[PATCH] crypto/openssl: fix use-after-free bug and cleanup

Thu, 28 May 2026 01:01:57 -0700 

params is freed before it is used by
EVP_PKEY_decapsulate_init() causing a
use-after-free issue. Pass NULL to
EVP_PKEY_decapsulate_init() instead of params
to avoid it.

Add resource cleanup for all error paths in the ML-KEM
decapsulate handler and consolidate cleanup into
two goto labels err_pkey and err_decap.

Fixes: 5f761d7b60 ("crypto/openssl: support ML-KEM and ML-DSA")
Cc: [email protected]
Signed-off-by: Pratik Senapati <[email protected]>
---
 .mailmap                                 |  1 +
 drivers/crypto/openssl/rte_openssl_pmd.c | 30 +++++++++++-------------
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/.mailmap b/.mailmap
index 4f93307aed..031becba8c 100644
--- a/.mailmap
+++ b/.mailmap
@@ -1929,3 +1929,4 @@ Zoltan Kiss <[email protected]> 
<[email protected]>
 Zorik Machulsky <[email protected]>
 Zyta Szpak <[email protected]> <[email protected]>
 Zyta Szpak <[email protected]> <[email protected]>
+Pratik Senapati <[email protected]>
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c 
b/drivers/crypto/openssl/rte_openssl_pmd.c
index 4f171f48cc..5bc51b8f0f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -3683,38 +3683,29 @@ mlkem_decap_op_evp(struct rte_crypto_op *cop,
        }
 
        cctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
-       if (cctx == NULL) {
-               EVP_PKEY_free(pkey);
-               cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-               return -1;
-       }
+       if (cctx == NULL)
+               goto err_pkey;
 
-       if (EVP_PKEY_decapsulate_init(cctx, params) != 1) {
+       if (EVP_PKEY_decapsulate_init(cctx, NULL) != 1) {
                cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-               return -1;
+               goto err_decap;
        }
 
        if (EVP_PKEY_decapsulate(cctx, NULL, &keylen,
                op->decap.cipher.data, op->decap.cipher.length) != 1) {
                OPENSSL_LOG(ERR, "Failed to determine output length");
-               EVP_PKEY_free(pkey);
-               cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-               return -1;
+               goto err_decap;
        }
 
        if (keylen > op->decap.sk.length) {
                OPENSSL_LOG(ERR, "Insufficient buffer for shared key");
-               EVP_PKEY_free(pkey);
-               cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-               return -1;
+               goto err_decap;
        }
 
        if (EVP_PKEY_decapsulate(cctx, op->decap.sk.data, &keylen,
                        op->decap.cipher.data, op->decap.cipher.length) != 1) {
                OPENSSL_LOG(ERR, "Failed to decapsulate");
-               EVP_PKEY_free(pkey);
-               cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-               return -1;
+               goto err_decap;
        }
 
        op->decap.sk.length = keylen;
@@ -3724,6 +3715,13 @@ mlkem_decap_op_evp(struct rte_crypto_op *cop,
        ret = 0;
        cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
        return ret;
+
+err_decap:
+       EVP_PKEY_CTX_free(cctx);
+err_pkey:
+       EVP_PKEY_free(pkey);
+       cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+       return -1;
 }
 
 static int
-- 
2.43.0

Reply via email to