Add AES-GCM-SIV AEAD support (RFC 8452)#1
Closed
Rakdos8 wants to merge 1 commit into
Closed
Conversation
Rakdos8
commented
Apr 25, 2026
Rakdos8
commented
- Replaces Fix GH-20851: AES-SIV / AES-GCM-SIV not handled as AEAD in openssl_encrypt php/php-src#21872 (closed)
- Consolidates with Properly initialize AEAD cipher flags in OpenSSL backend php/php-src#20853 as suggested by @jordikroon
- Tests use cipher_tests.inc
jordikroon
reviewed
Apr 25, 2026
| * EVP_CIPH_SIV_MODE (RFC 5297), it takes a single AAD input, so | ||
| * aad_supports_vector stays false. LibreSSL does not currently | ||
| * define this constant. */ | ||
| #ifdef EVP_CIPH_GCM_SIV_MODE |
Owner
There was a problem hiding this comment.
Can you put this below case EVP_CIPH_SIV_MODE? The case will then flow into php_openssl_set_aead_flags without the need to call it once more.
Owner
|
Overall looks good. Thank you for this. Just one bullet once that is addressed and tests will give a green light I will merge it into the PR. |
Builds on the AES-SIV support added in the earlier commits by also
handling EVP_CIPH_GCM_SIV_MODE in php_openssl_load_cipher_mode().
GCM-SIV (OpenSSL >= 3.2, RFC 8452) uses the standard
EVP_CTRL_AEAD_*_TAG controls and falls into the same AEAD switch arm
as SIV. The existing aad_supports_vector = (cipher_mode ==
EVP_CIPH_SIV_MODE) check keeps that flag false for GCM-SIV, since
RFC 8452 takes a single AAD input rather than vector AAD like RFC 5297
SIV. LibreSSL does not currently define EVP_CIPH_GCM_SIV_MODE, hence
the #ifdef guard.
Tests:
- cipher_tests.inc gains aes-256-gcm-siv vectors from RFC 8452
Appendix C.2 (empty plaintext, 8-byte plaintext with and without
AAD).
- openssl_encrypt_gcm_siv.phpt and openssl_decrypt_gcm_siv.phpt
consume those vectors, mirroring the SIV equivalents, and cover
the missing-tag and tampering failure paths.
Rakdos8
force-pushed
the
fix/openssl-aes-gcm-siv-aead-tag
branch
from
2b81ae6 to
c5ff025
Compare
Author
|
Good catch, applied. Falls through into the shared block now, much cleaner — the existing I've seen failed test in the matrix, will see how it goes after this last commit 👍 |
|
I merged other PR as it's independent and ready. Please rebase it and keep just siv gcm and will check this one later. |
Owner
|
Much appreciated. I will close this. Please rebase and target php/php-src master |
jordikroon
pushed a commit
that referenced
this pull request
May 26, 2026
…dict
```
Direct leak of 52 byte(s) in 1 object(s) allocated from:
#0 0x7ff90cd2c161 in malloc (/usr/lib/libasan.so.8+0x12c161) (BuildId: ee5fbab73143ab257a66a33afe0f038a4af7a74e)
#1 0x55de10c9a468 in tracked_malloc /work/php-8.4/Zend/zend_alloc.c:2973
php#2 0x55de10c99443 in _emalloc /work/php-8.4/Zend/zend_alloc.c:2740
php#3 0x55de102deb86 in zlib_create_dictionary_string /work/php-8.4/ext/zlib/zlib.c:836
php#4 0x55de102e145a in zif_deflate_init /work/php-8.4/ext/zlib/zlib.c:1144
php#5 0x55de10dcac6c in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /work/php-8.4/Zend/zend_vm_execute.h:1351
php#6 0x55de10f2d69d in execute_ex /work/php-8.4/Zend/zend_vm_execute.h:58907
php#7 0x55de10f41666 in zend_execute /work/php-8.4/Zend/zend_vm_execute.h:64334
php#8 0x55de110a6cf8 in zend_execute_script /work/php-8.4/Zend/zend.c:1934
php#9 0x55de10af0ddb in php_execute_script_ex /work/php-8.4/main/main.c:2577
php#10 0x55de10af128f in php_execute_script /work/php-8.4/main/main.c:2617
php#11 0x55de110ac5e1 in do_cli /work/php-8.4/sapi/cli/php_cli.c:935
php#12 0x55de110ae592 in main /work/php-8.4/sapi/cli/php_cli.c:1322
php#13 0x7ff90c027740 (/usr/lib/libc.so.6+0x27740) (BuildId: 020d6f7c33b2413f4fe10814c4729dce1387f049)
php#14 0x7ff90c027878 in __libc_start_main (/usr/lib/libc.so.6+0x27878) (BuildId: 020d6f7c33b2413f4fe10814c4729dce1387f049)
php#15 0x55de10005964 in _start (/work/php-8.4/sapi/cli/php+0x605964) (BuildId: 5f144db4e56ea623e070c56445fb1dfa3f8d085d)
SUMMARY: AddressSanitizer: 52 byte(s) leaked in 1 allocation(s).
```
Closes phpGH-22101.
jordikroon
pushed a commit
that referenced
this pull request
May 26, 2026
Depending on the specific PHP configuration, the regex matching for the version number in get_zlib_version() can fail. On master, this results in deprecation warnings and subsequent test borks: ``` Deprecated: version_compare(): Passing null to parameter #1 ($version1) of type string is deprecated in /work/php-src/ext/zlib/tests/gzgetc_basic.skip.php on line 3 [/work/php-src/ext/zlib/tests/gzgetc_basic.phpt] Deprecated: version_compare(): Passing null to parameter #1 ($version1) of type string is deprecated in /work/php-src/ext/zlib/tests/gzgetc_basic_1.skip.php on line 4 ``` Since ZLIB_VERSION is a constant containing the version as a string, remove all this nonsense and just use the constant directly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.