From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Mon, 8 Jun 2026 07:49:14 +0000 (+1000)
Subject: Clear unused seed when expanded key is chosen
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6a95dcf9aaa9acdc3edbb3076220cfd33b7e8db2;p=thirdparty%2Fopenssl.git

Clear unused seed when expanded key is chosen

The transient "seedbuf" value should not persist in keys that that are
loaded from the "expanded" form when "prefer_seed = no".

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bob Beck <beck@openssl.org>
MergeDate: Thu Jun 18 08:02:39 2026
(Merged from https://github.com/openssl/openssl/pull/31252)
---

diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c
index c8e6188f67d..2fc0e5a980a 100644
--- a/crypto/ml_kem/ml_kem.c
+++ b/crypto/ml_kem/ml_kem.c
@@ -1868,6 +1868,9 @@ int ossl_ml_kem_parse_private_key(const uint8_t *in, size_t len,
         || (mdctx = EVP_MD_CTX_new()) == NULL)
         return 0;
 
+    /* Clear any unused seed */
+    ossl_ml_kem_key_reset(key);
+
     if (add_storage(OPENSSL_malloc(vinfo->puballoc),
             OPENSSL_secure_malloc(vinfo->prvalloc), 1, 0, key))
         ret = parse_prvkey(in, mdctx, key);