From ec1ec5988a5b48e078bb43f322b7e3cf2f927343 Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Mon, 1 Jun 2026 15:16:35 +0800
Subject: [PATCH] Fix aes_cbc_padding_decrypt bug

---
 src/aes_modes.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/aes_modes.c b/src/aes_modes.c
index ce694e44..c651ddfe 100644
--- a/src/aes_modes.c
+++ b/src/aes_modes.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -71,6 +71,7 @@ int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[16],
 	uint8_t block[16];
 	size_t len = sizeof(block);
 	int padding;
+	int i;
 
 	if (inlen == 0) {
 		error_print();
@@ -90,6 +91,11 @@ int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[16],
 		error_print();
 		return -1;
 	}
+	for (i = 16 - padding; i < 16; i++) {
+		error_print();
+		return -1;
+	}
+
 	len -= padding;
 	memcpy(out + inlen - 16, block, len);
 	*outlen = inlen - padding;