mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 01:20:50 +02:00
94bed7e7c2
The cipher property helpers (SSL_CIPHER_get_kx_nid / get_auth_nid / get_cipher_nid / get_digest_nid / is_aead) parse the cipher name looked up via cipher->offset in GetCipherSegment(). That offset is only populated when the cipher is obtained through wolfSSL_get_ciphers_compat() (SSL_get_ciphers()). When the cipher comes from SSL_get_current_cipher(), offset is left at 0, so these helpers parsed cipher_names[0] (a TLS 1.3 suite) instead of the negotiated cipher - e.g. returning NID_kx_any for a plain PSK suite while SSL_CIPHER_get_name() (which uses the suite bytes) reported the correct name. Resolve the cipher_names entry from the always-populated suite bytes in GetCipherSegment(), falling back to cipher->offset when no match is found. Also add the missing plain "PSK" -> NID_kx_psk entry to the kx lookup table so PSK suites report NID_kx_psk instead of NID_undef. Add a regression test that drives the SSL_get_current_cipher() path for TLS_PSK_WITH_AES_128_GCM_SHA256 and checks all five property helpers.
Before creating any new configure files (.conf) read the CONF_FILES_README.md