From: Andrew Dinh <andrewd@openssl.org>
Date: Wed, 19 Feb 2025 06:29:07 +0000 (+0700)
Subject: EVP_PKEY_derive_set_peer_ex(): Don't free peer on error
X-Git-Tag: openssl-3.5.0-alpha1~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4fab70bfb6829e4904120769b8e24a99a91cc43;p=thirdparty%2Fopenssl.git

EVP_PKEY_derive_set_peer_ex(): Don't free peer on error

In EVP_PKEY_derive_set_peer_ex, don't free peer
on error. Revert to existing functionality.

Bug was introduced with
https://github.com/openssl/openssl/pull/26294

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26823)
---

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 0c27d34ba44..a24b54dd71b 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -494,20 +494,15 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
         return -1;
     }
 
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
+    if (ret <= 0)
+        return ret;
     if (!EVP_PKEY_up_ref(peer))
         return -1;
 
     EVP_PKEY_free(ctx->peerkey);
     ctx->peerkey = peer;
 
-    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
-
-    if (ret <= 0) {
-        EVP_PKEY_free(ctx->peerkey);
-        ctx->peerkey = NULL;
-        return ret;
-    }
-
     return 1;
 #endif
 }