Fix for setting curve using all caps with wolfSSL_set1_curves_list

Author: JacobBarthelmeh

src/ssl.c

@@ -16944,7 +16944,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
                 goto leave;
             }
 
-            eccSet = wc_ecc_get_curve_params(ret);
+            eccSet = wc_ecc_get_curve_params(nret);
             if (eccSet == NULL) {
                 WOLFSSL_MSG("NULL set returned");
                 goto leave;

tests/api/test_tls13.c

@@ -3186,3 +3186,47 @@ int test_tls13_cert_req_sigalgs(void)
     return EXPECT_RESULT();
 }
 
+/* Test that set_curves_list correctly resolves ECC curve names that fall
+ * through the kNistCurves table and reach the wc_ecc_get_curve_idx_from_name
+ * fallback path.  The kNistCurves lookup uses a case-sensitive XSTRNCMP, so
+ * uppercase names like "SECP384R1" do not match the lowercase "secp384r1"
+ * entry; they fall through to the wolfCrypt ECC look-up which uses
+ * XSTRCASECMP. */
+int test_set_curves_list_ecc_fallback(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
+    (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
+    ECC_MIN_KEY_SZ <= 384
+#ifndef NO_WOLFSSL_CLIENT
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+
+    /* "SECP384R1" (uppercase) is NOT in kNistCurves (case-sensitive table),
+     * so set_curves_list must use the wc_ecc_get_curve_idx_from_name fallback.
+     */
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+
+    /* CTX-level: set single curve via its wolfCrypt name (uppercase) */
+    ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "SECP384R1"),
+                WOLFSSL_SUCCESS);
+
+    /* Verify the correct curve was stored, not ecc_sets[0] */
+    ExpectIntEQ(ctx->numGroups, 1);
+    ExpectIntEQ(ctx->group[0], WOLFSSL_ECC_SECP384R1);
+
+    /* SSL-level: same check via wolfSSL_set1_curves_list */
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+    ExpectIntEQ(wolfSSL_set1_curves_list(ssl, "SECP384R1"), WOLFSSL_SUCCESS);
+    ExpectIntEQ(ssl->numGroups, 1);
+    ExpectIntEQ(ssl->group[0], WOLFSSL_ECC_SECP384R1);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif /* NO_WOLFSSL_CLIENT */
+#endif
+    return EXPECT_RESULT();
+}
+

tests/api/test_tls13.h

@@ -39,6 +39,7 @@ int test_key_share_mismatch(void);
 int test_tls13_middlebox_compat_empty_session_id(void);
 int test_tls13_plaintext_alert(void);
 int test_tls13_cert_req_sigalgs(void);
+int test_set_curves_list_ecc_fallback(void);
 
 #define TEST_TLS13_DECLS                                        \
     TEST_DECL_GROUP("tls13", test_tls13_apis),                  \
@@ -55,6 +56,7 @@ int test_tls13_cert_req_sigalgs(void);
     TEST_DECL_GROUP("tls13", test_key_share_mismatch),          \
     TEST_DECL_GROUP("tls13", test_tls13_middlebox_compat_empty_session_id), \
     TEST_DECL_GROUP("tls13", test_tls13_plaintext_alert),       \
-    TEST_DECL_GROUP("tls13", test_tls13_cert_req_sigalgs)
+    TEST_DECL_GROUP("tls13", test_tls13_cert_req_sigalgs),      \
+    TEST_DECL_GROUP("tls13", test_set_curves_list_ecc_fallback)
 
 #endif /* WOLFCRYPT_TEST_TLS13_H */