adjust set1 curves list function for TLS extension sent

2020-01-16 13:21:14 -07:00
parent 6b4551c012
commit d8c5353466
2 changed files with 28 additions and 6 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -44376,7 +44376,7 @@ void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **
 int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
 {
    int idx, start = 0, len;
-    int curve;
+    word16 curve;
    char name[MAX_CURVE_NAME_SZ];

    /* Disable all curves so that only the ones the user wants are enabled. */
@@ -44405,13 +44405,35 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
                                          (XSTRNCMP(name, "P-521", len) == 0)) {
            curve = WOLFSSL_ECC_SECP521R1;
        }
-        else if (XSTRNCMP(name, "X25519", len) == 0)
+        else if (XSTRNCMP(name, "X25519", len) == 0) {
            curve = WOLFSSL_ECC_X25519;
-        else if ((curve = wc_ecc_get_curve_id_from_name(name)) < 0)
+        }
+        else {
+            int ret = wc_ecc_get_curve_id_from_name(name);
+            if (ret < 0) {
+                return WOLFSSL_FAILURE;
+            }
+            curve = (word16)ret;
+        }
+
+        if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) {
+            /* shift left more than size of ctx->disabledCurves causes static
+             * analysis report */
+            WOLFSSL_MSG("curve value is too large for upcoming shift");
            return WOLFSSL_FAILURE;
+        }
+
+    #ifndef NO_WOLFSSL_CLIENT
+        /* set the supported curve so client TLS extension contains only the
+         * desired curves */
+        if (wolfSSL_CTX_UseSupportedCurve(ctx, curve) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Unable to set supported curve");
+            return WOLFSSL_FAILURE;
+        }
+    #endif

        /* Switch the bit to off and therefore is enabled. */
-        ctx->disabledCurves &= ~(1 << curve);
+        ctx->disabledCurves &= ~(1U << curve);
        start = idx + 1;
    }

--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -489,8 +489,8 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
        if (myoptind == 0)
            myoptind++;

-        if (myoptind >= argc || argv[myoptind][0] != '-' ||
-                                argv[myoptind][1] == '\0') {
+        if (myoptind >= argc || argv[myoptind] == NULL ||
+                argv[myoptind][0] != '-' || argv[myoptind][1] == '\0') {
            myoptarg = NULL;
            if (myoptind < argc)
                myoptarg = argv[myoptind];