From d8c53534662367e6264cf92998fc8a724c40d18d Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 16 Jan 2020 13:21:14 -0700
Subject: [PATCH] adjust set1 curves list function for TLS extension sent

---
 src/ssl.c      | 30 ++++++++++++++++++++++++++----
 wolfssl/test.h |  4 ++--
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index a04a10bbf..74efe13ea 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -44376,7 +44376,7 @@ void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **
 int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
 {
     int idx, start = 0, len;
-    int curve;
+    word16 curve;
     char name[MAX_CURVE_NAME_SZ];
 
     /* Disable all curves so that only the ones the user wants are enabled. */
@@ -44405,13 +44405,35 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
                                           (XSTRNCMP(name, "P-521", len) == 0)) {
             curve = WOLFSSL_ECC_SECP521R1;
         }
-        else if (XSTRNCMP(name, "X25519", len) == 0)
+        else if (XSTRNCMP(name, "X25519", len) == 0) {
             curve = WOLFSSL_ECC_X25519;
-        else if ((curve = wc_ecc_get_curve_id_from_name(name)) < 0)
+        }
+        else {
+            int ret = wc_ecc_get_curve_id_from_name(name);
+            if (ret < 0) {
+                return WOLFSSL_FAILURE;
+            }
+            curve = (word16)ret;
+        }
+
+        if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) {
+            /* shift left more than size of ctx->disabledCurves causes static
+             * analysis report */
+            WOLFSSL_MSG("curve value is too large for upcoming shift");
             return WOLFSSL_FAILURE;
+        }
+
+    #ifndef NO_WOLFSSL_CLIENT
+        /* set the supported curve so client TLS extension contains only the
+         * desired curves */
+        if (wolfSSL_CTX_UseSupportedCurve(ctx, curve) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Unable to set supported curve");
+            return WOLFSSL_FAILURE;
+        }
+    #endif
 
         /* Switch the bit to off and therefore is enabled. */
-        ctx->disabledCurves &= ~(1 << curve);
+        ctx->disabledCurves &= ~(1U << curve);
         start = idx + 1;
     }
 
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 221899a41..d48e30327 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -489,8 +489,8 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
         if (myoptind == 0)
             myoptind++;
 
-        if (myoptind >= argc || argv[myoptind][0] != '-' ||
-                                argv[myoptind][1] == '\0') {
+        if (myoptind >= argc || argv[myoptind] == NULL ||
+                argv[myoptind][0] != '-' || argv[myoptind][1] == '\0') {
             myoptarg = NULL;
             if (myoptind < argc)
                 myoptarg = argv[myoptind];