allow null AAD parameter in openssl_encrypt/decrypt

jordikroon · jordikroon · commit 344b75de2986 · 2026-04-07T14:05:33.000+02:00
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -4531,7 +4531,7 @@ PHP_FUNCTION(openssl_encrypt)
 	zend_string *ret;
 	zval *tag = NULL;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lszsl", &data, &data_len, &method, &method_len,
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lszs!l", &data, &data_len, &method, &method_len,
 					&password, &password_len, &options, &iv, &iv_len, &tag, &aad, &aad_len, &tag_len) == FAILURE) {
 		RETURN_THROWS();
 	}
@@ -4553,7 +4553,7 @@ PHP_FUNCTION(openssl_decrypt)
 	size_t data_len, method_len, password_len, iv_len = 0, tag_len = 0, aad_len = 0;
 	zend_string *ret;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lss!s", &data, &data_len, &method, &method_len,
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lss!s!", &data, &data_len, &method, &method_len,
 					&password, &password_len, &options, &iv, &iv_len, &tag, &tag_len, &aad, &aad_len) == FAILURE) {
 		RETURN_THROWS();
 	}
diff --git a/ext/openssl/openssl.stub.php b/ext/openssl/openssl.stub.php
@@ -662,9 +662,9 @@ function openssl_digest(string $data, string $digest_algo, bool $binary = false)
 /**
  * @param string $tag
  */
-function openssl_encrypt(#[\SensitiveParameter] string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", &$tag = null, string $aad = "", int $tag_length = 16): string|false {}
+function openssl_encrypt(#[\SensitiveParameter] string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", &$tag = null, ?string $aad = "", int $tag_length = 16): string|false {}
 
-function openssl_decrypt(string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", ?string $tag = null, string $aad = ""): string|false {}
+function openssl_decrypt(string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", ?string $tag = null, ?string $aad = ""): string|false {}
 
 function openssl_cipher_iv_length(string $cipher_algo): int|false {}
 
diff --git a/ext/openssl/openssl_arginfo.h b/ext/openssl/openssl_arginfo.h
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -1816,7 +1816,9 @@ zend_result php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 		return FAILURE;
 	}
 
-	if (mode->is_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, (const unsigned char *) aad, (int) aad_len)) {
+	/* Only pass AAD to OpenSSL if caller provided it.
+	   This makes NULL mean zero AAD items, while "" with len 0 means one empty AAD item. */
+	if (mode->is_aead && aad != NULL && !EVP_CipherUpdate(cipher_ctx, NULL, &i, (const unsigned char *)aad, (int)aad_len)) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Setting of additional application data failed");
 		return FAILURE;
diff --git a/ext/openssl/tests/gh20851_aad_empty.phpt b/ext/openssl/tests/gh20851_aad_empty.phpt
@@ -7,6 +7,7 @@ openssl
 $algo = 'aes-256-siv';
 $key = str_repeat('1', 64);
 $tag = '';
+$aad = '';
 $input = 'Hello world!';
 
 $ciphertext = openssl_encrypt(
@@ -15,7 +16,9 @@ $ciphertext = openssl_encrypt(
     $key,
     OPENSSL_RAW_DATA,
     '',      // IV is empty for this cipher in PHP
-    $tag     // gets filled with the SIV
+    $tag,     // gets filled with the SIV
+    $aad,
+    16
 );
 
 echo 'input: ' . $input . PHP_EOL;
@@ -29,7 +32,8 @@ $dec = openssl_decrypt(
     $key,
     OPENSSL_RAW_DATA,
     '',
-    $tag
+    $tag,
+    $aad
 );
 
 echo 'decrypted: ' . var_export($dec, true) . PHP_EOL;
diff --git a/ext/openssl/tests/gh20851_aad_null.phpt b/ext/openssl/tests/gh20851_aad_null.phpt
@@ -0,0 +1,47 @@
+--TEST--
+openssl: AES-256-SIV AEAD tag and AAD roundtrip
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$algo = 'aes-256-siv';
+$key = str_repeat('1', 64);
+$tag = '';
+$aad = null;
+$input = 'Hello world!';
+
+$ciphertext = openssl_encrypt(
+    'Hello world!',
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '', // IV is empty for this cipher in PHP
+    $tag, // gets filled with the SIV
+    $aad,
+    16
+);
+
+echo 'input: ' . $input . PHP_EOL;
+echo 'tag: ' . bin2hex($tag) . PHP_EOL;
+echo 'ciphertext: ' . bin2hex($ciphertext) . PHP_EOL;
+echo 'combined: ' . bin2hex($tag . $ciphertext) . PHP_EOL;
+
+$dec = openssl_decrypt(
+    $ciphertext,
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '',
+    $tag,
+    $aad
+);
+
+echo 'decrypted: ' . var_export($dec, true) . PHP_EOL;
+?>
+--EXPECTF--
+input: Hello world!
+tag: c06f0df087e2784c5560ce5d0b378311
+ciphertext: 72fffba74d7bc3ddcceeb6d1
+combined: c06f0df087e2784c5560ce5d0b37831172fffba74d7bc3ddcceeb6d1
+decrypted: 'Hello world!'
+
