ossl_qrl_enc_level_set_provide_secret(): Avoid leaking keyslot in error condition

Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22600)
author: Tomas Mraz <tomas@openssl.org> 2023-11-02 17:19:38 +0100
committer: Hugo Landau <hlandau@openssl.org> 2023-11-06 07:47:17 +0000
commit: 0c2aabbaeacf1cc9864daaed11fae755fe7bc025 (patch)
tree: 645ac27c50aa05e33033f40e60d20f06709122e3 /ssl
parent: f1e0c94545a6eb02914a31c3d94bf96387ebc68d (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/ssl/quic/quic_record_shared.c b/ssl/quic/quic_record_shared.c
index 36807c7dd5..a3fd51db6d 100644
--- a/ssl/quic/quic_record_shared.c
+++ b/ssl/quic/quic_record_shared.c
@@ -185,7 +185,7 @@ static int el_setup_keyslot(OSSL_QRL_ENC_LEVEL_SET *els,
     EVP_CIPHER_free(cipher);
     return 1;
 
-err:
+ err:
     EVP_CIPHER_CTX_free(cctx);
     EVP_CIPHER_free(cipher);
     OPENSSL_cleanse(el->iv[keyslot], sizeof(el->iv[keyslot]));
@@ -327,16 +327,16 @@ int ossl_qrl_enc_level_set_provide_secret(OSSL_QRL_ENC_LEVEL_SET *els,
     el->state = QRL_EL_STATE_PROV_NORMAL;
     return 1;
 
-err:
+ err:
     el->suite_id = 0;
     el->md = NULL;
     OPENSSL_cleanse(hpr_key, sizeof(hpr_key));
     OPENSSL_cleanse(ku_key, sizeof(ku_key));
     OPENSSL_cleanse(el->ku, sizeof(el->ku));
     if (have_ks0)
-        el_teardown_keyslot(els, enc_level, 0);
+        el_teardown_keyslot(els, enc_level, init_keyslot);
     if (have_ks1)
-        el_teardown_keyslot(els, enc_level, 1);
+        el_teardown_keyslot(els, enc_level, !init_keyslot);
     if (own_md)
         EVP_MD_free(md);
     return 0;
author	Tomas Mraz <tomas@openssl.org>	2023-11-02 17:19:38 +0100
committer	Hugo Landau <hlandau@openssl.org>	2023-11-06 07:47:17 +0000
commit	0c2aabbaeacf1cc9864daaed11fae755fe7bc025 (patch)
tree	645ac27c50aa05e33033f40e60d20f06709122e3 /ssl
parent	f1e0c94545a6eb02914a31c3d94bf96387ebc68d (diff)