Keep the provided peer EVP_PKEY in the EVP_PKEY_CTX too

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26976)

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index d9eed1cea5be26a852e187026fba4ff2c0213084..70c2f441b9d7a091a5c2c78694bcc51dc04acc89 100644 (file)
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -431,7 +431,13 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
      */
     if (provkey == NULL)
         goto legacy;
-    return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    if (ret <= 0)
+        return ret;
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+    EVP_PKEY_up_ref(peer);
+    return 1;
 
  legacy:
 #ifdef FIPS_MODULE