Clean up confusing logic in CMS_EncryptedData_encrypt()

This makes it easier to read and more in line with other code in
libcrypto. Also add a missing error check for the CMS_set_detached()
call.

ok jsing kenjiro

lib/libcrypto/cms/cms_smime.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_smime.c,v 1.30 2025/11/03 14:29:50 tb Exp $ */
+/* $OpenBSD: cms_smime.c,v 1.31 2025/11/28 06:07:09 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -277,27 +277,32 @@ CMS_ContentInfo *
 CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
     const unsigned char *key, size_t keylen, unsigned int flags)
 {
-	CMS_ContentInfo *cms;
+	CMS_ContentInfo *cms = NULL;
 
-	if (!cipher) {
+	if (cipher == NULL) {
 		CMSerror(CMS_R_NO_CIPHER);
-		return NULL;
-	}
-	cms = CMS_ContentInfo_new();
-	if (cms == NULL)
-		return NULL;
-	if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) {
-		CMS_ContentInfo_free(cms);
-		return NULL;
+		goto err;
 	}
 
-	if (!(flags & CMS_DETACHED))
-		CMS_set_detached(cms, 0);
+	if ((cms = CMS_ContentInfo_new()) == NULL)
+		goto err;
 
-	if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
-	    CMS_final(cms, in, NULL, flags))
-		return cms;
+	if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+		goto err;
 
+	if ((flags & CMS_DETACHED) == 0) {
+		if (!CMS_set_detached(cms, 0))
+			goto err;
+	}
+
+	if ((flags & (CMS_STREAM | CMS_PARTIAL)) == 0) {
+		if (!CMS_final(cms, in, NULL, flags))
+			goto err;
+	}
+
+	return cms;
+
+ err:
 	CMS_ContentInfo_free(cms);
 
 	return NULL;