Keep the provided peer EVP_PKEY in the EVP_PKEY_CTX too

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26976) (cherry picked from commit c8654f79f4)
2025-03-04 18:43:18 +01:00 · 2025-03-04 18:43:18 +01:00 · cb286b6e09
commit cb286b6e09
parent 3cd8141715
1 changed files with 7 additions and 2 deletions
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@ -442,7 +442,10 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
     */
    if (provkey == NULL)
        goto legacy;
-    return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    if (ret <= 0)
+        return ret;
+    goto common;

 legacy:
 #ifdef FIPS_MODULE
@ -497,6 +500,9 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
    if (ret <= 0)
        return ret;
+#endif
+
+ common:
    if (!EVP_PKEY_up_ref(peer))
        return -1;

@ -504,7 +510,6 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
    ctx->peerkey = peer;

    return 1;
-#endif
 }

 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)