Commit 6a95dcf9aa for openssl.org

commit 6a95dcf9aaa9acdc3edbb3076220cfd33b7e8db2
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date:   Mon Jun 8 17:49:14 2026 +1000

    Clear unused seed when expanded key is chosen

    The transient "seedbuf" value should not persist in keys that that are
    loaded from the "expanded" form when "prefer_seed = no".

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Bob Beck <beck@openssl.org>
    MergeDate: Thu Jun 18 08:02:39 2026
    (Merged from https://github.com/openssl/openssl/pull/31252)

diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c
index c8e6188f67..2fc0e5a980 100644
--- a/crypto/ml_kem/ml_kem.c
+++ b/crypto/ml_kem/ml_kem.c
@@ -1868,6 +1868,9 @@ int ossl_ml_kem_parse_private_key(const uint8_t *in, size_t len,
         || (mdctx = EVP_MD_CTX_new()) == NULL)
         return 0;

+    /* Clear any unused seed */
+    ossl_ml_kem_key_reset(key);
+
     if (add_storage(OPENSSL_malloc(vinfo->puballoc),
             OPENSSL_secure_malloc(vinfo->prvalloc), 1, 0, key))
         ret = parse_prvkey(in, mdctx, key);