[openssl/openssl] 50fa6d: quic: delay el keyslot teardown after creation in ...
0 views
Skip to first unread message
Jakub Zelenka
May 29, 2026, 3:19:34 AM (yesterday) May 29
to openssl...@openssl.org
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 50fa6d38b32880d16a5679cfb186a6a118401963
https://github.com/openssl/openssl/commit/50fa6d38b32880d16a5679cfb186a6a118401963
Author: Jakub Zelenka <jakub....@openssl.foundation>
Date: 2026-05-29 (Fri, 29 May 2026)
Changed paths:
M ssl/quic/quic_record_shared.c
Log Message:
-----------
quic: delay el keyslot teardown after creation in setup
There is an issue for key update in TX path if any of the operation
fails during keyslot setup (e.g. due to memory failure), the cctx stays
set to NULL which results in failed assertion in qtx_encrypt_into_txe.
The fix splits the build and installation steps in
ossl_qrl_enc_level_set_key_update so the cctx teardown is done only
after the build is successful. The install is then non fallible so it
cannot end up with empty cctx.
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.foundation>
MergeDate: Fri May 29 07:18:36 2026
(Merged from https://github.com/openssl/openssl/pull/31268)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 50fa6d38b32880d16a5679cfb186a6a118401963
https://github.com/openssl/openssl/commit/50fa6d38b32880d16a5679cfb186a6a118401963
Author: Jakub Zelenka <jakub....@openssl.foundation>
Date: 2026-05-29 (Fri, 29 May 2026)
Changed paths:
M ssl/quic/quic_record_shared.c
Log Message:
-----------
quic: delay el keyslot teardown after creation in setup
There is an issue for key update in TX path if any of the operation
fails during keyslot setup (e.g. due to memory failure), the cctx stays
set to NULL which results in failed assertion in qtx_encrypt_into_txe.
The fix splits the build and installation steps in
ossl_qrl_enc_level_set_key_update so the cctx teardown is done only
after the build is successful. The install is then non fallible so it
cannot end up with empty cctx.
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.foundation>
MergeDate: Fri May 29 07:18:36 2026
(Merged from https://github.com/openssl/openssl/pull/31268)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages