php · jordikroon · Jan 6, 2026 · Jan 7, 2026
@@ -4481,7 +4481,7 @@ PHP_FUNCTION(openssl_encrypt)
 	zend_string *ret;
 	zval *tag = NULL;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lszsl", &data, &data_len, &method, &method_len,
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lszs!l", &data, &data_len, &method, &method_len,
 					&password, &password_len, &options, &iv, &iv_len, &tag, &aad, &aad_len, &tag_len) == FAILURE) {
 		RETURN_THROWS();
 	}
@@ -4503,7 +4503,7 @@ PHP_FUNCTION(openssl_decrypt)
 	size_t data_len, method_len, password_len, iv_len = 0, tag_len = 0, aad_len = 0;
 	zend_string *ret;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lss!s", &data, &data_len, &method, &method_len,
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lss!s!", &data, &data_len, &method, &method_len,
 					&password, &password_len, &options, &iv, &iv_len, &tag, &tag_len, &aad, &aad_len) == FAILURE) {
 		RETURN_THROWS();
 	}

@@ -662,9 +662,9 @@ function openssl_digest(string $data, string $digest_algo, bool $binary = false)
 /**
  * @param string $tag
  */
-function openssl_encrypt(#[\SensitiveParameter] string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", &$tag = null, string $aad = "", int $tag_length = 16): string|false {}
+function openssl_encrypt(#[\SensitiveParameter] string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", &$tag = null, ?string $aad = "", int $tag_length = 16): string|false {}
 
-function openssl_decrypt(string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", ?string $tag = null, string $aad = ""): string|false {}
+function openssl_decrypt(string $data, string $cipher_algo, #[\SensitiveParameter] string $passphrase, int $options = 0, string $iv = "", ?string $tag = null, ?string $aad = ""): string|false {}
 
 function openssl_cipher_iv_length(string $cipher_algo): int|false {}
 

@@ -1637,6 +1637,13 @@ void php_openssl_load_cipher_mode(struct php_openssl_cipher_mode *mode, const EV
 {
 	int cipher_mode = EVP_CIPHER_mode(cipher_type);
 	memset(mode, 0, sizeof(struct php_openssl_cipher_mode));
+
+	#if defined(EVP_CIPH_FLAG_AEAD_CIPHER)
+		if (EVP_CIPHER_flags(cipher_type) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+			php_openssl_set_aead_flags(mode);
+		}
+	#endif
+
 	switch (cipher_mode) {
 		case EVP_CIPH_GCM_MODE:
 		case EVP_CIPH_CCM_MODE:
@@ -1797,7 +1804,9 @@ zend_result php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 		return FAILURE;
 	}
 
-	if (mode->is_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, (const unsigned char *) aad, (int) aad_len)) {
+	/* Only pass AAD to OpenSSL if caller provided it.
+	   This makes NULL mean zero AAD items, while "" with len 0 means one empty AAD item. */
+	if (mode->is_aead && aad != NULL && !EVP_CipherUpdate(cipher_ctx, NULL, &i, (const unsigned char *)aad, (int)aad_len)) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Setting of additional application data failed");
 		return FAILURE;

@@ -0,0 +1,47 @@
+--TEST--
+openssl: AES-256-SIV AEAD tag and AAD roundtrip
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$algo = 'aes-256-siv';
+$key = str_repeat('1', 64);
+$tag = '';
+$aad = '';
+$input = 'Hello world!';
+
+$ciphertext = openssl_encrypt(
+    'Hello world!',
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '',      // IV is empty for this cipher in PHP
+    $tag,     // gets filled with the SIV
+    $aad,
+    16
+);
+
+echo 'input: ' . $input . PHP_EOL;
+echo 'tag: ' . bin2hex($tag) . PHP_EOL;
+echo 'ciphertext: ' . bin2hex($ciphertext) . PHP_EOL;
+echo 'combined: ' . bin2hex($tag . $ciphertext) . PHP_EOL;
+
+$dec = openssl_decrypt(
+    $ciphertext,
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '',
+    $tag,
+    $aad
+);
+
+echo 'decrypted: ' . var_export($dec, true) . PHP_EOL;
+?>
+--EXPECTF--
+input: Hello world!
+tag: f6c98e3e785947502a09994d2757f9c1
+ciphertext: a430a41a9bc089fa45ad27be
+combined: f6c98e3e785947502a09994d2757f9c1a430a41a9bc089fa45ad27be
+decrypted: 'Hello world!'
+
@@ -0,0 +1,47 @@
+--TEST--
+openssl: AES-256-SIV AEAD tag and AAD roundtrip
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$algo = 'aes-256-siv';
+$key = str_repeat('1', 64);
+$tag = '';
+$aad = null;
+$input = 'Hello world!';
+
+$ciphertext = openssl_encrypt(
+    'Hello world!',
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '', // IV is empty for this cipher in PHP
+    $tag, // gets filled with the SIV
+    $aad,
+    16
+);
+
+echo 'input: ' . $input . PHP_EOL;
+echo 'tag: ' . bin2hex($tag) . PHP_EOL;
+echo 'ciphertext: ' . bin2hex($ciphertext) . PHP_EOL;
+echo 'combined: ' . bin2hex($tag . $ciphertext) . PHP_EOL;
+
+$dec = openssl_decrypt(
+    $ciphertext,
+    $algo,
+    $key,
+    OPENSSL_RAW_DATA,
+    '',
+    $tag,
+    $aad
+);
+
+echo 'decrypted: ' . var_export($dec, true) . PHP_EOL;
+?>
+--EXPECTF--
+input: Hello world!
+tag: c06f0df087e2784c5560ce5d0b378311
+ciphertext: 72fffba74d7bc3ddcceeb6d1
+combined: c06f0df087e2784c5560ce5d0b37831172fffba74d7bc3ddcceeb6d1
+decrypted: 'Hello world!'
+