Skip to content

quic: fix keyslot cctx leak by not checking EL state in teardown#31323

Open
bukka wants to merge 1 commit into
openssl:masterfrom
bukka:quic-record-el-teardown-enc-level-check-memleak
Open

quic: fix keyslot cctx leak by not checking EL state in teardown#31323
bukka wants to merge 1 commit into
openssl:masterfrom
bukka:quic-record-el-teardown-enc-level-check-memleak

Conversation

@bukka
Copy link
Copy Markdown
Member

@bukka bukka commented May 28, 2026

el_teardown_keyslot() decided whether to free a keyslot by calling ossl_qrl_enc_level_set_has_keyslot() against the EL's current state. On error paths the state does not yet match the slots that were provisioned, so the check returned 0 and the cctx and iv were leaked.

The fix drops the state check and rely on the existing cctx != NULL check which is sufficient for all callers of el_teardown_keyslot().

I have done some analysis of all callers to be really sure that it does rely on that check in any way. Specifically the current caller are:

  • provide_secret() error path (both keyslots) - state is UNPROV, has_keyslot() returns 0 which is the leak that is being fixed
  • key_cooldown_done() error path - slot is set up under PROV_NORMAL then torn down while state is still PROV_COOLDOWN which resulted in that check being false and another path that leaks.
  • key_update() (TX) - state PROV_NORMAL, check already true so it still frees fine.
  • key_update_done() - state PROV_UPDATING, check already true so it still frees the old slot.
  • discard() (reachable from RX, TX, and INITIAL reprovision) - tears down both slots by index. In every state the slots holding a context already pass the check, or the misaligned slot is NULL and the inner guard no-ops it. No leak today, no behavioral change except a harmless cleanse of an unused IV.

So it should be hopefully safe to remove. :)

@bukka
quic: fix keyslot cctx leak by not checking EL state in teardown
e5c8b2c 
el_teardown_keyslot() decided whether to free a keyslot by calling
ossl_qrl_enc_level_set_has_keyslot() against the EL's current state.
On error paths the state does not yet match the slots that were
provisioned, so the check returned 0 and the cctx and iv were leaked.

The fix drops the state check and rely on the existing cctx != NULL
check which is sufficient for all callers of el_teardown_keyslot().
@bukka bukka self-assigned this May 28, 2026
@bukka bukka moved this to Waiting Review in Development Board May 28, 2026
@bukka bukka mentioned this pull request May 28, 2026
Draft
@openssl-machine openssl-machine added the approval: review pending This pull request needs review by a committer label May 29, 2026
@t8m t8m added branch: master Applies to master branch triaged: bug The issue/pr is/fixes a bug tests: deferred Tests will be added in a subsequent PR (label should be removed when the PR with tests is merged) branch: 3.5 Applies to openssl-3.5 branch: 3.6 Applies to openssl-3.6 branch: 4.0 Applies to openssl-4.0 labels May 29, 2026
@openssl-machine openssl-machine added the approval: done This pull request has the required number of approvals label May 29, 2026
@github-project-automation github-project-automation Bot moved this from Waiting Review to Waiting Merge in Development Board May 29, 2026
@openssl-machine openssl-machine removed the approval: review pending This pull request needs review by a committer label May 29, 2026
Sashan
Sashan approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Sashan Sashan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good.

@Sashan Sashan mentioned this pull request May 29, 2026
Closed
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels May 30, 2026
@openssl-machine
Copy link
Copy Markdown
Collaborator

openssl-machine commented May 30, 2026

This pull request is ready to merge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sashan Sashan Sashan approved these changes

@t8m t8m t8m approved these changes

@mattcaswell mattcaswell mattcaswell approved these changes

Assignees

@bukka bukka

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Applies to master branch branch: 3.5 Applies to openssl-3.5 branch: 3.6 Applies to openssl-3.6 branch: 4.0 Applies to openssl-4.0 tests: deferred Tests will be added in a subsequent PR (label should be removed when the PR with tests is merged) triaged: bug The issue/pr is/fixes a bug

Projects

Development Board
Status: Waiting Merge

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bukka @openssl-machine @Sashan @t8m @mattcaswell