Only set CMS parameter when encrypting

[openssl.git] / crypto / cms / cms_enc.c

diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index ffa85fc0dd9e59bbde115203de866832867b7539..7093511663384cc2cd83091296e2c8a38f496253 100644 (file)
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -1,4 +1,3 @@
-/* crypto/cms/cms_enc.c */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -52,7 +51,7 @@
  * ====================================================================
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
@@ -63,8 +62,6 @@
 
 /* CMS EncryptedData Utilities */
 
-DECLARE_ASN1_ITEM(CMS_EncryptedData)
-
 /* Return BIO based on EncryptedContentInfo and key */
 
 BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
@@ -84,7 +81,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
     enc = ec->cipher ? 1 : 0;
 
     b = BIO_new(BIO_f_cipher());
-    if (!b) {
+    if (b == NULL) {
         CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -132,7 +129,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
     /* Generate random session key */
     if (!enc || !ec->key) {
         tkey = OPENSSL_malloc(tkeylen);
-        if (!tkey) {
+        if (tkey == NULL) {
             CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -164,8 +161,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                 goto err;
             } else {
                 /* Use random key */
-                OPENSSL_cleanse(ec->key, ec->keylen);
-                OPENSSL_free(ec->key);
+                OPENSSL_clear_free(ec->key, ec->keylen);
                 ec->key = tkey;
                 ec->keylen = tkeylen;
                 tkey = NULL;
@@ -179,10 +175,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                CMS_R_CIPHER_INITIALISATION_ERROR);
         goto err;
     }
-
-    if (piv) {
+    if (enc) {
         calg->parameter = ASN1_TYPE_new();
-        if (!calg->parameter) {
+        if (calg->parameter == NULL) {
             CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -191,19 +186,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                    CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
             goto err;
         }
+        /* If parameter type not set omit parameter */
+        if (calg->parameter->type == V_ASN1_UNDEF) {
+            ASN1_TYPE_free(calg->parameter);
+            calg->parameter = NULL;
+        }
     }
     ok = 1;
 
  err:
-    if (ec->key && !keep_key) {
-        OPENSSL_cleanse(ec->key, ec->keylen);
-        OPENSSL_free(ec->key);
+    if (!keep_key || !ok) {
+        OPENSSL_clear_free(ec->key, ec->keylen);
         ec->key = NULL;
     }
-    if (tkey) {
-        OPENSSL_cleanse(tkey, tkeylen);
-        OPENSSL_free(tkey);
-    }
+    OPENSSL_clear_free(tkey, tkeylen);
     if (ok)
         return b;
     BIO_free(b);
@@ -217,7 +213,7 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
     ec->cipher = cipher;
     if (key) {
         ec->key = OPENSSL_malloc(keylen);
-        if (!ec->key)
+        if (ec->key == NULL)
             return 0;
         memcpy(ec->key, key, keylen);
     }