Change loops conditions to make zero loop risk more obvious.

Fixes openssl#18073.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18327)

diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c
index 6a1d713c45a048df29515f1e0c3415fa26b75a5d..84ddd00cd827bfc72a3424782ea0363760b05d34 100644 (file)
--- a/crypto/aria/aria.c
+++ b/crypto/aria/aria.c
@@ -498,7 +498,7 @@ void ossl_aria_encrypt(const unsigned char *in, unsigned char *out,
     ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
     rk++;
 
-    while (Nr -= 2) {
+    while ((Nr -= 2) > 0) {
         ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
         ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
         rk++;

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 8838ffccb9bb5846fb6a50519cfcbbff0b774d00..a57d0f8fd9efe9be03753a3afb7747cb6b360b15 100644 (file)
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -545,7 +545,11 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
             Xi[0] = Z.hi;
             Xi[1] = Z.lo;
         }
-    } while (inp += 16, len -= 16);
+
+        inp += 16;
+        /* Block size is 128 bits so len is a multiple of 16 */
+        len -= 16;
+    } while (len > 0);
 }
 #  endif
 # else