From 73c286ae46b3d647e42326079efbf27b135d3d22 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Fri, 18 Apr 2025 16:02:46 -0600
Subject: [PATCH] fix possible null dereference, CID 518681

---
 src/ssl_load.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl_load.c b/src/ssl_load.c
index d3a64f59e..6f11a029a 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -1112,7 +1112,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         matchAnyKey = 1;
     }
 #ifdef WC_RSA_PSS
-    if(*keyFormat == RSAPSSk) {
+    if((ret == 0) && (*keyFormat == RSAPSSk)) {
         /*
             Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK),
             and to detect that the der is RSAPSSk (when *keyFormat == 0).