Commit 61c4449eee3 for php.net

commit 61c4449eee363f71aacc996e5f26bde4ef1272db
Merge: de9472d4098 ddbf829fefd
Author: David Carlier <devnexen@gmail.com>
Date:   Mon Jun 15 21:52:06 2026 +0100

    Merge branch 'PHP-8.5'

    * PHP-8.5:
      ext/openssl: openssl_encrypt() zend mm heap overflow on AES-WRAP-PAD mode.

diff --cc ext/openssl/openssl_backend_common.c
index 5aa8d246177,dddad4a0024..42491bf2104
--- a/ext/openssl/openssl_backend_common.c
+++ b/ext/openssl/openssl_backend_common.c
@@@ -1810,13 -1807,8 +1810,14 @@@ zend_result php_openssl_cipher_update(c
  		const char *aad, size_t aad_len, int enc)
  {
  	int i = 0;
+ 	size_t outlen = data_len + EVP_CIPHER_block_size(cipher_type);

 +	/* For AEAD modes that do not support vector AAD, treat NULL AAD as zero-length AAD */
 +	if (!mode->aad_supports_vector && aad == NULL) {
 +		aad_len = 0;
 +		aad = "";
 +	}
 +
  	if (mode->is_single_run_aead && !EVP_CipherUpdate(cipher_ctx, NULL, &i, NULL, (int)data_len)) {
  		php_openssl_store_errors();
  		php_error_docref(NULL, E_WARNING, "Setting of data length failed");