Remove do/while(0) loop in wc_PKCS7_DecodeEncryptedKeyPackage(); use if-else if chain

2025-08-03 20:54:41 +02:00 · 2025-07-10 15:25:57 -04:00
parent 6d51b73626
commit f776c95e54
1 changed files with 38 additions and 50 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -14888,59 +14888,47 @@ WOLFSSL_API int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7,
    word32 contentType = 0;
    int length = 0;
-    do {
+    if (pkiMsg == NULL) {
-        if (pkiMsg == NULL) {
+        ret = BAD_FUNC_ARG;
-            ret = BAD_FUNC_ARG;
+    }
-            break;
+    /* Expect a SEQUENCE header to start the EncryptedKeyPackage
-        }
+     * ContentInfo. */
-
+    else if (GetSequence_ex(pkiMsg, &pkiIndex, &length, pkiMsgSz, 1) < 0) {
-        /* Expect a SEQUENCE header to start the EncryptedKeyPackage
+        ret = ASN_PARSE_E;
-         * ContentInfo. */
+    }
-        if (GetSequence_ex(pkiMsg, &pkiIndex, &length, pkiMsgSz, 1) < 0) {
+    /* Validate the EncryptedKeyPackage OBJECT IDENTIFIER. */
-            ret = ASN_PARSE_E;
+    else if (wc_GetContentType(pkiMsg, &pkiIndex, &contentType, pkiMsgSz) < 0) {
-            break;
+        ret = ASN_PARSE_E;
-        }
+    }
-
+    else if (contentType != ENCRYPTED_KEY_PACKAGE) {
-        /* Validate the EncryptedKeyPackage OBJECT IDENTIFIER. */
+        WOLFSSL_MSG("PKCS#7 input not of type EncryptedKeyPackage");
-        if (wc_GetContentType(pkiMsg, &pkiIndex, &contentType, pkiMsgSz) < 0) {
+        ret = PKCS7_OID_E;
-            ret = ASN_PARSE_E;
+    }
-            break;
+    /* Expect content [0] tag */
-        }
+    else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
-
+                &pkiIndex, &length, pkiMsgSz) < 0) {
-        if (contentType != ENCRYPTED_KEY_PACKAGE) {
+        ret = ASN_PARSE_E;
-            WOLFSSL_MSG("PKCS#7 input not of type EncryptedKeyPackage");
+    }
-            ret = PKCS7_OID_E;
+    /* Check for an EncryptedKeyPackage explicit CHOICE [0] tag, indicating
-            break;
+     * an EnvelopedData subtype. */
-        }
+    else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
-
+                &pkiIndex, &length, pkiMsgSz) >= 0) {
-        /* Expect content [0] tag */
+        /* An explicit CHOICE [0] tag was found. pkiIndex now should point
-        if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
+         * to the EnvelopedData ContentInfo object within the
-                    &pkiIndex, &length, pkiMsgSz) < 0) {
+         * EncryptedKeyPackage. */
-            ret = ASN_PARSE_E;
+        ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, &pkiMsg[pkiIndex],
-            break;
+                pkiMsgSz - pkiIndex, output, outputSz);
-        }
+    }
-
+    else {
        /* Check for an EncryptedKeyPackage explicit CHOICE [0] tag, indicating
         * an EnvelopedData subtype. */
        if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
                    &pkiIndex, &length, pkiMsgSz) >= 0) {
            /* An explicit CHOICE [0] tag was found. pkiIndex now should point
             * to the EnvelopedData ContentInfo object within the
             * EncryptedKeyPackage. */
            ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, &pkiMsg[pkiIndex],
                    pkiMsgSz - pkiIndex, output, outputSz);
        }
        else {
 #ifndef NO_PKCS7_ENCRYPTED_DATA
-            /* An explicit CHOICE [0] tag was not found. Check if we have an
+        /* An explicit CHOICE [0] tag was not found. Check if we have an
-             * EncryptedData blob. */
+         * EncryptedData blob. */
-            ret = wc_PKCS7_DecodeEncryptedData(pkcs7, &pkiMsg[pkiIndex],
+        ret = wc_PKCS7_DecodeEncryptedData(pkcs7, &pkiMsg[pkiIndex],
-                    pkiMsgSz - pkiIndex, output, outputSz);
+                pkiMsgSz - pkiIndex, output, outputSz);
 #else
-            ret = ASN_PARSE_E;
+        ret = ASN_PARSE_E;
 #endif
-        }
+    }
    } while(0);
    return ret;
 }