git.ipfire.org Git - thirdparty/openssl.git/commit

author	Eugene Syromiatnikov <esyr@openssl.org>
	Sun, 22 Mar 2026 01:16:27 +0000 (02:16 +0100)
committer	Tomas Mraz <tomas@openssl.foundation>
	Tue, 24 Mar 2026 17:52:43 +0000 (18:52 +0100)
commit	f06bf60fa8bc9e17fc0cdbe97158a1a65db9f2ee
tree	7f3161074e5cdd0118b033f39724592881a4eed8	tree \| snapshot
parent	9d97f023307d95aa9d04d50576a206fde7d55c1a	commit \| diff

crypto/idea/i_ofb64.c: mask the num value after negativity check

Commit 5ba9029bc7b3 "Mask *num on entry in deprecated low-level OFB/CFB
implementations" introduced masking of the user-supplied num value
in several functions, which rendered the exiting *num negativity check
introduced in 1634b2df9f12 "enc: fix coverity 1451499, 1451501, 1451506,
1451507, 1351511, 1451514, 1451517, 1451523, 1451526m 1451528, 1451539,
1451441, 1451549, 1451568 & 1451572: improper use of negative value"
ineffectual. While commit b73a5743253d "crypto/idea/i_cfb64.c:
condition 'n < 0' can never be met after doing 'n = n & 0x07'"
has addressed the issue in crypto/idea/i_cfb64.c:IDEA_cfb64_encrypt(),
this commit addresses the same issue
in crypto/idea/i_ofb64.c:IDEA_ofb64_encrypt() in similar fashion,
by postponing the masking after the negativity check.

The issue has initially reported by Coverity, ID 1689815.

Resolves: https://scan5.scan.coverity.com/#/project-view/62622/10222?selectedIssue=1689815
Fixes: 5ba9029bc7b3 "Mask *num on entry in deprecated low-level OFB/CFB implementations"
References: b73a5743253d "crypto/idea/i_cfb64.c: condition 'n < 0' can never be met after doing 'n = n & 0x07'"
Co-Authored-by: Alexandr Nedvedicky <sashan@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Tue Mar 24 17:52:35 2026
(Merged from https://github.com/openssl/openssl/pull/30528)

(cherry picked from commit fae68066ec117bd0d38166687e9bc62fd43bd42f)