From: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Subject: [PATCH] libressl: mlkem: add CTASSERTs to verify key structure sizes
To: tech@openbsd.org
Cc: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Date: Sat,  3 May 2025 15:56:32 +0900

Add CTASSERTs to ensure that the internal key structures
(public_key and private_key) have the same size as their external
representations (MLKEM{768,1024}_public_key and MLKEM{768,1024}_private_key).

These assertions make it explicit that the pointer casts from external to
internal representations are safe and that any structural mismatch will be
caught at compile time.
---
 src/lib/libcrypto/mlkem/mlkem1024.c | 4 ++++
 src/lib/libcrypto/mlkem/mlkem768.c  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/lib/libcrypto/mlkem/mlkem1024.c b/src/lib/libcrypto/mlkem/mlkem1024.c
index f6fccdf..8d22941 100644
--- a/src/lib/libcrypto/mlkem/mlkem1024.c
+++ b/src/lib/libcrypto/mlkem/mlkem1024.c
@@ -793,6 +793,8 @@ struct public_key {
 	matrix m;
 };
 
+CTASSERT(sizeof(struct MLKEM1024_public_key) == sizeof(struct public_key));
+
 static struct public_key *
 public_key_1024_from_external(const struct MLKEM1024_public_key *external)
 {
@@ -805,6 +807,8 @@ struct private_key {
 	uint8_t fo_failure_secret[32];
 };
 
+CTASSERT(sizeof(struct MLKEM1024_private_key) == sizeof(struct private_key));
+
 static struct private_key *
 private_key_1024_from_external(const struct MLKEM1024_private_key *external)
 {
diff --git a/src/lib/libcrypto/mlkem/mlkem768.c b/src/lib/libcrypto/mlkem/mlkem768.c
index bacde0c..6fc30dc 100644
--- a/src/lib/libcrypto/mlkem/mlkem768.c
+++ b/src/lib/libcrypto/mlkem/mlkem768.c
@@ -792,6 +792,8 @@ struct public_key {
 	matrix m;
 };
 
+CTASSERT(sizeof(struct MLKEM768_public_key) == sizeof(struct public_key));
+
 static struct public_key *
 public_key_768_from_external(const struct MLKEM768_public_key *external)
 {
@@ -804,6 +806,8 @@ struct private_key {
 	uint8_t fo_failure_secret[32];
 };
 
+CTASSERT(sizeof(struct MLKEM768_private_key) == sizeof(struct private_key));
+
 static struct private_key *
 private_key_768_from_external(const struct MLKEM768_private_key *external)
 {
-- 
2.39.5 (Apple Git-154)