Merge pull request #9863 from JacobBarthelmeh/f361

Fix for setting curve using all caps with wolfSSL_set1_curves_list

Author: douzzer

src/ssl.c

@@ -16957,7 +16957,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
                 goto leave;
             }
 
-            eccSet = wc_ecc_get_curve_params(ret);
+            eccSet = wc_ecc_get_curve_params(nret);
             if (eccSet == NULL) {
                 WOLFSSL_MSG("NULL set returned");
                 goto leave;

tests/api/test_tls.c

@@ -30,6 +30,7 @@
 
 #include <tests/utils.h>
 #include <tests/api/test_tls.h>
+#include <wolfssl/internal.h>
 
 
 int test_utils_memio_move_message(void)
@@ -723,3 +724,47 @@ int test_tls12_no_null_compression(void)
     return EXPECT_RESULT();
 }
 
+/* Test that set_curves_list correctly resolves ECC curve names that fall
+ * through the kNistCurves table and reach the wc_ecc_get_curve_idx_from_name
+ * fallback path.  The kNistCurves lookup uses a case-sensitive XSTRNCMP, so
+ * uppercase names like "SECP384R1" do not match the lowercase "secp384r1"
+ * entry; they fall through to the wolfCrypt ECC look-up which uses
+ * XSTRCASECMP. */
+int test_tls_set_curves_list_ecc_fallback(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
+    (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
+    ECC_MIN_KEY_SZ <= 384
+#ifndef NO_WOLFSSL_CLIENT
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+
+    /* "SECP384R1" (uppercase) is NOT in kNistCurves (case-sensitive table),
+     * so set_curves_list must use the wc_ecc_get_curve_idx_from_name fallback.
+     */
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+
+    /* CTX-level: set single curve via its wolfCrypt name (uppercase) */
+    ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "SECP384R1"),
+                WOLFSSL_SUCCESS);
+
+    /* Verify the correct curve was stored, not ecc_sets[0] */
+    ExpectIntEQ(ctx->numGroups, 1);
+    ExpectIntEQ(ctx->group[0], WOLFSSL_ECC_SECP384R1);
+
+    /* SSL-level: same check via wolfSSL_set1_curves_list */
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+    ExpectIntEQ(wolfSSL_set1_curves_list(ssl, "SECP384R1"), WOLFSSL_SUCCESS);
+    ExpectIntEQ(ssl->numGroups, 1);
+    ExpectIntEQ(ssl->group[0], WOLFSSL_ECC_SECP384R1);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif /* NO_WOLFSSL_CLIENT */
+#endif
+    return EXPECT_RESULT();
+}
+

tests/api/test_tls.h

@@ -30,6 +30,7 @@ int test_tls13_curve_intersection(void);
 int test_tls_certreq_order(void);
 int test_tls12_bad_cv_sig_alg(void);
 int test_tls12_no_null_compression(void);
+int test_tls_set_curves_list_ecc_fallback(void);
 
 #define TEST_TLS_DECLS                                                         \
         TEST_DECL_GROUP("tls", test_utils_memio_move_message),                 \
@@ -39,6 +40,7 @@ int test_tls12_no_null_compression(void);
         TEST_DECL_GROUP("tls", test_tls13_curve_intersection),                 \
         TEST_DECL_GROUP("tls", test_tls_certreq_order),                        \
         TEST_DECL_GROUP("tls", test_tls12_bad_cv_sig_alg),                     \
-        TEST_DECL_GROUP("tls", test_tls12_no_null_compression)
+        TEST_DECL_GROUP("tls", test_tls12_no_null_compression),                \
+        TEST_DECL_GROUP("tls", test_tls_set_curves_list_ecc_fallback)
 
 #endif /* TESTS_API_TEST_TLS_H */