Modify pkcs8 decoder to properly allow fallback decoding on failure

wolfSSL · Dec 18, 2024 · 26ca919 · 26ca919
1 parent a578b6f
commit 26ca919
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/wp_dec_epki2pki.c b/src/wp_dec_epki2pki.c
@@ -192,6 +192,7 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
     word32 len = 0;
     char password[1024];
     size_t passwordLen;
+    word32 tradIdx = 0;
 
     (void)ctx;
     (void)selection;
@@ -204,6 +205,11 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
     else if (data == NULL) {
         done = 1;
     }
+    if (wc_GetPkcs8TraditionalOffset(data, &tradIdx, (word32)len) <= 0) {
+        /* This is not PKCS8, we are done */
+        done = 1;
+        ok = 1;
+    }
     if ((!done) && ok && (!pwCb(password, sizeof(password), &passwordLen, NULL,
             pwCbArg))) {
         done = 1;