From 26ca919ab9987255da69689b5140e6a375f95d4b Mon Sep 17 00:00:00 2001
From: Colton Willey <colton@wolfssl.com>
Date: Wed, 18 Dec 2024 13:49:33 -0800
Subject: [PATCH] Modify pkcs8 decoder to properly allow fallback decoding on
 failure

---
 src/wp_dec_epki2pki.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/wp_dec_epki2pki.c b/src/wp_dec_epki2pki.c
index f896b84..d020f62 100644
--- a/src/wp_dec_epki2pki.c
+++ b/src/wp_dec_epki2pki.c
@@ -192,6 +192,7 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
     word32 len = 0;
     char password[1024];
     size_t passwordLen;
+    word32 tradIdx = 0;
 
     (void)ctx;
     (void)selection;
@@ -204,6 +205,11 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
     else if (data == NULL) {
         done = 1;
     }
+    if (wc_GetPkcs8TraditionalOffset(data, &tradIdx, (word32)len) <= 0) {
+        /* This is not PKCS8, we are done */
+        done = 1;
+        ok = 1;
+    }
     if ((!done) && ok && (!pwCb(password, sizeof(password), &passwordLen, NULL,
             pwCbArg))) {
         done = 1;