-
Notifications
You must be signed in to change notification settings - Fork 8k
Properly initialize AEAD cipher flags in OpenSSL backend #20853
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
2cff66b to
7de1357
Compare
jordikroon
commented
Jan 7, 2026
Please review commits 1 by 1 since I am not sure if the change from string $aad = "" to ?string $aad = "" is acceptable.
The first commit only fixes SIV Synthetic Initialization Vector where it generates its own IV. It was not respected.
The second commit allows AAD to be null since it behaves differently than when only an empty string is given. The matches other implementations like cryptography in python.
@bukka
bukka
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks reasonable. Just some minor things really.
@bukka
bukka
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good now. It would be just nice to convert the test so it's consistent with other AEAD tests.
Uh oh!
There was an error while loading. Please reload this page.
Fixes #20851
Add support for AEAD ciphers like AES-SIV by detecting and initializing AEAD flags during cipher mode loading.
Includes test case for AES-256-SIV encryption/decryption roundtrip.