From e62fa548114bde5f5113017796ff6f7985b5a392 Mon Sep 17 00:00:00 2001
From: Nils Larsch <nils@openssl.org>
Date: Wed, 20 Jul 2005 22:02:25 +0000
Subject: [PATCH] the final byte of pkcs7 padded plaintext can never be 0

Submitted by: K S Sreeram <sreeram@tachyontech.net>
---
 crypto/evp/evp_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index e845632239..22cb6131be 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -449,7 +449,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 			}
 		OPENSSL_assert(b <= sizeof ctx->final);
 		n=ctx->final[b-1];
-		if (n > (int)b)
+		if (n == 0 || n > (int)b)
 			{
 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
 			return(0);
-- 
2.25.1