From 42a29d56812fdf1a434f9093eaefa5634c1beb2e Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Mon, 17 Mar 2025 11:39:41 +0000
Subject: [PATCH] [crypto] Update cmsdetach to work with python-asn1 version
 3.0.0

The python-asn1 documentation indicates that end of file may be
detected either by obtaining a True value from .eof() or by obtaining
a None value from .peek(), but does not mention any way to detect the
end of a constructed tag (rather than the end of the overall file).
We currently use .eof() to detect the end of a constructed tag, based
on the observed behaviour of the library.

The behaviour of .eof() changed between versions 2.8.0 and 3.0.0, such
that .eof() no longer returns True at the end of a constructed tag.

Switch to testing for a None value returned from .peek() to determine
when we have reached the end of a constructed tag, since this works on
both newer and older versions.

Continue to treat .eof() as a necessary but not sufficient condition
for reaching the overall end of file, to maintain compatibility with
older versions.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 contrib/crypto/cmsdetach | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/contrib/crypto/cmsdetach b/contrib/crypto/cmsdetach
index 007500996..fdd888958 100755
--- a/contrib/crypto/cmsdetach
+++ b/contrib/crypto/cmsdetach
@@ -47,22 +47,21 @@ datastack = [
 ]
 stack = []
 while stack or not decoder.eof():
-    if decoder.eof():
+    tag = decoder.peek()
+    if tag is None:
         encoder.leave()
         decoder.leave()
         stack.pop()
+    elif tag.typ == asn1.Types.Constructed:
+        encoder.enter(nr=tag.nr, cls=tag.cls)
+        decoder.enter()
+        stack.append(tag.nr)
     else:
-        tag = decoder.peek()
-        if tag.typ == asn1.Types.Constructed:
-            encoder.enter(nr=tag.nr, cls=tag.cls)
-            decoder.enter()
-            stack.append(tag.nr)
+        (tag, value) = decoder.read()
+        if stack == datastack and tag.nr == 0:
+            data = value
         else:
-            (tag, value) = decoder.read()
-            if stack == datastack and tag.nr == 0:
-                data = value
-            else:
-                encoder.write(value, nr=tag.nr, cls=tag.cls)
+            encoder.write(value, nr=tag.nr, cls=tag.cls)
 envelope = encoder.output()
 if data is None:
     parser.error("Input file does not contain any encrypted data")