/src/openssl36/providers/implementations/kem/ml_kem_kem.c

Source
/*
 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
/* clang-format off */

/* clang-format on */

#include <string.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/proverr.h>
#include "crypto/ml_kem.h"
#include "internal/cryptlib.h"
#include "prov/provider_ctx.h"
#include "prov/implementations.h"
#include "prov/securitycheck.h"
#include "prov/providercommon.h"

static OSSL_FUNC_kem_newctx_fn ml_kem_newctx;
static OSSL_FUNC_kem_freectx_fn ml_kem_freectx;
static OSSL_FUNC_kem_encapsulate_init_fn ml_kem_encapsulate_init;
static OSSL_FUNC_kem_encapsulate_fn ml_kem_encapsulate;
static OSSL_FUNC_kem_decapsulate_init_fn ml_kem_decapsulate_init;
static OSSL_FUNC_kem_decapsulate_fn ml_kem_decapsulate;
static OSSL_FUNC_kem_set_ctx_params_fn ml_kem_set_ctx_params;
static OSSL_FUNC_kem_settable_ctx_params_fn ml_kem_settable_ctx_params;

typedef struct {
    ML_KEM_KEY *key;
    uint8_t entropy_buf[ML_KEM_RANDOM_BYTES];
    uint8_t *entropy;
    int op;
} PROV_ML_KEM_CTX;

static void *ml_kem_newctx(void *provctx)
{
    PROV_ML_KEM_CTX *ctx;

    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL)
        return NULL;

    ctx->key = NULL;
    ctx->entropy = NULL;
    ctx->op = 0;
    return ctx;
}

static void ml_kem_freectx(void *vctx)
{
    PROV_ML_KEM_CTX *ctx = vctx;

    if (ctx->entropy != NULL)
        OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
    OPENSSL_free(ctx);
}

static int ml_kem_init(void *vctx, int op, void *key,
    const OSSL_PARAM params[])
{
    PROV_ML_KEM_CTX *ctx = vctx;

    if (!ossl_prov_is_running())
        return 0;
    ctx->key = key;
    ctx->op = op;
    return ml_kem_set_ctx_params(vctx, params);
}

static int ml_kem_encapsulate_init(void *vctx, void *vkey,
    const OSSL_PARAM params[])
{
    ML_KEM_KEY *key = vkey;

    if (!ossl_ml_kem_have_pubkey(key)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
        return 0;
    }
    return ml_kem_init(vctx, EVP_PKEY_OP_ENCAPSULATE, key, params);
}

static int ml_kem_decapsulate_init(void *vctx, void *vkey,
    const OSSL_PARAM params[])
{
    ML_KEM_KEY *key = vkey;

    if (!ossl_ml_kem_have_prvkey(key)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
        return 0;
    }
    return ml_kem_init(vctx, EVP_PKEY_OP_DECAPSULATE, key, params);
}

/* clang-format off */
/* Machine generated by util/perl/OpenSSL/paramnames.pm */
#ifndef ml_kem_set_ctx_params_list
static const OSSL_PARAM ml_kem_set_ctx_params_list[] = {
    OSSL_PARAM_octet_string(OSSL_KEM_PARAM_IKME, NULL, 0),
    OSSL_PARAM_END
};
#endif

#ifndef ml_kem_set_ctx_params_st
struct ml_kem_set_ctx_params_st {
    OSSL_PARAM *ikme;
};
#endif

#ifndef ml_kem_set_ctx_params_decoder
static int ml_kem_set_ctx_params_decoder
    (const OSSL_PARAM *p, struct ml_kem_set_ctx_params_st *r)
{
    const char *s;

    memset(r, 0, sizeof(*r));
    if (p != NULL)
        for (; (s = p->key) != NULL; p++)
            if (ossl_likely(strcmp("ikme", s + 0) == 0)) {
                /* OSSL_KEM_PARAM_IKME */
                if (ossl_unlikely(r->ikme != NULL)) {
                    ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
                                   "param %s is repeated", s);
                    return 0;
                }
                r->ikme = (OSSL_PARAM *)p;
            }
    return 1;
}
#endif
/* End of machine generated */
/* clang-format on */

static int ml_kem_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    PROV_ML_KEM_CTX *ctx = vctx;
    struct ml_kem_set_ctx_params_st p;

    if (ctx == NULL || !ml_kem_set_ctx_params_decoder(params, &p))
        return 0;

    if (ctx->op == EVP_PKEY_OP_DECAPSULATE && ctx->entropy != NULL) {
        /* Decapsulation is deterministic */
        OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
        ctx->entropy = NULL;
    }

    /* Encapsulation ephemeral input key material "ikmE" */
    if (ctx->op == EVP_PKEY_OP_ENCAPSULATE && p.ikme != NULL) {
        size_t len = ML_KEM_RANDOM_BYTES;

        ctx->entropy = ctx->entropy_buf;
        if (OSSL_PARAM_get_octet_string(p.ikme, (void **)&ctx->entropy,
                len, &len)
            && len == ML_KEM_RANDOM_BYTES)
            return 1;

        /* Possibly, but much less likely wrong type */
        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SEED_LENGTH);
        ctx->entropy = NULL;
        return 0;
    }

    return 1;
}

static const OSSL_PARAM *ml_kem_settable_ctx_params(ossl_unused void *vctx,
    ossl_unused void *provctx)
{
    return ml_kem_set_ctx_params_list;
}

static int ml_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen,
    unsigned char *shsec, size_t *slen)
{
    PROV_ML_KEM_CTX *ctx = vctx;
    ML_KEM_KEY *key = ctx->key;
    const ML_KEM_VINFO *v;
    size_t encap_clen;
    size_t encap_slen;
    int ret = 0;

    if (!ossl_ml_kem_have_pubkey(key)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
        goto end;
    }
    v = ossl_ml_kem_key_vinfo(key);
    encap_clen = v->ctext_bytes;
    encap_slen = ML_KEM_SHARED_SECRET_BYTES;

    if (ctext == NULL) {
        if (clen == NULL && slen == NULL)
            return 0;
        if (clen != NULL)
            *clen = encap_clen;
        if (slen != NULL)
            *slen = encap_slen;
        return 1;
    }
    if (shsec == NULL) {
        ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_OUTPUT_BUFFER,
            "NULL shared-secret buffer");
        goto end;
    }

    if (clen == NULL) {
        ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_LENGTH_POINTER,
            "null ciphertext input/output length pointer");
        goto end;
    } else if (*clen < encap_clen) {
        ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL,
            "ciphertext buffer too small");
        goto end;
    } else {
        *clen = encap_clen;
    }

    if (slen == NULL) {
        ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_LENGTH_POINTER,
            "null shared secret input/output length pointer");
        goto end;
    } else if (*slen < encap_slen) {
        ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL,
            "shared-secret buffer too small");
        goto end;
    } else {
        *slen = encap_slen;
    }

    if (ctx->entropy != NULL)
        ret = ossl_ml_kem_encap_seed(ctext, encap_clen, shsec, encap_slen,
            ctx->entropy, ML_KEM_RANDOM_BYTES, key);
    else
        ret = ossl_ml_kem_encap_rand(ctext, encap_clen, shsec, encap_slen, key);

end:
    /*
     * One shot entropy, each encapsulate call must either provide a new
     * "ikmE", or else will use a random value.  If a caller sets an explicit
     * ikmE once for testing, and later performs multiple encapsulations
     * without again calling encapsulate_init(), these should not share the
     * original entropy.
     */
    if (ctx->entropy != NULL) {
        OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
        ctx->entropy = NULL;
    }
    return ret;
}

static int ml_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen,
    const uint8_t *ctext, size_t clen)
{
    PROV_ML_KEM_CTX *ctx = vctx;
    ML_KEM_KEY *key = ctx->key;
    size_t decap_slen = ML_KEM_SHARED_SECRET_BYTES;

    if (!ossl_ml_kem_have_prvkey(key)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
        return 0;
    }

    if (shsec == NULL) {
        if (slen == NULL)
            return 0;
        *slen = ML_KEM_SHARED_SECRET_BYTES;
        return 1;
    }

    /* For now tolerate newly-deprecated NULL length pointers. */
    if (slen == NULL) {
        slen = &decap_slen;
    } else if (*slen < decap_slen) {
        ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL,
            "shared-secret buffer too small");
        return 0;
    } else {
        *slen = decap_slen;
    }

    /* ML-KEM decap handles incorrect ciphertext lengths internally */
    return ossl_ml_kem_decap(shsec, decap_slen, ctext, clen, key);
}

const OSSL_DISPATCH ossl_ml_kem_asym_kem_functions[] = {
    { OSSL_FUNC_KEM_NEWCTX, (OSSL_FUNC)ml_kem_newctx },
    { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (OSSL_FUNC)ml_kem_encapsulate_init },
    { OSSL_FUNC_KEM_ENCAPSULATE, (OSSL_FUNC)ml_kem_encapsulate },
    { OSSL_FUNC_KEM_DECAPSULATE_INIT, (OSSL_FUNC)ml_kem_decapsulate_init },
    { OSSL_FUNC_KEM_DECAPSULATE, (OSSL_FUNC)ml_kem_decapsulate },
    { OSSL_FUNC_KEM_FREECTX, (OSSL_FUNC)ml_kem_freectx },
    { OSSL_FUNC_KEM_SET_CTX_PARAMS, (OSSL_FUNC)ml_kem_set_ctx_params },
    { OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS, (OSSL_FUNC)ml_kem_settable_ctx_params },
    OSSL_DISPATCH_END
};

Coverage Report

Created: 2026-04-01 06:39

Line	Count	Source
1		/*
2		* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9		/* clang-format off */
10
11		/* clang-format on */
12
13		#include <string.h>
14		#include <openssl/crypto.h>
15		#include <openssl/evp.h>
16		#include <openssl/core_dispatch.h>
17		#include <openssl/core_names.h>
18		#include <openssl/params.h>
19		#include <openssl/err.h>
20		#include <openssl/proverr.h>
21		#include "crypto/ml_kem.h"
22		#include "internal/cryptlib.h"
23		#include "prov/provider_ctx.h"
24		#include "prov/implementations.h"
25		#include "prov/securitycheck.h"
26		#include "prov/providercommon.h"
27
28		static OSSL_FUNC_kem_newctx_fn ml_kem_newctx;
29		static OSSL_FUNC_kem_freectx_fn ml_kem_freectx;
30		static OSSL_FUNC_kem_encapsulate_init_fn ml_kem_encapsulate_init;
31		static OSSL_FUNC_kem_encapsulate_fn ml_kem_encapsulate;
32		static OSSL_FUNC_kem_decapsulate_init_fn ml_kem_decapsulate_init;
33		static OSSL_FUNC_kem_decapsulate_fn ml_kem_decapsulate;
34		static OSSL_FUNC_kem_set_ctx_params_fn ml_kem_set_ctx_params;
35		static OSSL_FUNC_kem_settable_ctx_params_fn ml_kem_settable_ctx_params;
36
37		typedef struct {
38		ML_KEM_KEY *key;
39		uint8_t entropy_buf[ML_KEM_RANDOM_BYTES];
40		uint8_t *entropy;
41		int op;
42		} PROV_ML_KEM_CTX;
43
44		static void ml_kem_newctx(void provctx)
45	310	{
46	310	PROV_ML_KEM_CTX *ctx;
47
48	310	if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL)
49	0	return NULL;
50
51	310	ctx->key = NULL;
52	310	ctx->entropy = NULL;
53	310	ctx->op = 0;
54	310	return ctx;
55	310	}
56
57		static void ml_kem_freectx(void *vctx)
58	310	{
59	310	PROV_ML_KEM_CTX *ctx = vctx;
60
61	310	if (ctx->entropy != NULL)
62	0	OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
63	310	OPENSSL_free(ctx);
64	310	}
65
66		static int ml_kem_init(void vctx, int op, void key,
67		const OSSL_PARAM params[])
68	170	{
69	170	PROV_ML_KEM_CTX *ctx = vctx;
70
71	170	if (!ossl_prov_is_running())
72	0	return 0;
73	170	ctx->key = key;
74	170	ctx->op = op;
75	170	return ml_kem_set_ctx_params(vctx, params);
76	170	}
77
78		static int ml_kem_encapsulate_init(void vctx, void vkey,
79		const OSSL_PARAM params[])
80	169	{
81	169	ML_KEM_KEY *key = vkey;
82
83	169	if (!ossl_ml_kem_have_pubkey(key)) {
84	0	ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
85	0	return 0;
86	0	}
87	169	return ml_kem_init(vctx, EVP_PKEY_OP_ENCAPSULATE, key, params);
88	169	}
89
90		static int ml_kem_decapsulate_init(void vctx, void vkey,
91		const OSSL_PARAM params[])
92	141	{
93	141	ML_KEM_KEY *key = vkey;
94
95	141	if (!ossl_ml_kem_have_prvkey(key)) {
96	0	ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
97	0	return 0;
98	0	}
99	141	return ml_kem_init(vctx, EVP_PKEY_OP_DECAPSULATE, key, params);
100	141	}
101
102		/* clang-format off */
103		/* Machine generated by util/perl/OpenSSL/paramnames.pm */
104		#ifndef ml_kem_set_ctx_params_list
105		static const OSSL_PARAM ml_kem_set_ctx_params_list[] = {
106		OSSL_PARAM_octet_string(OSSL_KEM_PARAM_IKME, NULL, 0),
107		OSSL_PARAM_END
108		};
109		#endif
110
111		#ifndef ml_kem_set_ctx_params_st
112		struct ml_kem_set_ctx_params_st {
113		OSSL_PARAM *ikme;
114		};
115		#endif
116
117		#ifndef ml_kem_set_ctx_params_decoder
118		static int ml_kem_set_ctx_params_decoder
119		(const OSSL_PARAM p, struct ml_kem_set_ctx_params_st r)
120	218	{
121	218	const char *s;
122
123	218	memset(r, 0, sizeof(*r));
124	218	if (p != NULL)
125	0	for (; (s = p->key) != NULL; p++)
126	0	if (ossl_likely(strcmp("ikme", s + 0) == 0)) {
127		/* OSSL_KEM_PARAM_IKME */
128	0	if (ossl_unlikely(r->ikme != NULL)) {
129	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,
130	0	"param %s is repeated", s);
131	0	return 0;
132	0	}
133	0	r->ikme = (OSSL_PARAM *)p;
134	0	}
135	218	return 1;
136	218	}
137		#endif
138		/* End of machine generated */
139		/* clang-format on */
140
141		static int ml_kem_set_ctx_params(void *vctx, const OSSL_PARAM params[])
142	78	{
143	78	PROV_ML_KEM_CTX *ctx = vctx;
144	78	struct ml_kem_set_ctx_params_st p;
145
146	78	if (ctx == NULL \|\| !ml_kem_set_ctx_params_decoder(params, &p))
147	0	return 0;
148
149	78	if (ctx->op == EVP_PKEY_OP_DECAPSULATE && ctx->entropy != NULL) {
150		/* Decapsulation is deterministic */
151	0	OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
152	0	ctx->entropy = NULL;
153	0	}
154
155		/* Encapsulation ephemeral input key material "ikmE" */
156	78	if (ctx->op == EVP_PKEY_OP_ENCAPSULATE && p.ikme != NULL) {
157	0	size_t len = ML_KEM_RANDOM_BYTES;
158
159	0	ctx->entropy = ctx->entropy_buf;
160	0	if (OSSL_PARAM_get_octet_string(p.ikme, (void **)&ctx->entropy,
161	0	len, &len)
162	0	&& len == ML_KEM_RANDOM_BYTES)
163	0	return 1;
164
165		/* Possibly, but much less likely wrong type */
166	0	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SEED_LENGTH);
167	0	ctx->entropy = NULL;
168	0	return 0;
169	0	}
170
171	78	return 1;
172	78	}
173
174		static const OSSL_PARAM ml_kem_settable_ctx_params(ossl_unused void vctx,
175		ossl_unused void *provctx)
176	13	{
177	13	return ml_kem_set_ctx_params_list;
178	13	}
179
180		static int ml_kem_encapsulate(void vctx, unsigned char ctext, size_t *clen,
181		unsigned char shsec, size_t slen)
182	169	{
183	169	PROV_ML_KEM_CTX *ctx = vctx;
184	169	ML_KEM_KEY *key = ctx->key;
185	169	const ML_KEM_VINFO *v;
186	169	size_t encap_clen;
187	169	size_t encap_slen;
188	169	int ret = 0;
189
190	169	if (!ossl_ml_kem_have_pubkey(key)) {
191	0	ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
192	0	goto end;
193	0	}
194	169	v = ossl_ml_kem_key_vinfo(key);
195	169	encap_clen = v->ctext_bytes;
196	169	encap_slen = ML_KEM_SHARED_SECRET_BYTES;
197
198	169	if (ctext == NULL) {
199	0	if (clen == NULL && slen == NULL)
200	0	return 0;
201	0	if (clen != NULL)
202	0	*clen = encap_clen;
203	0	if (slen != NULL)
204	0	*slen = encap_slen;
205	0	return 1;
206	0	}
207	169	if (shsec == NULL) {
208	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_OUTPUT_BUFFER,
209	0	"NULL shared-secret buffer");
210	0	goto end;
211	0	}
212
213	169	if (clen == NULL) {
214	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_LENGTH_POINTER,
215	0	"null ciphertext input/output length pointer");
216	0	goto end;
217	169	} else if (*clen < encap_clen) {
218	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL,
219	0	"ciphertext buffer too small");
220	0	goto end;
221	169	} else {
222	169	*clen = encap_clen;
223	169	}
224
225	169	if (slen == NULL) {
226	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_LENGTH_POINTER,
227	0	"null shared secret input/output length pointer");
228	0	goto end;
229	169	} else if (*slen < encap_slen) {
230	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL,
231	0	"shared-secret buffer too small");
232	0	goto end;
233	169	} else {
234	169	*slen = encap_slen;
235	169	}
236
237	169	if (ctx->entropy != NULL)
238	0	ret = ossl_ml_kem_encap_seed(ctext, encap_clen, shsec, encap_slen,
239	0	ctx->entropy, ML_KEM_RANDOM_BYTES, key);
240	169	else
241	169	ret = ossl_ml_kem_encap_rand(ctext, encap_clen, shsec, encap_slen, key);
242
243	169	end:
244		/*
245		* One shot entropy, each encapsulate call must either provide a new
246		* "ikmE", or else will use a random value. If a caller sets an explicit
247		* ikmE once for testing, and later performs multiple encapsulations
248		* without again calling encapsulate_init(), these should not share the
249		* original entropy.
250		*/
251	169	if (ctx->entropy != NULL) {
252	0	OPENSSL_cleanse(ctx->entropy, ML_KEM_RANDOM_BYTES);
253	0	ctx->entropy = NULL;
254	0	}
255	169	return ret;
256	169	}
257
258		static int ml_kem_decapsulate(void vctx, uint8_t shsec, size_t *slen,
259		const uint8_t *ctext, size_t clen)
260	141	{
261	141	PROV_ML_KEM_CTX *ctx = vctx;
262	141	ML_KEM_KEY *key = ctx->key;
263	141	size_t decap_slen = ML_KEM_SHARED_SECRET_BYTES;
264
265	141	if (!ossl_ml_kem_have_prvkey(key)) {
266	0	ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
267	0	return 0;
268	0	}
269
270	141	if (shsec == NULL) {
271	0	if (slen == NULL)
272	0	return 0;
273	0	*slen = ML_KEM_SHARED_SECRET_BYTES;
274	0	return 1;
275	0	}
276
277		/* For now tolerate newly-deprecated NULL length pointers. */
278	141	if (slen == NULL) {
279	0	slen = &decap_slen;
280	141	} else if (*slen < decap_slen) {
281	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL,
282	0	"shared-secret buffer too small");
283	0	return 0;
284	141	} else {
285	141	*slen = decap_slen;
286	141	}
287
288		/* ML-KEM decap handles incorrect ciphertext lengths internally */
289	141	return ossl_ml_kem_decap(shsec, decap_slen, ctext, clen, key);
290	141	}
291
292		const OSSL_DISPATCH ossl_ml_kem_asym_kem_functions[] = {
293		{ OSSL_FUNC_KEM_NEWCTX, (OSSL_FUNC)ml_kem_newctx },
294		{ OSSL_FUNC_KEM_ENCAPSULATE_INIT, (OSSL_FUNC)ml_kem_encapsulate_init },
295		{ OSSL_FUNC_KEM_ENCAPSULATE, (OSSL_FUNC)ml_kem_encapsulate },
296		{ OSSL_FUNC_KEM_DECAPSULATE_INIT, (OSSL_FUNC)ml_kem_decapsulate_init },
297		{ OSSL_FUNC_KEM_DECAPSULATE, (OSSL_FUNC)ml_kem_decapsulate },
298		{ OSSL_FUNC_KEM_FREECTX, (OSSL_FUNC)ml_kem_freectx },
299		{ OSSL_FUNC_KEM_SET_CTX_PARAMS, (OSSL_FUNC)ml_kem_set_ctx_params },
300		{ OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS, (OSSL_FUNC)ml_kem_settable_ctx_params },
301		OSSL_DISPATCH_END
302		};