From 44d2fc55e6bc4adcd1241146f396ff5600d4811f Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Tue, 3 Mar 2020 10:27:22 -0700
Subject: [PATCH] scan-build fixes for wc_PKCS7_DecodeEnvelopedData()

---
 wolfcrypt/src/pkcs7.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 54c2eae18..27fa23a60 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -10317,22 +10317,22 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
 
                     if (GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
                         ret = ASN_PARSE_E;
-                        break;
                     }
 
-                    if (tag != ASN_OCTET_STRING) {
+                    if (ret == 0 && (tag != ASN_OCTET_STRING)) {
                         ret = ASN_PARSE_E;
-                        break;
                     }
 
                     if (ret == 0 && GetLength(pkiMsg, &idx,
                                 &encryptedContentSz, pkiMsgSz) <= 0) {
                         ret = ASN_PARSE_E;
-                        break;
                     }
 
-                    ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx],
-                                                      encryptedContentSz);
+                    if (ret == 0) {
+                        ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx],
+                                                          encryptedContentSz);
+                    }
+
                     if (ret != 0) {
                         break;
                     }
@@ -10340,6 +10340,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                     /* advance idx past encrypted content */
                     idx += encryptedContentSz;
                 }
+
+                if (ret != 0) {
+                    break;
+                }
+
             } else {
                 /* cache encrypted content, no OCTET STRING */
                 ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx],