From e3087f823baebb7e1da282a7493dbe467ff333fe Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 17 Apr 2024 13:57:58 +0000
Subject: ecdh_cms_encrypt: handle kdf_md in one go

Again the getting and the setting were interrupted by ten lines of
completely unrelated code.

ok jsing
---
 src/lib/libcrypto/ec/ec_ameth.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index aa18a68234..120d07548c 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.59 2024/04/17 13:56:36 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.60 2024/04/17 13:57:58 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -958,8 +958,6 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 	if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
 		goto err;
 
-	if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
-		goto err;
 	ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
 	if (ecdh_nid < 0)
 		goto err;
@@ -968,6 +966,8 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 	else if (ecdh_nid == 1)
 		ecdh_nid = NID_dh_cofactor_kdf;
 
+	if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
+		goto err;
 	if (kdf_md == NULL) {
 		/* Fixme later for better MD */
 		kdf_md = EVP_sha1();
-- 
cgit v1.2.3-55-g6feb