From 0b69c4a2b1ef8ad6b85503729d1bd0bc68541697 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sun, 18 Jan 2026 08:49:42 +0000 Subject: mlkem: garbage collect the unusd mlkem_{generate_key,encap}() These are flagged by more recent gcc since declarations and definitions don't match (sized array vs pointer). Also an array was checked for NULL. found by/ok jsing --- src/lib/libcrypto/mlkem/mlkem_internal.c | 38 +------------------------------- src/lib/libcrypto/mlkem/mlkem_internal.h | 22 +----------------- 2 files changed, 2 insertions(+), 58 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/mlkem/mlkem_internal.c b/src/lib/libcrypto/mlkem/mlkem_internal.c index c8305bb0d9..048b147806 100644 --- a/src/lib/libcrypto/mlkem/mlkem_internal.c +++ b/src/lib/libcrypto/mlkem/mlkem_internal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mlkem_internal.c,v 1.5 2026/01/01 13:36:09 tb Exp $ */ +/* $OpenBSD: mlkem_internal.c,v 1.6 2026/01/18 08:49:42 tb Exp $ */ /* * Copyright (c) 2024, Google Inc. * Copyright (c) 2024, 2025 Bob Beck @@ -875,28 +875,6 @@ private_key_from_external(const MLKEM_private_key *external, offset += 32; } -/* - * Calls |mlkem_generate_key_external_entropy| with random bytes from - * |RAND_bytes|. - */ -int -mlkem_generate_key(uint8_t *out_encoded_public_key, - uint8_t optional_out_seed[MLKEM_SEED_LENGTH], - MLKEM_private_key *out_private_key) -{ - uint8_t entropy_buf[MLKEM_SEED_LENGTH]; - uint8_t *entropy = optional_out_seed != NULL ? optional_out_seed : - entropy_buf; - int ret; - - arc4random_buf(entropy, MLKEM_SEED_LENGTH); - ret = mlkem_generate_key_external_entropy(out_encoded_public_key, - out_private_key, entropy); - explicit_bzero(entropy_buf, sizeof(entropy_buf)); - - return ret; -} - int mlkem_private_key_from_seed(const uint8_t *seed, size_t seed_len, MLKEM_private_key *out_private_key) @@ -1057,20 +1035,6 @@ encrypt_cpa(uint8_t *out, const struct public_key *pub, explicit_bzero(input, sizeof(input)); } -/* Calls mlkem_encap_external_entropy| with random bytes */ -void -mlkem_encap(const MLKEM_public_key *public_key, - uint8_t *out_ciphertext, - uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH]) -{ - uint8_t entropy[MLKEM_ENCAP_ENTROPY]; - - arc4random_buf(entropy, MLKEM_ENCAP_ENTROPY); - mlkem_encap_external_entropy(out_ciphertext, - out_shared_secret, public_key, entropy); - explicit_bzero(entropy, sizeof(entropy)); -} - /* See section 6.2 of the spec. */ void mlkem_encap_external_entropy(uint8_t *out_ciphertext, diff --git a/src/lib/libcrypto/mlkem/mlkem_internal.h b/src/lib/libcrypto/mlkem/mlkem_internal.h index c8bfb65431..a8b1a16359 100644 --- a/src/lib/libcrypto/mlkem/mlkem_internal.h +++ b/src/lib/libcrypto/mlkem/mlkem_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mlkem_internal.h,v 1.12 2026/01/16 18:31:12 tb Exp $ */ +/* $OpenBSD: mlkem_internal.h,v 1.13 2026/01/18 08:49:42 tb Exp $ */ /* * Copyright (c) 2023, Google Inc. * Copyright (c) 2025, Bob Beck @@ -174,17 +174,6 @@ struct MLKEM768_private_key { /* Key generation. */ -/* - * mlkem_generate_key generates a random public/private key pair, writes the - * encoded public key to |out_encoded_public_key| and sets |out_private_key| to - * the private key. If |optional_out_seed| is not NULL then the seed used to - * generate the private key is written to it. The caller is responsible for - * ensuring that |out_encoded_public_key| and |out_optonal_seed| point to - * enough memory to contain a key and seed for the rank of |out_private_key|. - */ -int mlkem_generate_key(uint8_t *out_encoded_public_key, - uint8_t *optional_out_seed, MLKEM_private_key *out_private_key); - /* * mlkem_private_key_from_seed modifies |out_private_key| to contain a key of * the rank of |*out_private_key| from a seed that was generated by @@ -207,15 +196,6 @@ void mlkem_public_from_private(const MLKEM_private_key *private_key, /* Encapsulation and decapsulation of secrets. */ -/* - * mlkem_encap encrypts a random shared secret for |public_key|, writes the - * ciphertext to |out_ciphertext|, and writes the random shared secret to - * |out_shared_secret|. - */ -void mlkem_encap(const MLKEM_public_key *public_key, - uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES], - uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH]); - /* * mlkem_decap decrypts a shared secret from |ciphertext| using |private_key| * and writes it to |out_shared_secret|. If |ciphertext_len| is incorrect it -- cgit v1.2.3-55-g6feb