5 files changed, 77 insertions, 98 deletions
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
index 5a61248090..a8495f55e3 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem_iteration_tests.c,v 1.2 2024/12/26 07:26:45 tb Exp $ */
+/*      $OpenBSD: mlkem_iteration_tests.c,v 1.3 2025/05/19 06:47:40 beck Exp $ */
 /*
 * Copyright (c) 2024 Google Inc.
 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -116,8 +116,10 @@ MlkemIterativeTest(struct iteration_ctx *ctx)
                }
                /* generate ek as encoded_public_key */
-                ctx->generate_key_external_entropy(ctx->encoded_public_key,
+                if (!ctx->generate_key_external_entropy(ctx->encoded_public_key,
-                    ctx->priv, seed);
+                    ctx->priv, seed)) {
+                        errx(1, "generate_key_external_entropy");
+                }
                ctx->public_from_private(ctx->pub, ctx->priv);
                /* hash in ek */
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
index e9ae417887..a4e7208c76 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem_tests.c,v 1.3 2025/05/03 08:34:07 tb Exp $ */
+/*      $OpenBSD: mlkem_tests.c,v 1.4 2025/05/19 06:47:40 beck Exp $ */
 /*
 * Copyright (c) 2024 Google Inc.
 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -112,7 +112,8 @@ MlkemDecapFileTest(struct decap_ctx *decap)
        parse_get_cbs(p, DECAP_PRIVATE_KEY, &private_key);
        parse_get_int(p, DECAP_RESULT, &should_fail);
-        if (!decap->parse_private_key(decap->private_key, &private_key)) {
+        if (!decap->parse_private_key(decap->private_key,
+            CBS_data(&private_key), CBS_len(&private_key))) {
                if ((failed = !should_fail))
                        parse_info(p, "parse private key");
                goto err;
@@ -207,7 +208,8 @@ MlkemNistDecapFileTest(struct decap_ctx *decap)
            MLKEM_SHARED_SECRET_BYTES, CBS_len(&k)))
                goto err;
-        if (!decap->parse_private_key(decap->private_key, &dk)) {
+        if (!decap->parse_private_key(decap->private_key, CBS_data(&dk),
+            CBS_len(&dk))) {
                parse_info(p, "parse private key");
                goto err;
        }
@@ -360,7 +362,8 @@ MlkemEncapFileTest(struct encap_ctx *encap)
        parse_get_cbs(p, ENCAP_SHARED_SECRET, &shared_secret);
        parse_get_int(p, ENCAP_RESULT, &should_fail);
-        if (!encap->parse_public_key(encap->public_key, &public_key)) {
+        if (!encap->parse_public_key(encap->public_key, CBS_data(&public_key),
+            CBS_len(&public_key))) {
                if ((failed = !should_fail))
                        parse_info(p, "parse public key");
                goto err;
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
index 1bb2ed3a8b..8677713c8e 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem_tests_util.c,v 1.5 2024/12/26 00:04:24 tb Exp $ */
+/*      $OpenBSD: mlkem_tests_util.c,v 1.6 2025/05/19 06:47:40 beck Exp $ */
 /*
 * Copyright (c) 2024 Google Inc.
 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -83,25 +83,10 @@ mlkem768_encode_private_key(const void *private_key, uint8_t **out_buf,
 }
 int
-mlkem768_encode_public_key(const void *public_key, uint8_t **out_buf,
+mlkem768_marshal_public_key(const void *public_key, uint8_t **out_buf,
    size_t *out_len)
 {
-        CBB cbb;
+        return MLKEM768_marshal_public_key(out_buf, out_len, public_key);
-        int ret = 0;
-        if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
-                goto err;
-        if (!MLKEM768_marshal_public_key(&cbb, public_key))
-                goto err;
-        if (!CBB_finish(&cbb, out_buf, out_len))
-                goto err;
-        ret = 1;
- err:
-        CBB_cleanup(&cbb);
-        return ret;
 }
 int
@@ -127,25 +112,10 @@ mlkem1024_encode_private_key(const void *private_key, uint8_t **out_buf,
 }
 int
-mlkem1024_encode_public_key(const void *public_key, uint8_t **out_buf,
+mlkem1024_marshal_public_key(const void *public_key, uint8_t **out_buf,
    size_t *out_len)
 {
-        CBB cbb;
+        return MLKEM1024_marshal_public_key(out_buf, out_len, public_key);
-        int ret = 0;
-        if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
-                goto err;
-        if (!MLKEM1024_marshal_public_key(&cbb, public_key))
-                goto err;
-        if (!CBB_finish(&cbb, out_buf, out_len))
-                goto err;
-        ret = 1;
- err:
-        CBB_cleanup(&cbb);
-        return ret;
 }
 int
@@ -173,32 +143,36 @@ mlkem768_encap_external_entropy(uint8_t *out_ciphertext,
            public_key, entropy);
 }
-void
+int
 mlkem768_generate_key(uint8_t *out_encoded_public_key,
    uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key)
 {
-        MLKEM768_generate_key(out_encoded_public_key, optional_out_seed,
+        return MLKEM768_generate_key(out_encoded_public_key, optional_out_seed,
            out_private_key);
 }
-void
+int
 mlkem768_generate_key_external_entropy(uint8_t *out_encoded_public_key,
    void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES])
 {
-        MLKEM768_generate_key_external_entropy(out_encoded_public_key,
+        return MLKEM768_generate_key_external_entropy(out_encoded_public_key,
            out_private_key, entropy);
 }
 int
-mlkem768_parse_private_key(void *out_private_key, CBS *private_key_cbs)
+mlkem768_parse_private_key(void *out_private_key, const uint8_t *private_key,
+    size_t private_key_len)
 {
-        return MLKEM768_parse_private_key(out_private_key, private_key_cbs);
+        return MLKEM768_parse_private_key(out_private_key, private_key,
+            private_key_len);
 }
 int
-mlkem768_parse_public_key(void *out_public_key, CBS *public_key_cbs)
+mlkem768_parse_public_key(void *out_public_key, const uint8_t *public_key,
+    size_t public_key_len)
 {
-        return MLKEM768_parse_public_key(out_public_key, public_key_cbs);
+        return MLKEM768_parse_public_key(out_public_key, public_key,
+            public_key_len);
 }
 void
@@ -232,26 +206,28 @@ mlkem1024_encap_external_entropy(uint8_t *out_ciphertext,
            public_key, entropy);
 }
-void
+int
 mlkem1024_generate_key(uint8_t *out_encoded_public_key,
    uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key)
 {
-        MLKEM1024_generate_key(out_encoded_public_key, optional_out_seed,
+        return MLKEM1024_generate_key(out_encoded_public_key, optional_out_seed,
            out_private_key);
 }
-void
+int
 mlkem1024_generate_key_external_entropy(uint8_t *out_encoded_public_key,
    void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES])
 {
-        MLKEM1024_generate_key_external_entropy(out_encoded_public_key,
+        return MLKEM1024_generate_key_external_entropy(out_encoded_public_key,
            out_private_key, entropy);
 }
 int
-mlkem1024_parse_private_key(void *out_private_key, CBS *private_key_cbs)
+mlkem1024_parse_private_key(void *out_private_key, const uint8_t *private_key,
+    size_t private_key_len)
 {
-        return MLKEM1024_parse_private_key(out_private_key, private_key_cbs);
+        return MLKEM1024_parse_private_key(out_private_key, private_key,
+            private_key_len);
 }
 void
@@ -261,7 +237,9 @@ mlkem1024_public_from_private(void *out_public_key, const void *private_key)
 }
 int
-mlkem1024_parse_public_key(void *out_public_key, CBS *public_key_cbs)
+mlkem1024_parse_public_key(void *out_public_key, const uint8_t *public_key,
+    size_t public_key_len)
 {
-        return MLKEM1024_parse_public_key(out_public_key, public_key_cbs);
+        return MLKEM1024_parse_public_key(out_public_key, public_key,
+            public_key_len);
 }
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
index 7fbe6f76a9..a3b255082f 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem_tests_util.h,v 1.4 2024/12/26 00:04:24 tb Exp $ */
+/*      $OpenBSD: mlkem_tests_util.h,v 1.5 2025/05/19 06:47:40 beck Exp $ */
 /*
 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -32,11 +32,11 @@ int compare_data(const uint8_t *want, const uint8_t *got, size_t len,
 int mlkem768_encode_private_key(const void *priv, uint8_t **out_buf,
    size_t *out_len);
-int mlkem768_encode_public_key(const void *pub, uint8_t **out_buf,
+int mlkem768_marshal_public_key(const void *pub, uint8_t **out_buf,
    size_t *out_len);
 int mlkem1024_encode_private_key(const void *priv, uint8_t **out_buf,
    size_t *out_len);
-int mlkem1024_encode_public_key(const void *pub, uint8_t **out_buf,
+int mlkem1024_marshal_public_key(const void *pub, uint8_t **out_buf,
    size_t *out_len);
 int mlkem768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
@@ -46,12 +46,12 @@ void mlkem768_encap(uint8_t *out_ciphertext,
 void mlkem768_encap_external_entropy(uint8_t *out_ciphertext,
    uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub,
    const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
-void mlkem768_generate_key(uint8_t *out_encoded_public_key,
+int mlkem768_generate_key(uint8_t *out_encoded_public_key,
    uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key);
-void mlkem768_generate_key_external_entropy(uint8_t *out_encoded_public_key,
+int mlkem768_generate_key_external_entropy(uint8_t *out_encoded_public_key,
    void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES]);
-int mlkem768_parse_private_key(void *priv, CBS *private_key_cbs);
+int mlkem768_parse_private_key(void *priv, const uint8_t *in, size_t in_len);
-int mlkem768_parse_public_key(void *pub, CBS *in);
+int mlkem768_parse_public_key(void *pub, const uint8_t *in, size_t in_len);
 void mlkem768_public_from_private(void *out_public_key, const void *private_key);
 int mlkem1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
@@ -61,16 +61,16 @@ void mlkem1024_encap(uint8_t *out_ciphertext,
 void mlkem1024_encap_external_entropy(uint8_t *out_ciphertext,
    uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub,
    const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
-void mlkem1024_generate_key(uint8_t *out_encoded_public_key,
+int mlkem1024_generate_key(uint8_t *out_encoded_public_key,
    uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key);
-void mlkem1024_generate_key_external_entropy(uint8_t *out_encoded_public_key,
+int mlkem1024_generate_key_external_entropy(uint8_t *out_encoded_public_key,
    void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES]);
-int mlkem1024_parse_private_key(void *priv, CBS *private_key_cbs);
+int mlkem1024_parse_private_key(void *priv, const uint8_t *in, size_t in_len);
-int mlkem1024_parse_public_key(void *pub, CBS *in);
+int mlkem1024_parse_public_key(void *pub, const uint8_t *in, size_t in_len);
 void mlkem1024_public_from_private(void *out_public_key, const void *private_key);
 typedef int (*mlkem_encode_private_key_fn)(const void *, uint8_t **, size_t *);
-typedef int (*mlkem_encode_public_key_fn)(const void *, uint8_t **, size_t *);
+typedef int (*mlkem_marshal_public_key_fn)(const void *, uint8_t **, size_t *);
 typedef int (*mlkem_decap_fn)(uint8_t [MLKEM_SHARED_SECRET_BYTES],
    const uint8_t *, size_t, const void *);
 typedef void (*mlkem_encap_fn)(uint8_t *, uint8_t [MLKEM_SHARED_SECRET_BYTES],
@@ -78,11 +78,11 @@ typedef void (*mlkem_encap_fn)(uint8_t *, uint8_t [MLKEM_SHARED_SECRET_BYTES],
 typedef void (*mlkem_encap_external_entropy_fn)(uint8_t *,
    uint8_t [MLKEM_SHARED_SECRET_BYTES], const void *,
    const uint8_t [MLKEM_ENCAP_ENTROPY]);
-typedef void (*mlkem_generate_key_fn)(uint8_t *, uint8_t *, void *);
+typedef int (*mlkem_generate_key_fn)(uint8_t *, uint8_t *, void *);
-typedef void (*mlkem_generate_key_external_entropy_fn)(uint8_t *, void *,
+typedef int (*mlkem_generate_key_external_entropy_fn)(uint8_t *, void *,
    const uint8_t [MLKEM_SEED_BYTES]);
-typedef int (*mlkem_parse_private_key_fn)(void *, CBS *);
+typedef int (*mlkem_parse_private_key_fn)(void *, const uint8_t *, size_t);
-typedef int (*mlkem_parse_public_key_fn)(void *, CBS *);
+typedef int (*mlkem_parse_public_key_fn)(void *, const uint8_t *, size_t);
 typedef void (*mlkem_public_from_private_fn)(void *out_public_key,
    const void *private_key);
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
index 597297b8cc..a1adc88569 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem_unittest.c,v 1.7 2025/05/03 08:34:55 tb Exp $ */
+/*      $OpenBSD: mlkem_unittest.c,v 1.8 2025/05/19 06:47:40 beck Exp $ */
 /*
 * Copyright (c) 2024 Google Inc.
 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -42,7 +42,7 @@ struct unittest_ctx {
        mlkem_parse_private_key_fn parse_private_key;
        mlkem_parse_public_key_fn parse_public_key;
        mlkem_encode_private_key_fn encode_private_key;
-        mlkem_encode_public_key_fn encode_public_key;
+        mlkem_marshal_public_key_fn marshal_public_key;
        mlkem_public_from_private_fn public_from_private;
 };
@@ -54,36 +54,32 @@ MlKemUnitTest(struct unittest_ctx *ctx)
        uint8_t first_two_bytes[2];
        uint8_t *encoded_private_key = NULL, *tmp_buf = NULL;
        size_t encoded_private_key_len, tmp_buf_len;
-        CBS cbs;
        int failed = 0;
-        ctx->generate_key(ctx->encoded_public_key, NULL, ctx->priv);
+        if (!ctx->generate_key(ctx->encoded_public_key, NULL, ctx->priv)) {
+                warnx("generate_key failed");
+                failed |= 1;
+        }
        memcpy(first_two_bytes, ctx->encoded_public_key, sizeof(first_two_bytes));
        memset(ctx->encoded_public_key, 0xff, sizeof(first_two_bytes));
-        CBS_init(&cbs, ctx->encoded_public_key, ctx->encoded_public_key_len);
        /* Parsing should fail because the first coefficient is >= kPrime. */
-        if (ctx->parse_public_key(ctx->pub, &cbs)) {
+        if (ctx->parse_public_key(ctx->pub, ctx->encoded_public_key,
+            ctx->encoded_public_key_len)) {
                warnx("parse_public_key should have failed");
                failed |= 1;
        }
        memcpy(ctx->encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
-        CBS_init(&cbs, ctx->encoded_public_key, ctx->encoded_public_key_len);
+        if (!ctx->parse_public_key(ctx->pub, ctx->encoded_public_key,
-        if (!ctx->parse_public_key(ctx->pub, &cbs)) {
+            ctx->encoded_public_key_len)) {
                warnx("MLKEM768_parse_public_key");
                failed |= 1;
        }
-        if (CBS_len(&cbs) != 0u) {
+        if (!ctx->marshal_public_key(ctx->pub, &tmp_buf, &tmp_buf_len)) {
-                warnx("CBS_len must be 0");
+                warnx("marshal_public_key");
-                failed |= 1;
-        }
-        if (!ctx->encode_public_key(ctx->pub, &tmp_buf, &tmp_buf_len)) {
-                warnx("encode_public_key");
                failed |= 1;
        }
        if (ctx->encoded_public_key_len != tmp_buf_len) {
@@ -100,8 +96,8 @@ MlKemUnitTest(struct unittest_ctx *ctx)
        tmp_buf = NULL;
        ctx->public_from_private(ctx->pub2, ctx->priv);
-        if (!ctx->encode_public_key(ctx->pub2, &tmp_buf, &tmp_buf_len)) {
+        if (!ctx->marshal_public_key(ctx->pub2, &tmp_buf, &tmp_buf_len)) {
-                warnx("encode_public_key");
+                warnx("marshal_public_key");
                failed |= 1;
        }
        if (ctx->encoded_public_key_len != tmp_buf_len) {
@@ -125,18 +121,18 @@ MlKemUnitTest(struct unittest_ctx *ctx)
        memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
        memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
-        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
        /*  Parsing should fail because the first coefficient is >= kPrime. */
-        if (ctx->parse_private_key(ctx->priv2, &cbs)) {
+        if (ctx->parse_private_key(ctx->priv2, encoded_private_key,
+            encoded_private_key_len)) {
                warnx("MLKEM768_parse_private_key should have failed");
                failed |= 1;
        }
        memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
-        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
-        if (!ctx->parse_private_key(ctx->priv2, &cbs)) {
+        if (!ctx->parse_private_key(ctx->priv2, encoded_private_key,
+            encoded_private_key_len)) {
                warnx("MLKEM768_parse_private_key");
                failed |= 1;
        }
@@ -210,7 +206,7 @@ mlkem768_unittest(void)
                .parse_private_key = mlkem768_parse_private_key,
                .parse_public_key = mlkem768_parse_public_key,
                .encode_private_key = mlkem768_encode_private_key,
-                .encode_public_key = mlkem768_encode_public_key,
+                .marshal_public_key = mlkem768_marshal_public_key,
                .public_from_private = mlkem768_public_from_private,
        };
@@ -239,7 +235,7 @@ mlkem1024_unittest(void)
                .parse_private_key = mlkem1024_parse_private_key,
                .parse_public_key = mlkem1024_parse_public_key,
                .encode_private_key = mlkem1024_encode_private_key,
-                .encode_public_key = mlkem1024_encode_public_key,
+                .marshal_public_key = mlkem1024_marshal_public_key,
                .public_from_private = mlkem1024_public_from_private,
        };