From: Alexandr Nedvedicky <sashan@openssl.org>
Date: Thu, 19 Mar 2026 07:21:24 +0000 (+0100)
Subject: crypto/idea/i_cfb64.c: condition 'n < 0' can never be met after doing 'n = n & 0x07'
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b73a5743253d;p=thirdparty%2Fopenssl.git

crypto/idea/i_cfb64.c: condition 'n < 0' can never be met after doing 'n = n & 0x07'

Resolves: https://scan5.scan.coverity.com/#/project-view/62622/10222?selectedIssue=1689816
Fixes: 5ba9029bc7b3 "Mask *num on entry in deprecated low-level OFB/CFB implementations"

Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sat Mar 21 23:50:41 2026
(Merged from https://github.com/openssl/openssl/pull/30500)
---

diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index 724905f2f91..1d530e06063 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -28,7 +28,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num & 0x07;
+    register int n = *num;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
         *num = -1;
         return;
     }
+    n = n & 0x07;
 
     iv = (unsigned char *)ivec;
     if (encrypt) {