evp_decodeblock_int(): Bugfix of padding check

The padding check didn't take into account that by this point the f pointer
had already shifted by 4 positions. Luckily, the original f[2] and f[3]
were saved in c and d .

This code is not reachable in normal operation, but that is not a reason
not to fix it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Fri Apr  3 15:31:13 2026
(Merged from https://github.com/openssl/openssl/pull/30618)

(cherry picked from commit 1b97a9ae19b8779835e0c9ad6b4f0460d984fd6a)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index faf9a3887d556400f79535c15fe4a9a7700b83fc..4f2c412c3cb62975167503fa79d36ebf8da9ac5a 100644 (file)
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -682,7 +682,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
     l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d)));
 
     if (eof == -1)
-        eof = (f[2] == '=') + (f[3] == '=');
+        eof = (c == '=') + (d == '=');
 
     switch (eof) {
     case 2: