fix test attempt

devnexen · devnexen · commit c0eecd57d954 · 2026-05-29T22:28:51.000+01:00
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -7947,7 +7947,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 	}
 
 #ifdef EVP_CIPH_WRAP_MODE
-	if ((EVP_CIPHER_flags(cipher_type) & EVP_CIPH_MODE) == EVP_CIPH_WRAP_MODE) {
+	if ((EVP_CIPHER_mode(cipher_type)) == EVP_CIPH_WRAP_MODE) {
 		/*
 		 * RFC 5649 wrap-with-padding rounds the input up to the block size
 		 * and prepends an integrity block, we reserve one extra block.
diff --git a/ext/openssl/tests/gh22186.phpt b/ext/openssl/tests/gh22186.phpt
@@ -4,8 +4,12 @@ GH-22186 (Heap buffer overflow in openssl_encrypt with AES-WRAP-PAD)
 openssl
 --SKIPIF--
 <?php
-if (!in_array('aes-128-wrap-pad', openssl_get_cipher_methods(), true)) {
-    die('skip aes-128-wrap-pad not available');
+/* openssl_get_cipher_methods() enumerates provider ciphers, but openssl_encrypt()
+ * resolves names via the legacy EVP_get_cipherbyname(), so on some builds the
+ * cipher is listed yet not usable. Probe the actual call path instead. */
+if (!@openssl_encrypt("test", "aes-128-wrap-pad", str_repeat("k", 16),
+        OPENSSL_RAW_DATA | OPENSSL_DONT_ZERO_PAD_KEY, str_repeat("\0", 4))) {
+    die('skip aes-128-wrap-pad not usable on this OpenSSL build');
 }
 ?>
 --FILE--

Original file line number	Diff line number	Diff line change
`@@ -7947,7 +7947,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,`
`7947`	`7947`	`}`
`7948`	`7948`
`7949`	`7949`	`#ifdef EVP_CIPH_WRAP_MODE`
`7950`		`- if ((EVP_CIPHER_flags(cipher_type) & EVP_CIPH_MODE) == EVP_CIPH_WRAP_MODE) {`
	`7950`	`+ if ((EVP_CIPHER_mode(cipher_type)) == EVP_CIPH_WRAP_MODE) {`
`7951`	`7951`	`/*`
`7952`	`7952`	`* RFC 5649 wrap-with-padding rounds the input up to the block size`
`7953`	`7953`	`* and prepends an integrity block, we reserve one extra block.`