Commit d20cbc90e4 for openssl.org

commit d20cbc90e48cdd2a56444fc5d6f244d36362cb49
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date:   Tue Sep 16 22:40:32 2025 +1000

    Fix ML-KEM key equality check when either unset

    Fixes #28563

    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Paul Dale <ppzgs1@gmail.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/28569)

diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c
index f93ef92ba6..26ecafebc1 100644
--- a/crypto/ml_kem/ml_kem.c
+++ b/crypto/ml_kem/ml_kem.c
@@ -2080,5 +2080,5 @@ int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2)
      * No match if just one of the public keys is not available, otherwise both
      * are unavailable, and for now such keys are considered equal.
      */
-    return (ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2));
+    return (!(ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2)));
 }
diff --git a/test/ml_kem_evp_extra_test.c b/test/ml_kem_evp_extra_test.c
index bfa52c9af2..b867b14ad1 100644
--- a/test/ml_kem_evp_extra_test.c
+++ b/test/ml_kem_evp_extra_test.c
@@ -140,9 +140,19 @@ static int test_ml_kem(void)
     if (!TEST_int_gt(EVP_PKEY_copy_parameters(bkey, akey), 0))
         goto err;

+    /* Bob's empty key is not equal to Alice's */
+    if (!TEST_false(EVP_PKEY_eq(akey, bkey))
+        || !TEST_false(EVP_PKEY_eq(bkey, akey)))
+        goto err;
+
     if (!TEST_true(EVP_PKEY_set1_encoded_public_key(bkey, rawpub, publen)))
         goto err;

+    /* Bob's copy of Alice's public key makes the two equal */
+    if (!TEST_true(EVP_PKEY_eq(akey, bkey))
+        || !TEST_true(EVP_PKEY_eq(bkey, akey)))
+        goto err;
+
     /* Encapsulate Bob's key */
     ctx = EVP_PKEY_CTX_new_from_pkey(testctx, bkey, NULL);
     if (!TEST_ptr(ctx))