Pull up zeroing of out; drop unnecessary check

Move the zeroing of the output buffer a few lines up and remove an
unnecessary check.

requested/ok jsing

1 files changed, 3 insertions, 4 deletions

diff --git a/src/lib/libcrypto/ecdh/ecdh.c b/src/lib/libcrypto/ecdh/ecdh.c
index 5731f0ca3a..08183364f9 100644
--- a/src/lib/libcrypto/ecdh/ecdh.c
+++ b/src/lib/libcrypto/ecdh/ecdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdh.c,v 1.8 2023/07/28 09:29:24 tb Exp $ */
+/* $OpenBSD: ecdh.c,v 1.9 2023/07/28 09:30:22 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -246,20 +246,19 @@ ECDH_compute_key(void *out, size_t out_len, const EC_POINT *pub_key,
         if (!eckey->meth->compute_key(&secret, &secret_len, pub_key, eckey))
                 goto err;
 
+        memset(out, 0, out_len);
         if (KDF != NULL) {
                 if (KDF(secret, secret_len, out, &out_len) == NULL) {
                         ECerror(EC_R_KDF_FAILED);
                         goto err;
                 }
         } else {
-                memset(out, 0, out_len);
                 if (out_len < secret_len) {
                         /* The resulting key would be truncated. */
                         ECerror(EC_R_KEY_TRUNCATION);
                         goto err;
                 }
-                if (out_len > secret_len)
-                        out_len = secret_len;
+                out_len = secret_len;
                 memcpy(out, secret, out_len);
         }