Merge pull request #9863 from JacobBarthelmeh/f361

Fix for setting curve using all caps with wolfSSL_set1_curves_list
This commit is contained in:
Daniel Pouzzner
2026-03-10 19:29:46 -05:00
committed by GitHub
3 changed files with 49 additions and 2 deletions
+1 -1
View File
@@ -16957,7 +16957,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
goto leave;
}
eccSet = wc_ecc_get_curve_params(ret);
eccSet = wc_ecc_get_curve_params(nret);
if (eccSet == NULL) {
WOLFSSL_MSG("NULL set returned");
goto leave;
+45
View File
@@ -30,6 +30,7 @@
#include <tests/utils.h>
#include <tests/api/test_tls.h>
#include <wolfssl/internal.h>
int test_utils_memio_move_message(void)
@@ -723,3 +724,47 @@ int test_tls12_no_null_compression(void)
return EXPECT_RESULT();
}
/* Test that set_curves_list correctly resolves ECC curve names that fall
* through the kNistCurves table and reach the wc_ecc_get_curve_idx_from_name
* fallback path. The kNistCurves lookup uses a case-sensitive XSTRNCMP, so
* uppercase names like "SECP384R1" do not match the lowercase "secp384r1"
* entry; they fall through to the wolfCrypt ECC look-up which uses
* XSTRCASECMP. */
int test_tls_set_curves_list_ecc_fallback(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) && \
(defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
(defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 384
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
/* "SECP384R1" (uppercase) is NOT in kNistCurves (case-sensitive table),
* so set_curves_list must use the wc_ecc_get_curve_idx_from_name fallback.
*/
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
/* CTX-level: set single curve via its wolfCrypt name (uppercase) */
ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "SECP384R1"),
WOLFSSL_SUCCESS);
/* Verify the correct curve was stored, not ecc_sets[0] */
ExpectIntEQ(ctx->numGroups, 1);
ExpectIntEQ(ctx->group[0], WOLFSSL_ECC_SECP384R1);
/* SSL-level: same check via wolfSSL_set1_curves_list */
ExpectNotNull(ssl = wolfSSL_new(ctx));
ExpectIntEQ(wolfSSL_set1_curves_list(ssl, "SECP384R1"), WOLFSSL_SUCCESS);
ExpectIntEQ(ssl->numGroups, 1);
ExpectIntEQ(ssl->group[0], WOLFSSL_ECC_SECP384R1);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* NO_WOLFSSL_CLIENT */
#endif
return EXPECT_RESULT();
}
+3 -1
View File
@@ -30,6 +30,7 @@ int test_tls13_curve_intersection(void);
int test_tls_certreq_order(void);
int test_tls12_bad_cv_sig_alg(void);
int test_tls12_no_null_compression(void);
int test_tls_set_curves_list_ecc_fallback(void);
#define TEST_TLS_DECLS \
TEST_DECL_GROUP("tls", test_utils_memio_move_message), \
@@ -39,6 +40,7 @@ int test_tls12_no_null_compression(void);
TEST_DECL_GROUP("tls", test_tls13_curve_intersection), \
TEST_DECL_GROUP("tls", test_tls_certreq_order), \
TEST_DECL_GROUP("tls", test_tls12_bad_cv_sig_alg), \
TEST_DECL_GROUP("tls", test_tls12_no_null_compression)
TEST_DECL_GROUP("tls", test_tls12_no_null_compression), \
TEST_DECL_GROUP("tls", test_tls_set_curves_list_ecc_fallback)
#endif /* TESTS_API_TEST_TLS_H */