Commit b73a574325 for openssl.org

commit b73a5743253dbc6484bcb0021c94edc59aceb161
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Thu Mar 19 08:21:24 2026 +0100

    crypto/idea/i_cfb64.c: condition 'n < 0' can never be met after doing 'n = n & 0x07'

    Resolves: https://scan5.scan.coverity.com/#/project-view/62622/10222?selectedIssue=1689816
    Fixes: 5ba9029bc7b3 "Mask *num on entry in deprecated low-level OFB/CFB implementations"

    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Sat Mar 21 23:50:41 2026
    (Merged from https://github.com/openssl/openssl/pull/30500)

diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index 724905f2f9..1d530e0606 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -28,7 +28,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num & 0x07;
+    register int n = *num;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
         *num = -1;
         return;
     }
+    n = n & 0x07;

     iv = (unsigned char *)ivec;
     if (encrypt) {