Change loops conditions to make zero loop risk more obvious.

Fixes #18073. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18327)
openssl · May 24, 2022 · 36c269c · 36c269c
1 parent 2721387
commit 36c269c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c
@@ -498,7 +498,7 @@ void ossl_aria_encrypt(const unsigned char *in, unsigned char *out,
     ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
     rk++;
 
-    while (Nr -= 2) {
+    while ((Nr -= 2) > 0) {
         ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
         ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
         rk++;

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
@@ -545,7 +545,11 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
             Xi[0] = Z.hi;
             Xi[1] = Z.lo;
         }
-    } while (inp += 16, len -= 16);
+
+        inp += 16;
+        /* Block size is 128 bits so len is a multiple of 16 */
+        len -= 16;
+    } while (len > 0);
 }
 #  endif
 # else