X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fexchange.c;fp=crypto%2Fevp%2Fexchange.c;h=142a820651625b7d6c8ae26837cc4bf8906dccfe;hp=901081d062d3eeb0303563e68375afd06865b9cd;hb=3f7ce7f1029c01c2c4d00e14ffc9630d26f485a4;hpb=8e90e3d53665854d76d6d46491b38f0e2a802428

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 901081d062..142a820651 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -309,8 +309,12 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
         return -2;
     }
 
-    provkey = evp_keymgmt_util_export_to_provider(peer, ctx->keymgmt);
-    /* If export failed, legacy may be able to pick it up */
+    provkey = evp_pkey_make_provided(peer, ctx->libctx, &ctx->keymgmt,
+                                     ctx->propquery);
+    /*
+     * If making the key provided wasn't possible, legacy may be able to pick
+     * it up
+     */
     if (provkey == NULL)
         goto legacy;
     return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);
@@ -319,6 +323,10 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
 #ifdef FIPS_MODE
     return ret;
 #else
+    /*
+     * TODO(3.0) investigate the case where the operation is deemed legacy,
+     * but the given peer key is provider only.
+     */
     if (ctx->pmeth == NULL
         || !(ctx->pmeth->derive != NULL
              || ctx->pmeth->encrypt != NULL