From f776c95e547c1871976eda5403eee3bd2cf9124b Mon Sep 17 00:00:00 2001 From: Josh Holtrop Date: Thu, 10 Jul 2025 15:25:57 -0400 Subject: [PATCH] Remove do/while(0) loop in wc_PKCS7_DecodeEncryptedKeyPackage(); use if-else if chain --- wolfcrypt/src/pkcs7.c | 88 +++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 50 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index aa94985a7..55b6bd09e 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -14888,59 +14888,47 @@ WOLFSSL_API int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, word32 contentType = 0; int length = 0; - do { - if (pkiMsg == NULL) { - ret = BAD_FUNC_ARG; - break; - } - - /* Expect a SEQUENCE header to start the EncryptedKeyPackage - * ContentInfo. */ - if (GetSequence_ex(pkiMsg, &pkiIndex, &length, pkiMsgSz, 1) < 0) { - ret = ASN_PARSE_E; - break; - } - - /* Validate the EncryptedKeyPackage OBJECT IDENTIFIER. */ - if (wc_GetContentType(pkiMsg, &pkiIndex, &contentType, pkiMsgSz) < 0) { - ret = ASN_PARSE_E; - break; - } - - if (contentType != ENCRYPTED_KEY_PACKAGE) { - WOLFSSL_MSG("PKCS#7 input not of type EncryptedKeyPackage"); - ret = PKCS7_OID_E; - break; - } - - /* Expect content [0] tag */ - if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, - &pkiIndex, &length, pkiMsgSz) < 0) { - ret = ASN_PARSE_E; - break; - } - - /* Check for an EncryptedKeyPackage explicit CHOICE [0] tag, indicating - * an EnvelopedData subtype. */ - if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, - &pkiIndex, &length, pkiMsgSz) >= 0) { - /* An explicit CHOICE [0] tag was found. pkiIndex now should point - * to the EnvelopedData ContentInfo object within the - * EncryptedKeyPackage. */ - ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, &pkiMsg[pkiIndex], - pkiMsgSz - pkiIndex, output, outputSz); - } - else { + if (pkiMsg == NULL) { + ret = BAD_FUNC_ARG; + } + /* Expect a SEQUENCE header to start the EncryptedKeyPackage + * ContentInfo. */ + else if (GetSequence_ex(pkiMsg, &pkiIndex, &length, pkiMsgSz, 1) < 0) { + ret = ASN_PARSE_E; + } + /* Validate the EncryptedKeyPackage OBJECT IDENTIFIER. */ + else if (wc_GetContentType(pkiMsg, &pkiIndex, &contentType, pkiMsgSz) < 0) { + ret = ASN_PARSE_E; + } + else if (contentType != ENCRYPTED_KEY_PACKAGE) { + WOLFSSL_MSG("PKCS#7 input not of type EncryptedKeyPackage"); + ret = PKCS7_OID_E; + } + /* Expect content [0] tag */ + else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, + &pkiIndex, &length, pkiMsgSz) < 0) { + ret = ASN_PARSE_E; + } + /* Check for an EncryptedKeyPackage explicit CHOICE [0] tag, indicating + * an EnvelopedData subtype. */ + else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, + &pkiIndex, &length, pkiMsgSz) >= 0) { + /* An explicit CHOICE [0] tag was found. pkiIndex now should point + * to the EnvelopedData ContentInfo object within the + * EncryptedKeyPackage. */ + ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, &pkiMsg[pkiIndex], + pkiMsgSz - pkiIndex, output, outputSz); + } + else { #ifndef NO_PKCS7_ENCRYPTED_DATA - /* An explicit CHOICE [0] tag was not found. Check if we have an - * EncryptedData blob. */ - ret = wc_PKCS7_DecodeEncryptedData(pkcs7, &pkiMsg[pkiIndex], - pkiMsgSz - pkiIndex, output, outputSz); + /* An explicit CHOICE [0] tag was not found. Check if we have an + * EncryptedData blob. */ + ret = wc_PKCS7_DecodeEncryptedData(pkcs7, &pkiMsg[pkiIndex], + pkiMsgSz - pkiIndex, output, outputSz); #else - ret = ASN_PARSE_E; + ret = ASN_PARSE_E; #endif - } - } while(0); + } return ret; }