Assert that MLKEM APIs generate real keys by kornelski · Pull Request #470 · cloudflare/boring

kornelski · 2026-02-10T22:03:01Z

It's scary that the MLKEM768_generate_key is a void function without ability to report an error. This adds a check that some ~~seed/secret~~ parseable public key has actually been written.

boring/src/mlkem.rs

bwesterb · 2026-02-10T22:31:58Z

Why is it scary?

bwesterb

Timing side channel

bwesterb · 2026-02-10T22:41:44Z

Still not safe.

bwesterb · 2026-02-10T22:42:40Z

We really shouldn't write this needless code. It's only more chances to get things wrong.

kornelski · 2026-02-10T23:02:23Z

ok, fine. I've removed the check for all-0 keys. Now it's just a good'ol error handling bugfix.

kornelski · 2026-02-10T23:10:52Z

BTW, why using CRYPTO_memcmp for comparison still wasn't safe?

bwesterb · 2026-02-10T23:24:20Z

CRYPTO_memcmp is safe. I read too quickly and thought you were calling this.

kornelski force-pushed the mlkem-err branch from 210317e to 78ed11a Compare February 10, 2026 22:04

bwesterb reviewed Feb 10, 2026

View reviewed changes

boring/src/mlkem.rs Outdated Show resolved Hide resolved

bwesterb reviewed Feb 10, 2026

View reviewed changes

boring/src/mlkem.rs Outdated Show resolved Hide resolved

kornelski mentioned this pull request Feb 10, 2026

Generate dummy mlkem bindings if mlkem.h is missing #471

Open

bwesterb requested changes Feb 10, 2026

View reviewed changes

kornelski force-pushed the mlkem-err branch from 78ed11a to b2e1384 Compare February 10, 2026 22:40

kornelski requested a review from bwesterb February 10, 2026 22:40

kornelski force-pushed the mlkem-err branch from b2e1384 to 7ff0ddd Compare February 10, 2026 22:42

kornelski force-pushed the mlkem-err branch from 7ff0ddd to 5813e8e Compare February 10, 2026 23:01

kornelski force-pushed the mlkem-err branch from 5813e8e to 49c806a Compare February 10, 2026 23:08

kornelski force-pushed the mlkem-err branch from 49c806a to 60c5ea6 Compare February 10, 2026 23:11

kornelski force-pushed the mlkem-err branch from 60c5ea6 to 06b1d8b Compare February 11, 2026 19:18

kornelski added 2 commits February 11, 2026 19:40

Add missing error handling in ML-KEM generate

2fb08db

Ensure we don't leave unit memory if generate_key fails

3d2cafe

kornelski force-pushed the mlkem-err branch from 06b1d8b to 3d2cafe Compare February 11, 2026 19:44

bwesterb approved these changes Feb 11, 2026

View reviewed changes

kornelski merged commit e65f394 into master Feb 11, 2026
25 checks passed

kornelski deleted the mlkem-err branch February 11, 2026 20:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Assert that MLKEM APIs generate real keys#470

Assert that MLKEM APIs generate real keys#470
kornelski merged 2 commits intomasterfrom
mlkem-err

kornelski commented Feb 10, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

bwesterb commented Feb 10, 2026 •

edited

Loading

Uh oh!

bwesterb left a comment

Uh oh!

bwesterb commented Feb 10, 2026

Uh oh!

bwesterb commented Feb 10, 2026

Uh oh!

kornelski commented Feb 10, 2026

Uh oh!

kornelski commented Feb 10, 2026

Uh oh!

bwesterb commented Feb 10, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

kornelski commented Feb 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bwesterb commented Feb 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

bwesterb left a comment

Choose a reason for hiding this comment

Uh oh!

bwesterb commented Feb 10, 2026

Uh oh!

bwesterb commented Feb 10, 2026

Uh oh!

kornelski commented Feb 10, 2026

Uh oh!

kornelski commented Feb 10, 2026

Uh oh!

bwesterb commented Feb 10, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

kornelski commented Feb 10, 2026 •

edited

Loading

bwesterb commented Feb 10, 2026 •

edited

Loading