1 files changed, 6 insertions, 13 deletions
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 38d5a0d1e1..aa18a68234 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.58 2024/04/17 13:54:39 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.59 2024/04/17 13:56:36 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -921,7 +921,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
        ASN1_OCTET_STRING *ukm;
        unsigned char *penc = NULL;
        int penclen;
-        int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
+        int ecdh_nid, kdf_nid, wrap_nid;
        const EVP_MD *kdf_md;
        int ret = 0;
@@ -953,10 +953,11 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
                        goto err;
        }
-        /* See if custom parameters set */
+        if (EVP_PKEY_CTX_get_ecdh_kdf_type(pctx) != EVP_PKEY_ECDH_KDF_NONE)
-        kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
-        if (kdf_type <= 0)
                goto err;
+        if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
+                goto err;
        if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
                goto err;
        ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
@@ -967,14 +968,6 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
        else if (ecdh_nid == 1)
                ecdh_nid = NID_dh_cofactor_kdf;
-        if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
-                kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
-                if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
-                        goto err;
-        } else {
-                /* Unknown KDF */
-                goto err;
-        }
        if (kdf_md == NULL) {
                /* Fixme later for better MD */
                kdf_md = EVP_sha1();