Commit f9e7cb8cd4 for openssl.org

commit f9e7cb8cd45aac3e52a309f10d084c447c3945ed
Author: rootvector2 <dxbnaveed.k@gmail.com>
Date:   Sun May 31 22:52:26 2026 +0530

    lms: free previous encoded public key in ossl_lms_pubkey_decode

    ossl_lms_pubkey_decode() only freed pkey->encoded when the new public key
    had a different length, so re-decoding a same-length key on the documented
    repeated-call path overwrote the old buffer without freeing it. Always free
    the existing buffer first.

    Also clear pkey->encodedlen on the error path so a failed decode leaves the
    key in a consistent state instead of keeping a stale length.

    CLA: trivial

    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    Reviewed-by: Bob Beck <beck@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Thu Jun 25 16:58:46 2026
    (Merged from https://github.com/openssl/openssl/pull/31345)

diff --git a/crypto/lms/lms_pubkey_decode.c b/crypto/lms/lms_pubkey_decode.c
index 8c2ee0ff5e..29ca1d44af 100644
--- a/crypto/lms/lms_pubkey_decode.c
+++ b/crypto/lms/lms_pubkey_decode.c
@@ -95,7 +95,7 @@ int ossl_lms_pubkey_decode(const unsigned char *pub, size_t publen,
 {
     LMS_PUB_KEY *pkey = &lmskey->pub;

-    if (pkey->encoded != NULL && pkey->encodedlen != publen) {
+    if (pkey->encoded != NULL) {
         OPENSSL_free(pkey->encoded);
         pkey->encodedlen = 0;
     }
@@ -110,6 +110,7 @@ int ossl_lms_pubkey_decode(const unsigned char *pub, size_t publen,
 err:
     OPENSSL_free(pkey->encoded);
     pkey->encoded = NULL;
+    pkey->encodedlen = 0;
     return 0;
 }