From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 4 Mar 2025 17:43:18 +0000 (+0100)
Subject: Keep the provided peer EVP_PKEY in the EVP_PKEY_CTX too
X-Git-Tag: openssl-3.3.4~137
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=782912cccc70f8c3fed4e49db2f479d97af0bdf9;p=thirdparty%2Fopenssl.git

Keep the provided peer EVP_PKEY in the EVP_PKEY_CTX too

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26976)

(cherry picked from commit 2656922febfc36f6b44cff1c363917685633b4c5)
---

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index d9eed1cea5b..70c2f441b9d 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -431,7 +431,13 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
      */
     if (provkey == NULL)
         goto legacy;
-    return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    if (ret <= 0)
+        return ret;
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+    EVP_PKEY_up_ref(peer);
+    return 1;
 
  legacy:
 #ifdef FIPS_MODULE