From: tb Date: Wed, 17 Apr 2024 13:56:36 +0000 (+0000) Subject: ecdh_cms_encrypt: simplify setting the KDF type X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=de597bf0ee616d52313fe4be4d0b034c1dc93c01;p=openbsd ecdh_cms_encrypt: simplify setting the KDF type It is much simpler to avoid the key_type variable altogether and inline its use. Also it makes no sense to have 15 unrelated lines between the getting of the kdf type, checking its content, and then actually setting it to EVP_PKEY_ECDH_KDF_X9_63. ok jsing --- diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c index 38d5a0d1e18..aa18a682346 100644 --- a/lib/libcrypto/ec/ec_ameth.c +++ b/lib/libcrypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.58 2024/04/17 13:54:39 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.59 2024/04/17 13:56:36 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -921,7 +921,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) ASN1_OCTET_STRING *ukm; unsigned char *penc = NULL; int penclen; - int ecdh_nid, kdf_type, kdf_nid, wrap_nid; + int ecdh_nid, kdf_nid, wrap_nid; const EVP_MD *kdf_md; int ret = 0; @@ -953,10 +953,11 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) goto err; } - /* See if custom parameters set */ - kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx); - if (kdf_type <= 0) + if (EVP_PKEY_CTX_get_ecdh_kdf_type(pctx) != EVP_PKEY_ECDH_KDF_NONE) goto err; + if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) + goto err; + if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md)) goto err; ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx); @@ -967,14 +968,6 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) else if (ecdh_nid == 1) ecdh_nid = NID_dh_cofactor_kdf; - if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_63; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) - goto err; - } else { - /* Unknown KDF */ - goto err; - } if (kdf_md == NULL) { /* Fixme later for better MD */ kdf_md = EVP_sha1();