Pull Request resolves # .

• I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.

Summary of Changes

This PR fixes a mode-validation typo in the OpenSSL AES adapter that caused valid ecb input to be rejected, adds a regression test, and aligns related AES documentation comments.

Functional fix in OpenSSL.php:90 mode allowlist now accepts ecb instead of the misspelled ebc.
Regression test added in OpenSSLTest.php:30.

###Discovery/Triage

This issue was initially identified during a Semgrep-assisted review and then manually validated.

Testing Instructions

1. Install dependencies:
2. Run the focused regression test:
3. Optional syntax checks:

php -l libraries/src/Encrypt/AES/OpenSSL.php
php -l tests/Unit/Libraries/Cms/Encrypt/AES/OpenSSLTest.php

###Actual result BEFORE applying this Pull Request

1. Calling setEncryptionMode("ecb", 128) was treated as invalid because the allowlist expected ebc.
2. The adapter silently fell back to cbc/default behavior.
3. Requested ECB mode was not selected.

###Expected result AFTER applying this Pull Request

1. Calling setEncryptionMode("ecb", 128) is accepted.
2. The adapter selects aes-128-ecb as expected (when supported by the OpenSSL build).
3. Regression test passes and guards against reintroduction.

Link to documentations

Please select:

• Documentation link for guide.joomla.org:

• No documentation changes for guide.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed