From 21a0d9f3edda78d27d12cd7704de9e32976393ba Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Thu, 2 Sep 2021 16:49:37 +1000
Subject: [PATCH] Fix dh dupctx refcount error

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16495)
---
 providers/implementations/exchange/dh_exch.c |  5 ++---
 test/evp_test.c                              | 11 +++++++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c
index 1dffc8d1126..ea05b3177e8 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -238,7 +238,6 @@ static int dh_derive(void *vpdhctx, unsigned char *secret,
     return 0;
 }
 
-
 static void dh_freectx(void *vpdhctx)
 {
     PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx;
@@ -271,12 +270,12 @@ static void *dh_dupctx(void *vpdhctx)
     dstctx->kdf_ukm = NULL;
     dstctx->kdf_cekalg = NULL;
 
-    if (dstctx->dh != NULL && !DH_up_ref(srcctx->dh))
+    if (srcctx->dh != NULL && !DH_up_ref(srcctx->dh))
         goto err;
     else
         dstctx->dh = srcctx->dh;
 
-    if (dstctx->dhpeer != NULL && !DH_up_ref(srcctx->dhpeer))
+    if (srcctx->dhpeer != NULL && !DH_up_ref(srcctx->dhpeer))
         goto err;
     else
         dstctx->dhpeer = srcctx->dhpeer;
diff --git a/test/evp_test.c b/test/evp_test.c
index 075abc5ad93..eda8c827f90 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1848,11 +1848,17 @@ static int pderive_test_parse(EVP_TEST *t,
 
 static int pderive_test_run(EVP_TEST *t)
 {
+    EVP_PKEY_CTX *dctx = NULL;
     PKEY_DATA *expected = t->data;
     unsigned char *got = NULL;
     size_t got_len;
 
-    if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
+    if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
+        t->err = "DERIVE_ERROR";
+        goto err;
+    }
+
+    if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0) {
         t->err = "DERIVE_ERROR";
         goto err;
     }
@@ -1860,7 +1866,7 @@ static int pderive_test_run(EVP_TEST *t)
         t->err = "DERIVE_ERROR";
         goto err;
     }
-    if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
+    if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
         t->err = "DERIVE_ERROR";
         goto err;
     }
@@ -1872,6 +1878,7 @@ static int pderive_test_run(EVP_TEST *t)
     t->err = NULL;
  err:
     OPENSSL_free(got);
+    EVP_PKEY_CTX_free(dctx);
     return 1;
 }
 
-- 
2.47.2