SSL: Loading bad private key

SparkiDev · SparkiDev · commit b53cc0e98c36 · 2024-02-28T21:47:45.000+10:00
Fix ProcessBufferTryDecodeRsa and ProcessBufferTryDecodeEcc to only
clear error when key format isn't known.
diff --git a/src/ssl.c b/src/ssl.c
@@ -6543,7 +6543,10 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                     "not enabled to try");
         ret = WOLFSSL_BAD_FILE;
     #else
-        ret = 0; /* continue trying other algorithms */
+        if (*keyFormat == 0) {
+            /* Format unknown so keep trying. */
+            ret = 0; /* continue trying other algorithms */
+        }
     #endif
     }
     else {
@@ -6616,7 +6619,10 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                         "not enabled to try");
             ret = WOLFSSL_BAD_FILE;
         #else
-            ret = 0; /* continue trying other algorithms */
+            if (*keyFormat == 0) {
+                /* Format unknown so keep trying. */
+                ret = 0; /* continue trying other algorithms */
+            }
         #endif
         }
         else {
@@ -6728,7 +6734,7 @@ static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 *resetSuites = 1;
             }
         }
-        else {
+        else if (*keyFormat == 0) {
             ret = 0; /* continue trying other algorithms */
         }
 
@@ -6809,7 +6815,7 @@ static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 }
             }
         }
-        else {
+        else if (*keyFormat == 0) {
             ret = 0; /* continue trying other algorithms */
         }
 

Original file line number	Diff line number	Diff line change
`@@ -6543,7 +6543,10 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,`
`6543`	`6543`	`"not enabled to try");`
`6544`	`6544`	`ret = WOLFSSL_BAD_FILE;`
`6545`	`6545`	`#else`
`6546`		`- ret = 0; /* continue trying other algorithms */`
	`6546`	`+ if (*keyFormat == 0) {`
	`6547`	`+ /* Format unknown so keep trying. */`
	`6548`	`+ ret = 0; /* continue trying other algorithms */`
	`6549`	`+ }`
`6547`	`6550`	`#endif`
`6548`	`6551`	`}`
`6549`	`6552`	`else {`
`@@ -6616,7 +6619,10 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,`
`6616`	`6619`	`"not enabled to try");`
`6617`	`6620`	`ret = WOLFSSL_BAD_FILE;`
`6618`	`6621`	`#else`
`6619`		`- ret = 0; /* continue trying other algorithms */`
	`6622`	`+ if (*keyFormat == 0) {`
	`6623`	`+ /* Format unknown so keep trying. */`
	`6624`	`+ ret = 0; /* continue trying other algorithms */`
	`6625`	`+ }`
`6620`	`6626`	`#endif`
`6621`	`6627`	`}`
`6622`	`6628`	`else {`
`@@ -6728,7 +6734,7 @@ static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,`
`6728`	`6734`	`*resetSuites = 1;`
`6729`	`6735`	`}`
`6730`	`6736`	`}`
`6731`		`- else {`
	`6737`	`+ else if (*keyFormat == 0) {`
`6732`	`6738`	`ret = 0; /* continue trying other algorithms */`
`6733`	`6739`	`}`
`6734`	`6740`
`@@ -6809,7 +6815,7 @@ static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,`
`6809`	`6815`	`}`
`6810`	`6816`	`}`
`6811`	`6817`	`}`
`6812`		`- else {`
	`6818`	`+ else if (*keyFormat == 0) {`
`6813`	`6819`	`ret = 0; /* continue trying other algorithms */`
`6814`	`6820`	`}`
`6815`	`6821`