Commit af87fcd259 for openssl.org

commit af87fcd2596ee8687266c41a77e8ab67cb48cd65
Author: Tomas Mraz <tomas@openssl.foundation>
Date:   Tue May 12 14:39:06 2026 +0200

    Use CRYPTO_memcmp() when comparing the private keys

    ML-DSA and SLH-DSA used regular memcmp, use CRYPTO_memcmp()
    just in case.

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
    MergeDate: Thu May 14 09:29:14 2026
    (Merged from https://github.com/openssl/openssl/pull/31155)

diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c
index 24fa7596e2..6b5b8b092f 100644
--- a/crypto/ml_dsa/ml_dsa_key.c
+++ b/crypto/ml_dsa/ml_dsa_key.c
@@ -293,7 +293,7 @@ int ossl_ml_dsa_key_equal(const ML_DSA_KEY *key1, const ML_DSA_KEY *key2,
         if (!key_checked
             && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
             if (key1->priv_encoding != NULL && key2->priv_encoding != NULL) {
-                if (memcmp(key1->priv_encoding, key2->priv_encoding,
+                if (CRYPTO_memcmp(key1->priv_encoding, key2->priv_encoding,
                         key1->params->sk_len)
                     != 0)
                     return 0;
diff --git a/crypto/slh_dsa/slh_dsa_key.c b/crypto/slh_dsa/slh_dsa_key.c
index 8401fd6283..2ac0b4d589 100644
--- a/crypto/slh_dsa/slh_dsa_key.c
+++ b/crypto/slh_dsa/slh_dsa_key.c
@@ -202,7 +202,7 @@ int ossl_slh_dsa_key_equal(const SLH_DSA_KEY *key1, const SLH_DSA_KEY *key2,
         if (!key_checked
             && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
             if (key1->has_priv && key2->has_priv) {
-                if (memcmp(key1->priv, key2->priv,
+                if (CRYPTO_memcmp(key1->priv, key2->priv,
                         key1->params->pk_len)
                     != 0)
                     return 0;