> -----Original Message-----
> From: Pratik Senapati <[email protected]>
> Sent: Tuesday, June 9, 2026 11:23 AM
> To: [email protected]
> Cc: Akhil Goyal <[email protected]>; [email protected]; [email protected]
> Subject: [PATCH v2] crypto/openssl: fix use-after-free bug and cleanup
>
> params is freed before it is used by
> EVP_PKEY_decapsulate_init()
> causing a use-after-free issue.
>
> Pass NULL to EVP_PKEY_decapsulate_init()
> instead of params to avoid it.
>
> Add resource cleanup for all error paths in the
> ML-KEM decapsulate and encapsulate handlers.
>
> Consolidate cleanup into multiple goto labels;
> err_decap, err_pkey, err_params for decap and
> err_encap, err_pkey, err_params for encap.
>
> Fixes: 5f761d7b605e ("crypto/openssl: support ML-KEM and ML-DSA")
> Cc: [email protected]
>
> Signed-off-by: Pratik Senapati <[email protected]>
Acked-by: Akhil Goyal <[email protected]>
Applied to dpdk-next-crypto
Thanks.
