quic: fix keyslot cctx leak by not checking EL state in teardown

el_teardown_keyslot() decided whether to free a keyslot by calling
ossl_qrl_enc_level_set_has_keyslot() against the EL's current state.
On error paths the state does not yet match the slots that were
provisioned, so the check returned 0 and the cctx and iv were leaked.

The fix drops the state check and rely on the existing cctx != NULL
check which is sufficient for all callers of el_teardown_keyslot().

Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Mon Jun  1 07:32:33 2026
(Merged from https://github.com/openssl/openssl/pull/31323)

diff --git a/ssl/quic/quic_record_shared.c b/ssl/quic/quic_record_shared.c
index e40a604e0d3acfb4ea2d3369f758975a1133a86f..ccc6f2901bf7d58a332485c657865a4de5137e47 100644 (file)
--- a/ssl/quic/quic_record_shared.c
+++ b/ssl/quic/quic_record_shared.c
@@ -87,9 +87,6 @@ static void el_teardown_keyslot(OSSL_QRL_ENC_LEVEL_SET *els,
 {
     OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
 
-    if (!ossl_qrl_enc_level_set_has_keyslot(els, enc_level, el->state, keyslot))
-        return;
-
     if (el->cctx[keyslot] != NULL) {
         EVP_CIPHER_CTX_free(el->cctx[keyslot]);
         el->cctx[keyslot] = NULL;