Change loops conditions to make zero loop risk more obvious.

Fixes openssl#18073. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18327)
2025-01-19 08:23:32 +08:00 · 2022-05-15 04:39:50 +02:00 · 2022-05-15 04:39:50 +02:00 · 36c269c302
commit 36c269c302
parent 272138795f
2 changed files with 6 additions and 2 deletions
--- a/crypto/aria/aria.c
+++ b/crypto/aria/aria.c
@ -498,7 +498,7 @@ void ossl_aria_encrypt(const unsigned char *in, unsigned char *out,
    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
    rk++;

-    while (Nr -= 2) {
+    while ((Nr -= 2) > 0) {
        ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
        rk++;
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@ -545,7 +545,11 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
            Xi[0] = Z.hi;
            Xi[1] = Z.lo;
        }
-    } while (inp += 16, len -= 16);
+
+        inp += 16;
+        /* Block size is 128 bits so len is a multiple of 16 */
+        len -= 16;
+    } while (len > 0);
 }
 #  endif
 # else