From 5525e661121ea5cfeefb02ae28237c08c90c4c37 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Tue, 1 Jul 2025 00:07:22 +0200
Subject: [PATCH] Fix error return check of EVP_CIPHER_CTX_ctrl()

OpenSSL can return -1 on error [1, 2], and OpenBSD's docs confirm this
[3]. Existing checks check for 1 for the success value, so do the same.

[1] https://github.com/openssl/openssl/blob/b3161bd9a9329be3d6bf6b29a06835e2721898bb/crypto/evp/evp_enc.c#L1530-L1531
[2] https://github.com/openssl/openssl/blob/b3161bd9a9329be3d6bf6b29a06835e2721898bb/crypto/evp/evp_enc.c#L1611
[3] https://man.openbsd.org/EVP_CIPHER_CTX_ctrl.3
---
 ext/openssl/openssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 718f946ad176d..51ae260fc28b6 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -7547,7 +7547,7 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
 		return FAILURE;
 	}
 	if (mode->set_tag_length_always || (enc && mode->set_tag_length_when_encrypting)) {
-		if (!EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, NULL)) {
+		if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, NULL) != 1) {
 			php_error_docref(NULL, E_WARNING, "Setting tag length for AEAD cipher failed");
 			return FAILURE;
 		}
@@ -7555,7 +7555,7 @@ static int php_openssl_cipher_init(const EVP_CIPHER *cipher_type,
 	if (!enc && tag && tag_len > 0) {
 		if (!mode->is_aead) {
 			php_error_docref(NULL, E_WARNING, "The tag cannot be used because the cipher algorithm does not support AEAD");
-		} else if (!EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, (unsigned char *) tag)) {
+		} else if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_set_tag_flag, tag_len, (unsigned char *) tag) != 1) {
 			php_error_docref(NULL, E_WARNING, "Setting tag for AEAD cipher decryption failed");
 			return FAILURE;
 		}