From 4f3c55988ba04c45d749f9f43ccb096be1bd47cf Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 15 Sep 2021 12:50:04 -0400 Subject: [PATCH 1/4] We were ignoring the last character of the group name. --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 26bfa28b7..9f1d5eff1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -49189,7 +49189,7 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) if (names[idx] != ':' && names[idx] != '\0') continue; - len = idx - 1 - start; + len = idx - start; if (len > MAX_CURVE_NAME_SZ - 1) return WOLFSSL_FAILURE; From 07656e371c09b260e857d6a2008fd51b73c026bf Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 15 Sep 2021 16:29:55 -0400 Subject: [PATCH 2/4] Parameter sanity check and a unit test. --- src/ssl.c | 5 +++++ tests/api.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 9f1d5eff1..dfbaead0d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -49183,6 +49183,11 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) word16 curve; char name[MAX_CURVE_NAME_SZ]; + if (ctx == NULL || names == NULL) { + WOLFSSL_MSG("ctx or names was NULL"); + return WOLFSSL_FAILURE; + } + /* Disable all curves so that only the ones the user wants are enabled. */ ctx->disabledCurves = 0xFFFFFFFFUL; for (idx = 1; names[idx-1] != '\0'; idx++) { diff --git a/tests/api.c b/tests/api.c index 30d699f2d..109d1a38b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33073,6 +33073,37 @@ static void test_wolfSSL_sk_SSL_CIPHER(void) !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } +static void test_wolfSSL_set1_curves_list(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) + SSL* ssl; + SSL_CTX* ctx; + +#ifndef NO_WOLFSSL_SERVER + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + + AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS); + + AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE); + AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE); + AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS); + + SSL_free(ssl); + SSL_CTX_free(ctx); + + printf(resultFmt, passed); +#endif +} + static void test_wolfSSL_set1_sigalgs_list(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) @@ -48696,6 +48727,7 @@ void ApiTest(void) #endif test_wolfSSL_set_options(); test_wolfSSL_sk_SSL_CIPHER(); + test_wolfSSL_set1_curves_list(); test_wolfSSL_set1_sigalgs_list(); test_wolfSSL_PKCS7_certs(); test_wolfSSL_X509_STORE_CTX(); From 79cc6be806923936d953fa14616b7a92aaca6eeb Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Fri, 17 Sep 2021 15:50:06 -0400 Subject: [PATCH 3/4] Make jenkins happy --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 109d1a38b..5b5d1a8bb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33075,7 +33075,7 @@ static void test_wolfSSL_sk_SSL_CIPHER(void) static void test_wolfSSL_set1_curves_list(void) { -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if defined(OPENSSL_EXTRA) && defined(HAVE_RSA) SSL* ssl; SSL_CTX* ctx; From c733be728f0c81688d08c0005885574eacaf10f1 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Mon, 20 Sep 2021 08:37:56 -0400 Subject: [PATCH 4/4] Trivial change to re-trigger jenkins. --- tests/api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index 5b5d1a8bb..9cdb64686 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33076,8 +33076,8 @@ static void test_wolfSSL_sk_SSL_CIPHER(void) static void test_wolfSSL_set1_curves_list(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_RSA) - SSL* ssl; - SSL_CTX* ctx; + SSL* ssl = NULL; + SSL_CTX* ctx = NULL; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));