From: Minh Vu <vuhoangminh97@gmail.com>
Date: Sun, 31 May 2026 18:34:17 +0000 (+0200)
Subject: quic: cleanse derived IV on setup failure
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=c920796adf607fb7b626bb06e55b0bc9762ad4e2;p=thirdparty%2Fopenssl.git

quic: cleanse derived IV on setup failure

el_build_keyslot() derives the QUIC IV before the success path stores
*out_iv_len. If a later step fails, the error cleanup currently uses
*out_iv_len and ends up cleansing zero bytes.

Cleanse the caller buffer using the local iv_len instead so the
derived IV is cleared on all post-derivation failure paths.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Daniel Kubec <kubec@openssl.foundation>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon Jun  8 08:53:50 2026
(Merged from https://github.com/openssl/openssl/pull/31346)
---

diff --git a/ssl/quic/quic_record_shared.c b/ssl/quic/quic_record_shared.c
index ccc6f2901bf..05d4d00b138 100644
--- a/ssl/quic/quic_record_shared.c
+++ b/ssl/quic/quic_record_shared.c
@@ -169,7 +169,7 @@ err:
     EVP_CIPHER_CTX_free(cctx);
     EVP_CIPHER_free(cipher);
     OPENSSL_cleanse(key, sizeof(key));
-    OPENSSL_cleanse(out_iv, *out_iv_len);
+    OPENSSL_cleanse(out_iv, iv_len);
     return 0;
 }