Fix flaky ssl BadKemKeyShare tests

[dkostic]

Issues:

N/A

Description of changes:

The way the test was generating a public key that is not consistent with a secret key is by xor-ing the first byte of the key with 1. Such key modifications can inadvertently make the key invalid and thus fail the test.

For example, before performing encapsulation ML-KEM decodes the public key bytes to an array of 12-bit coefficients and checks that all coefficients are in the range [0, 3328]. If the first two bytes of the key encode the coefficient 3328 then xor-ing the first byte with 1 will make the coefficient equal to 3329. The call to encapsulate will then fail because 3329 is an invalid coefficient.

Call-outs:

Point out areas that need special attention or support during the review process. Discuss architecture or design changes.

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.48%. Comparing base (fbeb5e8) to head (be888d5).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1876      +/-   ##
==========================================
+ Coverage   78.47%   78.48%   +0.01%     
==========================================
  Files         585      585              
  Lines       99525    99521       -4     
  Branches    14247    14248       +1     
==========================================
+ Hits        78100    78108       +8     
+ Misses      20789    20779      -10     
+ Partials      636      634       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.