Commit c920796adf for openssl.org
commit c920796adf607fb7b626bb06e55b0bc9762ad4e2
Author: Minh Vu <vuhoangminh97@gmail.com>
Date: Sun May 31 20:34:17 2026 +0200
quic: cleanse derived IV on setup failure
el_build_keyslot() derives the QUIC IV before the success path stores
*out_iv_len. If a later step fails, the error cleanup currently uses
*out_iv_len and ends up cleansing zero bytes.
Cleanse the caller buffer using the local iv_len instead so the
derived IV is cleared on all post-derivation failure paths.
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Daniel Kubec <kubec@openssl.foundation>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon Jun 8 08:53:50 2026
(Merged from https://github.com/openssl/openssl/pull/31346)
diff --git a/ssl/quic/quic_record_shared.c b/ssl/quic/quic_record_shared.c
index ccc6f2901b..05d4d00b13 100644
--- a/ssl/quic/quic_record_shared.c
+++ b/ssl/quic/quic_record_shared.c
@@ -169,7 +169,7 @@ err:
EVP_CIPHER_CTX_free(cctx);
EVP_CIPHER_free(cipher);
OPENSSL_cleanse(key, sizeof(key));
- OPENSSL_cleanse(out_iv, *out_iv_len);
+ OPENSSL_cleanse(out_iv, iv_len);
return 0;
}