Fixed #74099 - Memory leak with openssl_encrypt()

NEWS

@@ -42,6 +42,7 @@ PHP                                                                        NEWS
 - OpenSSL:
   . Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
     (Anatol)
+  . Fixed bug #74099 (Memory leak with openssl_encrypt()). (Andrew Nester)
 
 - Standard:
   . Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed).

ext/openssl/openssl.c

@@ -6309,8 +6309,7 @@ static int php_openssl_cipher_update(const EVP_CIPHER *cipher_type,
 
 	*poutbuf = zend_string_alloc((int)data_len + EVP_CIPHER_block_size(cipher_type), 0);
 
-	if ((!enc || data_len > 0) &&
+	if (!EVP_CipherUpdate(cipher_ctx, (unsigned char*)ZSTR_VAL(*poutbuf),
-			!EVP_CipherUpdate(cipher_ctx, (unsigned char*)ZSTR_VAL(*poutbuf),
 					&i, (unsigned char *)data, (int)data_len)) {
 		/* we don't show warning when we fail but if we ever do, then it should look like this:
 		if (mode->is_single_run_aead && !enc) {
@@ -6366,7 +6365,6 @@ PHP_FUNCTION(openssl_encrypt)
 		php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
 		RETURN_FALSE;
 	}
-
 	php_openssl_load_cipher_mode(&mode, cipher_type);
 
 	if (php_openssl_cipher_init(cipher_type, cipher_ctx, &mode,

ext/openssl/tests/bug74099.phpt

@@ -0,0 +1,20 @@
+--TEST--
+Bug #74099 Memory leak with openssl_encrypt()
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+$aad = random_bytes(32);
+$iv = random_bytes(16);
+$key = random_bytes(32);
+
+$plaintext = '';
+$tag = null;
+
+$ciphertext = openssl_encrypt($plaintext, 'aes-256-gcm', $key, \OPENSSL_RAW_DATA, $iv, $tag, $aad);
+var_dump($ciphertext);
+?>
+--EXPECTF--
+string(0) ""