artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4846d4e)
ecdh_cms_encrypt: simplify setting the KDF type
authortb <tb@openbsd.org>
Wed, 17 Apr 2024 13:56:36 +0000 (13:56 +0000)
committertb <tb@openbsd.org>
Wed, 17 Apr 2024 13:56:36 +0000 (13:56 +0000)
It is much simpler to avoid the key_type variable altogether and inline
its use. Also it makes no sense to have 15 unrelated lines between the
getting of the kdf type, checking its content, and then actually setting
it to EVP_PKEY_ECDH_KDF_X9_63.

ok jsing

lib/libcrypto/ec/ec_ameth.c patch | blob | history

diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c
index 38d5a0d..aa18a68 100644 (file)
--- a/lib/libcrypto/ec/ec_ameth.c
+++ b/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.58 2024/04/17 13:54:39 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.59 2024/04/17 13:56:36 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -921,7 +921,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
        ASN1_OCTET_STRING *ukm;
        unsigned char *penc = NULL;
        int penclen;
-       int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
+       int ecdh_nid, kdf_nid, wrap_nid;
        const EVP_MD *kdf_md;
        int ret = 0;
 
@@ -953,10 +953,11 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
                        goto err;
        }
 
-       /* See if custom parameters set */
-       kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
-       if (kdf_type <= 0)
+       if (EVP_PKEY_CTX_get_ecdh_kdf_type(pctx) != EVP_PKEY_ECDH_KDF_NONE)
                goto err;
+       if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
+               goto err;
+
        if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
                goto err;
        ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
@@ -967,14 +968,6 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
        else if (ecdh_nid == 1)
                ecdh_nid = NID_dh_cofactor_kdf;
 
-       if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
-               kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
-               if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
-                       goto err;
-       } else {
-               /* Unknown KDF */
-               goto err;
-       }
        if (kdf_md == NULL) {
                /* Fixme later for better MD */
                kdf_md = EVP_sha1();
OpenBSD src
by Ahmet Artu Yildirim