[openssl/openssl] 4e0455: quic: delay el keyslot teardown after creation in ...
0 views
Skip to first unread message
Jakub Zelenka
May 29, 2026, 3:22:35 AM (yesterday) May 29
to openssl...@openssl.org
Branch: refs/heads/openssl-3.5
Home: https://github.com/openssl/openssl
Commit: 4e0455e2854b7ca019f119d295959610dbb86806
https://github.com/openssl/openssl/commit/4e0455e2854b7ca019f119d295959610dbb86806
Author: Jakub Zelenka <jakub....@openssl.foundation>
Date: 2026-05-29 (Fri, 29 May 2026)
Changed paths:
M ssl/quic/quic_record_shared.c
Log Message:
-----------
quic: delay el keyslot teardown after creation in setup
There is an issue for key update in TX path if any of the operation
fails during keyslot setup (e.g. due to memory failure), the cctx stays
set to NULL which results in failed assertion in qtx_encrypt_into_txe.
The fix splits the build and installation steps in
ossl_qrl_enc_level_set_key_update so the cctx teardown is done only
after the build is successful. The install is then non fallible so it
cannot end up with empty cctx.
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.foundation>
MergeDate: Fri May 29 07:20:11 2026
(Merged from https://github.com/openssl/openssl/pull/31268)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 4e0455e2854b7ca019f119d295959610dbb86806
https://github.com/openssl/openssl/commit/4e0455e2854b7ca019f119d295959610dbb86806
Author: Jakub Zelenka <jakub....@openssl.foundation>
Date: 2026-05-29 (Fri, 29 May 2026)
Changed paths:
M ssl/quic/quic_record_shared.c
Log Message:
-----------
quic: delay el keyslot teardown after creation in setup
There is an issue for key update in TX path if any of the operation
fails during keyslot setup (e.g. due to memory failure), the cctx stays
set to NULL which results in failed assertion in qtx_encrypt_into_txe.
The fix splits the build and installation steps in
ossl_qrl_enc_level_set_key_update so the cctx teardown is done only
after the build is successful. The install is then non fallible so it
cannot end up with empty cctx.
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.foundation>
MergeDate: Fri May 29 07:20:11 2026
(Merged from https://github.com/openssl/openssl/pull/31268)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages