returned on failure. The caller is
47	* responsible for deallocating the resulting key with \|MLKEM_private_key_free\|.	47	* responsible for deallocating the resulting key with \|MLKEM_private_key_free\|.
48	*/	48	*/
@@ -71,8 +71,8 @@ size_t MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key);
71		71
72	/*	72	/*
73	* MLKEM_public_key_new allocates a new uninitialized ML-KEM public key for	73	* MLKEM_public_key_new allocates a new uninitialized ML-KEM public key for
74	* \|rank\|, which must be RANK768 or RANK1024. It returns a pointer to an	74	* \|rank\|, which must be MLKEM768_RANK or MLKEM1024_RANK. It returns a pointer
75	* allocated structure suitable for holding a generated public key of the	75	* to an allocated structure suitable for holding a generated public key of the
76	* corresponding rank on success, NULL is returned on failure. The caller is	76	* corresponding rank on success, NULL is returned on failure. The caller is
77	* responsible for deallocating the resulting key with \|MLKEM_public_key_free\|.	77	* responsible for deallocating the resulting key with \|MLKEM_public_key_free\|.
78	*/	78	*/
@@ -94,8 +94,8 @@ size_t MLKEM_public_key_encoded_length(const MLKEM_public_key *key);
94		94
95	/*	95	/*
96	* MLKEM_public_key_cipertext_length returns the number of bytes produced as the	96	* MLKEM_public_key_cipertext_length returns the number of bytes produced as the
97	* ciphertext when encrypting a shared secret with \|key\| using \|MLKEM_encap\|. Zero	97	* ciphertext when encrypting a shared secret with \|key\| using \|MLKEM_encap\|.
98	* is returned if \|key\| is NULL or has an invalid rank.	98	* Zero is returned if \|key\| is NULL or has an invalid rank.
99	*/	99	*/
100	size_t MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key);	100	size_t MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key);
101		101


diff --git a/src/lib/libcrypto/mlkem/mlkem_internal.c b/src/lib/libcrypto/mlkem/mlkem_internal.c index cdc198b7cd..903b1ea2a3 100644 --- a/src/lib/libcrypto/mlkem/mlkem_internal.c +++ b/src/lib/libcrypto/mlkem/mlkem_internal.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem_internal.c,v 1.3 2025/09/16 06:12:04 tb Exp $ */	1	/* $OpenBSD: mlkem_internal.c,v 1.4 2026/01/01 12:47:52 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2024, Google Inc.	3	* Copyright (c) 2024, Google Inc.
4	* Copyright (c) 2024, 2025 Bob Beck <beck@obtuse.com>	4	* Copyright (c) 2024, 2025 Bob Beck <beck@obtuse.com>
@@ -103,7 +103,7 @@ encoded_vector_size(uint16_t rank)
103	static inline size_t	103	static inline size_t
104	compressed_vector_size(uint16_t rank)	104	compressed_vector_size(uint16_t rank)
105	{	105	{
106	return ((rank == RANK768) ? kDU768 : kDU1024) * rank * DEGREE / 8;	106	return ((rank == MLKEM768_RANK) ? kDU768 : kDU1024) * rank * DEGREE / 8;
107	}	107	}
108		108
109	typedef struct scalar {	109	typedef struct scalar {
@@ -615,7 +615,7 @@ scalar_encode_1(uint8_t out[32], const scalar *s)
615	}	615	}
616		616
617	/*	617	/*
618	* Encodes an entire vector into 32\|RANK768\|\|bits\| bytes. Note that since 256	618	* Encodes an entire vector into 32\|MLKEM768_RANK\|\|bits\| bytes. Since 256
619	* (DEGREE) is divisible by 8, the individual vector entries will always fill a	619	* (DEGREE) is divisible by 8, the individual vector entries will always fill a
620	* whole number of bytes, so we do not need to worry about bit packing here.	620	* whole number of bytes, so we do not need to worry about bit packing here.
621	*/	621	*/
@@ -707,7 +707,7 @@ scalar_decode_1(scalar *out, const uint8_t in[32])
707	}	707	}
708		708
709	/*	709	/*
710	* Decodes 32\|RANK768\|\|bits\| bytes from \|in\| into \|out\|. It returns one on	710	* Decodes 32\|MLKEM768_RANK\|\|bits\| bytes from \|in\| into \|out\|. It returns one on
711	* success or zero if any parsed value is >= \|kPrime\|.	711	* success or zero if any parsed value is >= \|kPrime\|.
712	*/	712	*/
713	static int	713	static int
@@ -831,7 +831,7 @@ public_key_from_external(const MLKEM_public_key *external,
831	uint8_t *bytes = external->key_768->bytes;	831	uint8_t *bytes = external->key_768->bytes;
832	size_t offset = 0;	832	size_t offset = 0;
833		833
834	if (external->rank == RANK1024)	834	if (external->rank == MLKEM1024_RANK)
835	bytes = external->key_1024->bytes;	835	bytes = external->key_1024->bytes;
836		836
837	pub->t = (struct scalar *)bytes + offset;	837	pub->t = (struct scalar *)bytes + offset;
@@ -858,7 +858,7 @@ private_key_from_external(const MLKEM_private_key *external,
858	size_t offset = 0;	858	size_t offset = 0;
859	uint8_t *bytes = external->key_768->bytes;	859	uint8_t *bytes = external->key_768->bytes;
860		860
861	if (external->rank == RANK1024)	861	if (external->rank == MLKEM1024_RANK)
862	bytes = external->key_1024->bytes;	862	bytes = external->key_1024->bytes;
863		863
864	priv->pub.t = (struct scalar *)(bytes + offset);	864	priv->pub.t = (struct scalar *)(bytes + offset);
@@ -898,7 +898,7 @@ mlkem_private_key_from_seed(const uint8_t *seed, size_t seed_len,
898	MLKEM_private_key *out_private_key)	898	MLKEM_private_key *out_private_key)
899	{	899	{
900	uint8_t *public_key_buf = NULL;	900	uint8_t *public_key_buf = NULL;
901	size_t public_key_buf_len = out_private_key->rank == RANK768 ?	901	size_t public_key_buf_len = out_private_key->rank == MLKEM768_RANK ?
902	MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES;	902	MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES;
903	int ret = 0;	903	int ret = 0;
904		904
@@ -937,7 +937,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key,
937	uint8_t rho, sigma;	937	uint8_t rho, sigma;
938	uint8_t counter = 0;	938	uint8_t counter = 0;
939	uint8_t hashed[64];	939	uint8_t hashed[64];
940	scalar error[RANK1024];	940	scalar error[MLKEM1024_RANK];
941	CBB cbb;	941	CBB cbb;
942	int ret = 0;	942	int ret = 0;
943		943
@@ -961,7 +961,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key,
961	vector_add(priv.pub.t, &error[0], out_private_key->rank);	961	vector_add(priv.pub.t, &error[0], out_private_key->rank);
962		962
963	if (!CBB_init_fixed(&cbb, out_encoded_public_key,	963	if (!CBB_init_fixed(&cbb, out_encoded_public_key,
964	out_private_key->rank == RANK768 ? MLKEM768_PUBLIC_KEY_BYTES :	964	out_private_key->rank == MLKEM768_RANK ? MLKEM768_PUBLIC_KEY_BYTES :
965	MLKEM1024_PUBLIC_KEY_BYTES))	965	MLKEM1024_PUBLIC_KEY_BYTES))
966	goto err;	966	goto err;
967		967
@@ -970,7 +970,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key,
970	goto err;	970	goto err;
971		971
972	hash_h(priv.pub.public_key_hash, out_encoded_public_key,	972	hash_h(priv.pub.public_key_hash, out_encoded_public_key,
973	out_private_key->rank == RANK768 ? MLKEM768_PUBLIC_KEY_BYTES :	973	out_private_key->rank == MLKEM768_RANK ? MLKEM768_PUBLIC_KEY_BYTES :
974	MLKEM1024_PUBLIC_KEY_BYTES);	974	MLKEM1024_PUBLIC_KEY_BYTES);
975	memcpy(priv.fo_failure_secret, entropy + 32, 32);	975	memcpy(priv.fo_failure_secret, entropy + 32, 32);
976		976
@@ -987,12 +987,12 @@ mlkem_public_from_private(const MLKEM_private_key *private_key,
987	MLKEM_public_key *out_public_key)	987	MLKEM_public_key *out_public_key)
988	{	988	{
989	switch (private_key->rank) {	989	switch (private_key->rank) {
990	case RANK768:	990	case MLKEM768_RANK:
991	memcpy(out_public_key->key_768->bytes,	991	memcpy(out_public_key->key_768->bytes,
992	private_key->key_768->bytes,	992	private_key->key_768->bytes,
993	sizeof(out_public_key->key_768->bytes));	993	sizeof(out_public_key->key_768->bytes));
994	break;	994	break;
995	case RANK1024:	995	case MLKEM1024_RANK:
996	memcpy(out_public_key->key_1024->bytes,	996	memcpy(out_public_key->key_1024->bytes,
997	private_key->key_1024->bytes,	997	private_key->key_1024->bytes,
998	sizeof(out_public_key->key_1024->bytes));	998	sizeof(out_public_key->key_1024->bytes));
@@ -1010,7 +1010,7 @@ encrypt_cpa(uint8_t out, const struct public_key pub,
1010	const uint8_t message[32], const uint8_t randomness[32],	1010	const uint8_t message[32], const uint8_t randomness[32],
1011	size_t rank)	1011	size_t rank)
1012	{	1012	{
1013	scalar secret[RANK1024], error[RANK1024], u[RANK1024];	1013	scalar secret[MLKEM1024_RANK], error[MLKEM1024_RANK], u[MLKEM1024_RANK];
1014	scalar expanded_message, scalar_error;	1014	scalar expanded_message, scalar_error;
1015	uint8_t counter = 0;	1015	uint8_t counter = 0;
1016	uint8_t input[33];	1016	uint8_t input[33];
@@ -1018,7 +1018,7 @@ encrypt_cpa(uint8_t out, const struct public_key pub,
1018	int u_bits = kDU768;	1018	int u_bits = kDU768;
1019	int v_bits = kDV768;	1019	int v_bits = kDV768;
1020		1020
1021	if (rank == RANK1024) {	1021	if (rank == MLKEM1024_RANK) {
1022	u_bits = kDU1024;	1022	u_bits = kDU1024;
1023	v_bits = kDV1024;	1023	v_bits = kDV1024;
1024	}	1024	}
@@ -1082,12 +1082,12 @@ static void
1082	decrypt_cpa(uint8_t out[32], const struct private_key *priv,	1082	decrypt_cpa(uint8_t out[32], const struct private_key *priv,
1083	const uint8_t *ciphertext, size_t rank)	1083	const uint8_t *ciphertext, size_t rank)
1084	{	1084	{
1085	scalar u[RANK1024];	1085	scalar u[MLKEM1024_RANK];
1086	scalar mask, v;	1086	scalar mask, v;
1087	int u_bits = kDU768;	1087	int u_bits = kDU768;
1088	int v_bits = kDV768;	1088	int v_bits = kDV768;
1089		1089
1090	if (rank == RANK1024) {	1090	if (rank == MLKEM1024_RANK) {
1091	u_bits = kDU1024;	1091	u_bits = kDU1024;
1092	v_bits = kDV1024;	1092	v_bits = kDV1024;
1093	}	1093	}
@@ -1109,7 +1109,7 @@ mlkem_decap(const MLKEM_private_key private_key, const uint8_t ciphertext,
1109	size_t ciphertext_len, uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH])	1109	size_t ciphertext_len, uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH])
1110	{	1110	{
1111	struct private_key priv;	1111	struct private_key priv;
1112	size_t expected_ciphertext_length = private_key->rank == RANK768 ?	1112	size_t expected_ciphertext_length = private_key->rank == MLKEM768_RANK ?
1113	MLKEM768_CIPHERTEXT_BYTES : MLKEM1024_CIPHERTEXT_BYTES;	1113	MLKEM768_CIPHERTEXT_BYTES : MLKEM1024_CIPHERTEXT_BYTES;
1114	uint8_t *expected_ciphertext = NULL;	1114	uint8_t *expected_ciphertext = NULL;
1115	uint8_t key_and_randomness[64];	1115	uint8_t key_and_randomness[64];
@@ -1161,7 +1161,7 @@ mlkem_marshal_public_key(const MLKEM_public_key *public_key,
1161	int ret = 0;	1161	int ret = 0;
1162	CBB cbb;	1162	CBB cbb;
1163		1163
1164	if (!CBB_init(&cbb, public_key->rank == RANK768 ?	1164	if (!CBB_init(&cbb, public_key->rank == MLKEM768_RANK ?
1165	MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES))	1165	MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES))
1166	goto err;	1166	goto err;
1167	public_key_from_external(public_key, &pub);	1167	public_key_from_external(public_key, &pub);
@@ -1223,7 +1223,7 @@ mlkem_marshal_private_key(const MLKEM_private_key *private_key,
1223	uint8_t *out_private_key, size_t out_private_key_len)	1223	uint8_t *out_private_key, size_t out_private_key_len)
1224	{	1224	{
1225	struct private_key priv;	1225	struct private_key priv;
1226	size_t key_length = private_key->rank == RANK768 ?	1226	size_t key_length = private_key->rank == MLKEM768_RANK ?
1227	MLKEM768_PRIVATE_KEY_BYTES : MLKEM1024_PRIVATE_KEY_BYTES;	1227	MLKEM768_PRIVATE_KEY_BYTES : MLKEM1024_PRIVATE_KEY_BYTES;
1228	CBB cbb;	1228	CBB cbb;
1229	int ret = 0;	1229	int ret = 0;


diff --git a/src/lib/libcrypto/mlkem/mlkem_key.c b/src/lib/libcrypto/mlkem/mlkem_key.c index 7c6476d971..d4e3d69d88 100644 --- a/src/lib/libcrypto/mlkem/mlkem_key.c +++ b/src/lib/libcrypto/mlkem/mlkem_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem_key.c,v 1.4 2025/09/16 06:10:24 tb Exp $ */	1	/* $OpenBSD: mlkem_key.c,v 1.5 2026/01/01 12:47:52 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2025 Bob Beck <beck@obtuse.com>	3	* Copyright (c) 2025 Bob Beck <beck@obtuse.com>
4	*	4	*
@@ -32,11 +32,11 @@ MLKEM_private_key_new(int rank)
32	goto err;	32	goto err;
33		33
34	switch (rank) {	34	switch (rank) {
35	case RANK768:	35	case MLKEM768_RANK:
36	if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL)	36	if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL)
37	goto err;	37	goto err;
38	break;	38	break;
39	case RANK1024:	39	case MLKEM1024_RANK:
40	if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL)	40	if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL)
41	goto err;	41	goto err;
42	break;	42	break;
@@ -75,9 +75,9 @@ MLKEM_private_key_encoded_length(const MLKEM_private_key *key)
75	return 0;	75	return 0;
76		76
77	switch (key->rank) {	77	switch (key->rank) {
78	case RANK768:	78	case MLKEM768_RANK:
79	return MLKEM768_PRIVATE_KEY_BYTES;	79	return MLKEM768_PRIVATE_KEY_BYTES;
80	case RANK1024:	80	case MLKEM1024_RANK:
81	return MLKEM1024_PRIVATE_KEY_BYTES;	81	return MLKEM1024_PRIVATE_KEY_BYTES;
82	default:	82	default:
83	return 0;	83	return 0;
@@ -93,9 +93,9 @@ MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key)
93	return 0;	93	return 0;
94		94
95	switch (key->rank) {	95	switch (key->rank) {
96	case RANK768:	96	case MLKEM768_RANK:
97	return MLKEM768_CIPHERTEXT_BYTES;	97	return MLKEM768_CIPHERTEXT_BYTES;
98	case RANK1024:	98	case MLKEM1024_RANK:
99	return MLKEM1024_CIPHERTEXT_BYTES;	99	return MLKEM1024_CIPHERTEXT_BYTES;
100	default:	100	default:
101	return 0;	101	return 0;
@@ -114,11 +114,11 @@ MLKEM_public_key_new(int rank)
114	goto err;	114	goto err;
115		115
116	switch (rank) {	116	switch (rank) {
117	case RANK768:	117	case MLKEM768_RANK:
118	if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL)	118	if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL)
119	goto err;	119	goto err;
120	break;	120	break;
121	case RANK1024:	121	case MLKEM1024_RANK:
122	if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL)	122	if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL)
123	goto err;	123	goto err;
124	break;	124	break;
@@ -158,9 +158,9 @@ MLKEM_public_key_encoded_length(const MLKEM_public_key *key)
158	return 0;	158	return 0;
159		159
160	switch (key->rank) {	160	switch (key->rank) {
161	case RANK768:	161	case MLKEM768_RANK:
162	return MLKEM768_PUBLIC_KEY_BYTES;	162	return MLKEM768_PUBLIC_KEY_BYTES;
163	case RANK1024:	163	case MLKEM1024_RANK:
164	return MLKEM1024_PUBLIC_KEY_BYTES;	164	return MLKEM1024_PUBLIC_KEY_BYTES;
165	default:	165	default:
166	return 0;	166	return 0;
@@ -176,9 +176,9 @@ MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key)
176	return 0;	176	return 0;
177		177
178	switch (key->rank) {	178	switch (key->rank) {
179	case RANK768:	179	case MLKEM768_RANK:
180	return MLKEM768_CIPHERTEXT_BYTES;	180	return MLKEM768_CIPHERTEXT_BYTES;
181	case RANK1024:	181	case MLKEM1024_RANK:
182	return MLKEM1024_CIPHERTEXT_BYTES;	182	return MLKEM1024_CIPHERTEXT_BYTES;
183	default:	183	default:
184	return 0;	184	return 0;


diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c index 3f4c44f558..9e04cb7b75 100644 --- a/src/lib/libssl/tls_key_share.c +++ b/src/lib/libssl/tls_key_share.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_key_share.c,v 1.9 2025/12/04 21:03:42 beck Exp $ */	1	/* $OpenBSD: tls_key_share.c,v 1.10 2026/01/01 12:47:52 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -285,7 +285,7 @@ tls_key_share_generate_mlkem(struct tls_key_share *ks, int rank)
285	static int	285	static int
286	tls_key_share_client_generate_mlkem768x25519(struct tls_key_share *ks)	286	tls_key_share_client_generate_mlkem768x25519(struct tls_key_share *ks)
287	{	287	{
288	if (!tls_key_share_generate_mlkem(ks, RANK768))	288	if (!tls_key_share_generate_mlkem(ks, MLKEM768_RANK))
289	return 0;	289	return 0;
290		290
291	if (!tls_key_share_generate_x25519(ks))	291	if (!tls_key_share_generate_x25519(ks))
@@ -586,7 +586,7 @@ tls_key_share_server_peer_public_mlkem768x25519(struct tls_key_share *ks,
586	return 0;	586	return 0;
587		587
588	/* Nein, ist nur normal (1024 ist gigantisch) */	588	/* Nein, ist nur normal (1024 ist gigantisch) */
589	if ((ks->mlkem_peer_public = MLKEM_public_key_new(RANK768)) == NULL)	589	if ((ks->mlkem_peer_public = MLKEM_public_key_new(MLKEM768_RANK)) == NULL)
590	goto err;	590	goto err;
591		591
592	if (!CBS_get_bytes(cbs, &mlkem768_cbs,	592	if (!CBS_get_bytes(cbs, &mlkem768_cbs,