crypto/idea/i_cfb64.c: condition 'n < 0' can never be met after doing 'n = n & 0x07'

Resolves: https://scan5.scan.coverity.com/#/project-view/62622/10222?selectedIssue=1689816
Fixes: 5ba9029bc7b3 "Mask *num on entry in deprecated low-level OFB/CFB implementations"
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sat Mar 21 23:50:41 2026
(Merged from https://github.com/openssl/openssl/pull/30500)

diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index 724905f2f916b3e2f08f6ddd5d15fa8172021fed..1d530e06063eff4f1ee56c7bbcc90f0a011131a8 100644 (file)
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -28,7 +28,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num & 0x07;
+    register int n = *num;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
         *num = -1;
         return;
     }
+    n = n & 0x07;
 
     iv = (unsigned char *)ivec;
     if (encrypt) {