Remove do/while(0) loop in wc_PKCS7_DecodeEncryptedKeyPackage(); use if-else if chain

holtrop-wolfssl · holtrop-wolfssl · commit f776c95e547c · 2025-07-10T15:25:57.000-04:00
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
@@ -14888,59 +14888,47 @@ WOLFSSL_API int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7,
     word32 contentType = 0;
     int length = 0;
 
-    do {
-        if (pkiMsg == NULL) {
-            ret = BAD_FUNC_ARG;
-            break;
-        }
-
-        /* Expect a SEQUENCE header to start the EncryptedKeyPackage
-         * ContentInfo. */
-        if (GetSequence_ex(pkiMsg, &pkiIndex, &length, pkiMsgSz, 1) < 0) {
-            ret = ASN_PARSE_E;
-            break;
-        }
-
-        /* Validate the EncryptedKeyPackage OBJECT IDENTIFIER. */
-        if (wc_GetContentType(pkiMsg, &pkiIndex, &contentType, pkiMsgSz) < 0) {
-            ret = ASN_PARSE_E;
-            break;
-        }
-
-        if (contentType != ENCRYPTED_KEY_PACKAGE) {
-            WOLFSSL_MSG("PKCS#7 input not of type EncryptedKeyPackage");
-            ret = PKCS7_OID_E;
-            break;
-        }
-
-        /* Expect content [0] tag */
-        if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
-                    &pkiIndex, &length, pkiMsgSz) < 0) {
-            ret = ASN_PARSE_E;
-            break;
-        }
-
-        /* Check for an EncryptedKeyPackage explicit CHOICE [0] tag, indicating
-         * an EnvelopedData subtype. */
-        if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
-                    &pkiIndex, &length, pkiMsgSz) >= 0) {
-            /* An explicit CHOICE [0] tag was found. pkiIndex now should point
-             * to the EnvelopedData ContentInfo object within the
-             * EncryptedKeyPackage. */
-            ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, &pkiMsg[pkiIndex],
-                    pkiMsgSz - pkiIndex, output, outputSz);
-        }
-        else {
+    if (pkiMsg == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Expect a SEQUENCE header to start the EncryptedKeyPackage
+     * ContentInfo. */
+    else if (GetSequence_ex(pkiMsg, &pkiIndex, &length, pkiMsgSz, 1) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Validate the EncryptedKeyPackage OBJECT IDENTIFIER. */
+    else if (wc_GetContentType(pkiMsg, &pkiIndex, &contentType, pkiMsgSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    else if (contentType != ENCRYPTED_KEY_PACKAGE) {
+        WOLFSSL_MSG("PKCS#7 input not of type EncryptedKeyPackage");
+        ret = PKCS7_OID_E;
+    }
+    /* Expect content [0] tag */
+    else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
+                &pkiIndex, &length, pkiMsgSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Check for an EncryptedKeyPackage explicit CHOICE [0] tag, indicating
+     * an EnvelopedData subtype. */
+    else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
+                &pkiIndex, &length, pkiMsgSz) >= 0) {
+        /* An explicit CHOICE [0] tag was found. pkiIndex now should point
+         * to the EnvelopedData ContentInfo object within the
+         * EncryptedKeyPackage. */
+        ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, &pkiMsg[pkiIndex],
+                pkiMsgSz - pkiIndex, output, outputSz);
+    }
+    else {
 #ifndef NO_PKCS7_ENCRYPTED_DATA
-            /* An explicit CHOICE [0] tag was not found. Check if we have an
-             * EncryptedData blob. */
-            ret = wc_PKCS7_DecodeEncryptedData(pkcs7, &pkiMsg[pkiIndex],
-                    pkiMsgSz - pkiIndex, output, outputSz);
+        /* An explicit CHOICE [0] tag was not found. Check if we have an
+         * EncryptedData blob. */
+        ret = wc_PKCS7_DecodeEncryptedData(pkcs7, &pkiMsg[pkiIndex],
+                pkiMsgSz - pkiIndex, output, outputSz);
 #else
-            ret = ASN_PARSE_E;
+        ret = ASN_PARSE_E;
 #endif
-        }
-    } while(0);
+    }
 
     return ret;
 }
