Dev news

Commit 5ba9029bc7 for openssl.org

commit 5ba9029bc7b387ab0768b051518c5325316c0fdb
Author: frostb1ten <68353531+frostb1ten@users.noreply.github.com>
Date:   Mon Mar 16 05:07:12 2026 -0500

    Mask *num on entry in deprecated low-level OFB/CFB implementations

    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Wed Mar 18 07:11:44 2026
    (Merged from https://github.com/openssl/openssl/pull/30447)

diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
index e380972dbd..cec20b9158 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -27,7 +27,7 @@ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register BF_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     BF_LONG ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
index 5c9193add1..dbd60d1853 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -26,7 +26,7 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num)
 {
     register BF_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index 4170f77a78..477762005f 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -27,7 +27,7 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int enc)
 {
     register CAST_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     CAST_LONG ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
index 431446ab5f..c130f9183f 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -26,7 +26,7 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num)
 {
     register CAST_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index c8ed385328..724905f2f9 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -28,7 +28,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index afa6a960d4..ed8601ad4f 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -27,7 +27,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index ccc69fa6bf..c0e45787f8 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -27,7 +27,7 @@ void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index b659b72a10..e771ffc376 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -26,7 +26,7 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     int *num)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
index f2f4b9bdfb..7e3357f039 100644
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -27,7 +27,7 @@ void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
index 30487521f2..e55b519956 100644
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -26,7 +26,7 @@ void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;