From fb295aa65c1e78f2ef50e3a911f00bd9735cd702 Mon Sep 17 00:00:00 2001
From: Nachel72 <Nachel72@outlook.com>
Date: Fri, 8 Aug 2025 19:40:46 +0800
Subject: [PATCH] crypto\cms\cms_kem.c: Add ASN1_TYPE_free when
 EVP_CIPHER_param_to_asn1() fails

Signed-off-by: Nachel72 <Nachel72@outlook.com>

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28210)
---
 crypto/cms/cms_kem.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crypto/cms/cms_kem.c b/crypto/cms/cms_kem.c
index ac698099e14..198a4dab3c2 100644
--- a/crypto/cms/cms_kem.c
+++ b/crypto/cms/cms_kem.c
@@ -135,8 +135,11 @@ static int kem_cms_encrypt(CMS_RecipientInfo *ri)
     wrap->parameter = ASN1_TYPE_new();
     if (wrap->parameter == NULL)
         goto err;
-    if (EVP_CIPHER_param_to_asn1(kekctx, wrap->parameter) <= 0)
+    if (EVP_CIPHER_param_to_asn1(kekctx, wrap->parameter) <= 0) {
+        ASN1_TYPE_free(wrap->parameter);
+        wrap->parameter = NULL;
         goto err;
+    }
     if (ASN1_TYPE_get(wrap->parameter) == NID_undef) {
         ASN1_TYPE_free(wrap->parameter);
         wrap->parameter = NULL;
-- 
2.47.3