From 25e047ad935a9d585bc84fe9aae3de40dbad3e72 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 28 Nov 2025 06:07:09 +0000
Subject: Clean up confusing logic in CMS_EncryptedData_encrypt()

This makes it easier to read and more in line with other code in
libcrypto. Also add a missing error check for the CMS_set_detached()
call.

ok jsing kenjiro
---
 src/lib/libcrypto/cms/cms_smime.c | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index a8ddf7c67c..a4918643d2 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_smime.c,v 1.30 2025/11/03 14:29:50 tb Exp $ */
+/* $OpenBSD: cms_smime.c,v 1.31 2025/11/28 06:07:09 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -277,27 +277,32 @@ CMS_ContentInfo *
 CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
     const unsigned char *key, size_t keylen, unsigned int flags)
 {
-	CMS_ContentInfo *cms;
+	CMS_ContentInfo *cms = NULL;
 
-	if (!cipher) {
+	if (cipher == NULL) {
 		CMSerror(CMS_R_NO_CIPHER);
-		return NULL;
+		goto err;
 	}
-	cms = CMS_ContentInfo_new();
-	if (cms == NULL)
-		return NULL;
-	if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) {
-		CMS_ContentInfo_free(cms);
-		return NULL;
+
+	if ((cms = CMS_ContentInfo_new()) == NULL)
+		goto err;
+
+	if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+		goto err;
+
+	if ((flags & CMS_DETACHED) == 0) {
+		if (!CMS_set_detached(cms, 0))
+			goto err;
 	}
 
-	if (!(flags & CMS_DETACHED))
-		CMS_set_detached(cms, 0);
+	if ((flags & (CMS_STREAM | CMS_PARTIAL)) == 0) {
+		if (!CMS_final(cms, in, NULL, flags))
+			goto err;
+	}
 
-	if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
-	    CMS_final(cms, in, NULL, flags))
-		return cms;
+	return cms;
 
+ err:
 	CMS_ContentInfo_free(cms);
 
 	return NULL;
-- 
cgit v1.2.3-55-g6feb