properly initialize AEAD cipher flags in OpenSSL backend

jordikroon · jordikroon · commit 7de1357dde68 · 2026-01-06T23:39:48.000+01:00
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -1637,6 +1637,13 @@ void php_openssl_load_cipher_mode(struct php_openssl_cipher_mode *mode, const EV
 {
 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
+
+	#if defined(EVP_CIPH_FLAG_AEAD_CIPHER)
+		if (EVP_CIPHER_flags(cipher_type) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+			php_openssl_set_aead_flags(mode);
+		}
+	#endif
+
 	switch (cipher_mode) {
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_CCM_MODE:
diff --git a/ext/openssl/tests/gh20851.phpt b/ext/openssl/tests/gh20851.phpt
@@ -0,0 +1,43 @@
+--TEST--
+openssl: AES-256-SIV AEAD tag and AAD roundtrip
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$algo = 'aes-256-siv';
+$key = str_repeat('1', 64);
+$tag = '';
+$input = 'Hello world!';
+
+$ciphertext = openssl_encrypt(
+    'Hello world!',
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '',      // IV is empty for this cipher in PHP
+    $tag     // gets filled with the SIV
+);
+
+echo 'input: ' . $input . PHP_EOL;
+echo 'tag: ' . bin2hex($tag) . PHP_EOL;
+echo 'ciphertext: ' . bin2hex($ciphertext) . PHP_EOL;
+echo 'combined: ' . bin2hex($tag . $ciphertext) . PHP_EOL;
+
+$dec = openssl_decrypt(
+    $ciphertext,
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '',
+    $tag
+);
+
+echo 'decrypted: ' . var_export($dec, true) . PHP_EOL;
+?>
+--EXPECTF--
+input: Hello world!
+tag: f6c98e3e785947502a09994d2757f9c1
+ciphertext: a430a41a9bc089fa45ad27be
+combined: f6c98e3e785947502a09994d2757f9c1a430a41a9bc089fa45ad27be
+decrypted: 'Hello world!'
+
