Update tests and introduce aad_supports_vector

jordikroon · jordikroon · commit 8ebc8fc3214c · 2026-01-13T21:52:16.000+01:00
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -1644,6 +1644,7 @@ void php_openssl_load_cipher_mode(struct php_openssl_cipher_mode *mode, const EV
 		/* We check for EVP_CIPH_SIV_MODE and EVP_CIPH_SIV_MODE, because LibreSSL does not support it. */
 #ifdef EVP_CIPH_SIV_MODE
 		case EVP_CIPH_SIV_MODE:
+			mode->aad_supports_vector = true;
 #endif
 #ifdef EVP_CIPH_OCB_MODE
 		case EVP_CIPH_OCB_MODE:
@@ -1795,6 +1796,12 @@ zend_result php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 {
 	int i = 0;
 
+	/* For AEAD modes that do not support vector AAD, treat NULL AAD as zero-length AAD */
+	if (!mode->aad_supports_vector && aad == NULL) {
+		aad_len = 0;
+		aad = "";
+	}
+
 	if (mode->is_single_run_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Setting of data length failed");
diff --git a/ext/openssl/php_openssl_backend.h b/ext/openssl/php_openssl_backend.h
@@ -348,6 +348,7 @@ struct php_openssl_cipher_mode {
 	bool is_single_run_aead;
 	bool set_tag_length_always;
 	bool set_tag_length_when_encrypting;
+	bool aad_supports_vector;
 	int aead_get_tag_flag;
 	int aead_set_tag_flag;
 	int aead_ivlen_flag;
diff --git a/ext/openssl/tests/cipher_tests.inc b/ext/openssl/tests/cipher_tests.inc
@@ -160,6 +160,59 @@ $php_openssl_cipher_tests = array(
             'ct'  => '1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1A0124B0A55BAE884ED93481529C76B6A',
         ),
     ),
+    'aes-128-siv' => array(
+        array(
+            'key' => 'fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0' .
+                     '0f0e0d0c0b0a09080706050403020100',
+            'iv'  => '',
+            'aad' => '',
+            'tag' => 'baba5b99dfc42fa9810fb2eb71ac2e9c',
+            'pt'  => 'b1677d933fa706f7ef349f9dd569c028' .
+                     '279a5e2219728e77cfe916d5db979942' .
+                     '5d8fb93b0e26dbc85ed14c050dc9f054' .
+                     'd9153c2be1e9b99ae7a109aba1e5a7f1' .
+                     'f2131786da90fe998d3571c144d066c3',
+            'ct'  => '91416054151e844965ad20a2057e2baa' .
+                     '0e785269b152ba9d4dc834777e0d5376' .
+                     'db611856ae0d5d826f446c8eef47acb4' .
+                     '83dccb37da9481648a4907fd3d65335b' .
+                     'd9585361c0c1834ac2b975f3238ea7c6',
+       ),
+       array(
+            'key' => 'fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0' .
+                     '0f0e0d0c0b0a09080706050403020100',
+            'iv'  => '',
+            'aad' => null,
+            'tag' => '606ac96568128a278b02e3e04de97b7e',
+            'pt'  => 'ea597a2f9fb0b5c4d5a6f215047b58a3' .
+                     '3d2c885bf67cbb09239239f5aecafd6f' .
+                     'd2401391154b024b05cd938b40fdc749' .
+                     'ebccb3f48a3156c0bad69cfc5035360d' .
+                     '21ad626dc866cc539f2d0e34b6824fc3',
+            'ct'  => '9c75fa0345b35e2d6cbcc91ed3fc7feb' .
+                     '84fea50c35766db0c847fb627385107b' .
+                     '4f257548d8b80ccd04261fa651fb89cc' .
+                     'e6815ecf0c8c4586ce68544ddce4c3af' .
+                     '01e9587282256569194b1dca788fd987',
+       ),
+       array(
+            'key' => 'fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0' .
+                     '0f0e0d0c0b0a09080706050403020100',
+            'iv'  => '',
+            'aad' => 'c0ef488e684e6fc95e0bd1da59861259',
+            'tag' => 'a24cd6dcc0791bd7719a7f4fcb16de81',
+            'pt'  => 'b1677d933fa706f7ef349f9dd569c028' .
+                     '279a5e2219728e77cfe916d5db979942' .
+                     '5d8fb93b0e26dbc85ed14c050dc9f054' .
+                     'd9153c2be1e9b99ae7a109aba1e5a7f1' .
+                     'f2131786da90fe998d3571c144d066c3',
+            'ct'  => 'ea597a2f9fb0b5c4d5a6f215047b58a3' .
+                     '3d2c885bf67cbb09239239f5aecafd6f' .
+                     'd2401391154b024b05cd938b40fdc749' .
+                     'ebccb3f48a3156c0bad69cfc5035360d' .
+                     '21ad626dc866cc539f2d0e34b6824fc3',
+       ),
+    ),
     'chacha20-poly1305' => array(
         array(
             'key' => '808182838485868788898a8b8c8d8e8f' .
diff --git a/ext/openssl/tests/gh20851_aad_empty.phpt b/ext/openssl/tests/gh20851_aad_empty.phpt
diff --git a/ext/openssl/tests/gh20851_aad_null.phpt b/ext/openssl/tests/gh20851_aad_null.phpt
diff --git a/ext/openssl/tests/openssl_decrypt_siv.phpt b/ext/openssl/tests/openssl_decrypt_siv.phpt
@@ -0,0 +1,43 @@
+--TEST--
+openssl_decrypt() with SIV cipher algorithm tests
+--EXTENSIONS--
+openssl
+--SKIPIF--
+<?php
+if (!in_array('aes-128-siv', openssl_get_cipher_methods()))
+    die("skip: aes-128-siv not available");
+?>
+--FILE--
+<?php
+require_once __DIR__ . "/cipher_tests.inc";
+$method = 'aes-128-siv';
+$tests = openssl_get_cipher_tests($method);
+
+foreach ($tests as $idx => $test) {
+    echo "TEST $idx\n";
+    $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA,
+        $test['iv'], $test['tag'], $test['aad']);
+    var_dump($test['pt'] === $pt);
+}
+
+// failed because no AAD
+echo "TEST AAD\n";
+var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA,
+    $test['iv'], $test['tag']));
+// failed because wrong tag
+echo "TEST WRONGTAG\n";
+var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA,
+    $test['iv'], str_repeat('x', 16), $test['aad']));
+
+?>
+--EXPECTF--
+TEST 0
+bool(true)
+TEST 1
+bool(true)
+TEST 2
+bool(true)
+TEST AAD
+bool(false)
+TEST WRONGTAG
+bool(false)
diff --git a/ext/openssl/tests/openssl_encrypt_siv.phpt b/ext/openssl/tests/openssl_encrypt_siv.phpt
@@ -0,0 +1,51 @@
+--TEST--
+openssl_encrypt() with SIV cipher algorithm tests
+--EXTENSIONS--
+openssl
+--SKIPIF--
+<?php
+if (!in_array('aes-128-siv', openssl_get_cipher_methods()))
+	die("skip: aes-128-siv not available");
+?>
+--FILE--
+<?php
+require_once __DIR__ . "/cipher_tests.inc";
+$method = 'aes-128-siv';
+$tests = openssl_get_cipher_tests($method);
+
+foreach ($tests as $idx => $test) {
+    echo "TEST $idx\n";
+    $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA,
+        $test['iv'], $tag, $test['aad'], strlen($test['tag']));
+    var_dump($test['ct'] === $ct);
+    var_dump($test['tag'] === $tag);
+}
+
+// Empty tag should not be equivalent to null tag
+echo "TEST AAD\n";
+var_dump(openssl_encrypt('data', $method, 'password', 0, '', $tag, '') !== openssl_encrypt('data', $method, 'password', 0, '', $tag, null));
+
+// Failing to retrieve tag (max is 16 bytes)
+var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 32), $tag, '', 20));
+
+// Failing when no tag supplied
+var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 32)));
+?>
+--EXPECTF--
+TEST 0
+bool(true)
+bool(true)
+TEST 1
+bool(true)
+bool(true)
+TEST 2
+bool(true)
+bool(true)
+TEST AAD
+bool(true)
+
+Warning: openssl_encrypt(): Retrieving verification tag failed in %s on line %d
+bool(false)
+
+Warning: openssl_encrypt(): A tag should be provided when using AEAD mode in %s on line %d
+bool(false)
