Commit 1b97a9ae19 for openssl.org

commit 1b97a9ae19b8779835e0c9ad6b4f0460d984fd6a
Author: Igor Ustinov <igus@openssl.foundation>
Date:   Sat Mar 28 13:49:00 2026 +0100

    evp_decodeblock_int(): Bugfix of padding check

    The padding check didn't take into account that by this point the f pointer
    had already shifted by 4 positions. Luckily, the original f[2] and f[3]
    were saved in c and d .

    This code is not reachable in normal operation, but that is not a reason
    not to fix it.

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Fri Apr  3 15:31:13 2026
    (Merged from https://github.com/openssl/openssl/pull/30618)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index faf9a3887d..4f2c412c3c 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -682,7 +682,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
     l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d)));

     if (eof == -1)
-        eof = (f[2] == '=') + (f[3] == '=');
+        eof = (c == '=') + (d == '=');

     switch (eof) {
     case 2: