> -----Original Message-----
> From: Pratik Senapati <[email protected]>
> Sent: Thursday, May 28, 2026 1:28 PM
> To: [email protected]
> Cc: Akhil Goyal <[email protected]>; Anoob Joseph <[email protected]>;
> Gowrishankar Muthukrishnan <[email protected]>; [email protected];
> [email protected]
> Subject: [PATCH] crypto/openssl: fix use-after-free bug and cleanup
>
> params is freed before it is used by
> EVP_PKEY_decapsulate_init() causing a
> use-after-free issue. Pass NULL to
> EVP_PKEY_decapsulate_init() instead of params
> to avoid it.
>
> Add resource cleanup for all error paths in the ML-KEM
> decapsulate handler and consolidate cleanup into
> two goto labels err_pkey and err_decap.
>
> Fixes: 5f761d7b60 ("crypto/openssl: support ML-KEM and ML-DSA")
> Cc: [email protected]
> Signed-off-by: Pratik Senapati <[email protected]>
> ---
Fix compilation.
