From 9e1ab34f681a4aaf84ec91a6d2b36c59c85b73d7 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 30 Jan 2026 13:51:44 +0000
Subject: EVP_SealInit(): minor cleanup.

Explicitly compare pointers against NULL, turn the function into single
exit, add hint at why npubk <= 0 or pubk == NULL are a success path:

The documentation briefly explains that EVP_OpenInit() and EVP_SealInit()
is able to initialize the EVP_CIPHER_CTX in two steps exactly like the
EVP_CipherInit_ex() API they wrap: the first call with non-NULL cipher
(aka type) only sets the cipher on the ctx, then it returns to allow
callers to customize the EVP_CIPHER_CTX, and a second call with
cipher == NULL skips the initialization and finishes the ctx setup
by setting key and iv.

Prompted by a report by Niels Dossche.

ok jsing kenjiro
---
 src/lib/libcrypto/evp/p_legacy.c | 36 +++++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 11 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c
index 521bddaa02..02153be20b 100644
--- a/src/lib/libcrypto/evp/p_legacy.c
+++ b/src/lib/libcrypto/evp/p_legacy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: p_legacy.c,v 1.9 2026/01/30 13:47:22 tb Exp $ */
+/*	$OpenBSD: p_legacy.c,v 1.10 2026/01/30 13:51:44 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -164,33 +164,47 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
 {
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	int i, iv_len;
+	int ret = 0;
 
-	if (type) {
+	if (type != NULL) {
 		if (!EVP_CIPHER_CTX_reset(ctx))
-			return 0;
+			goto err;
 		if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
-			return 0;
+			goto err;
 	}
-	if ((npubk <= 0) || !pubk)
-		return 1;
+
+	/*
+	 * Per manpage: "it is possible to call EVP_SealInit() twice in the
+	 * same way as EVP_EncryptInit(3)." The return 1 indicates success.
+	 */
+	if (npubk <= 0 || pubk == NULL) {
+		npubk = 1;
+		goto done;
+	}
+
 	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-		return 0;
+		goto err;
 	/* XXX - upper bound? */
 	if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
-		return 0;
+		goto err;
 	if (iv_len > 0)
 		arc4random_buf(iv, iv_len);
 
 	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
-		return 0;
+		goto err;
 
 	for (i = 0; i < npubk; i++) {
 		ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
 		    EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
 		if (ekl[i] <= 0)
-			return 0;
+			goto err;
 	}
-	return (npubk);
+
+ done:
+	ret = npubk;
+
+ err:
+	return ret;
 }
 LCRYPTO_ALIAS(EVP_SealInit);
 
-- 
cgit v1.2.3-55-g6feb