From: Nils Larsch <nils@openssl.org>
Date: Wed, 20 Jul 2005 22:03:36 +0000 (+0000)
Subject: the final byte of a pkcs7 padded plaintext can never be 0
X-Git-Tag: OpenSSL_0_9_8k^2~1914
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b554eef43b9ac5b92f590da6a120dbfd9ca0582e;p=oweals%2Fopenssl.git

the final byte of a pkcs7 padded plaintext can never be 0

Submitted by: K S Sreeram <sreeram@tachyontech.net>
---

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index e845632239..22cb6131be 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -449,7 +449,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 			}
 		OPENSSL_assert(b <= sizeof ctx->final);
 		n=ctx->final[b-1];
-		if (n > (int)b)
+		if (n == 0 || n > (int)b)
 			{
 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
 			return(0);