commit 46dd8ec9937ed0979ed5089f426ce04d9d431682
author Adam Langley <alangley@gmail.com> Wed Oct 19 11:10:20 2016 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Oct 19 18:28:54 2016 +0000
tree 2ba18f856d595ad8702564f93e6c80e5924eb0b1
parent 3ef7697ed30f28367395a5aafb57a12a19906d96

Make the loop bounds in keywrap a little more clear.

This code reportedly upsets VC++'s static analysis. Make it clear that,
yes, we want to count backwards.

Change-Id: I5caba219a2b87750d1a9d69b46d336a98c5824c9
Reviewed-on: https://boringssl-review.googlesource.com/11624
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

crypto/aes/key_wrap.c

diff --git a/crypto/aes/key_wrap.c b/crypto/aes/key_wrap.c
index e955c47..c8b6a03 100644
--- a/crypto/aes/key_wrap.c
+++ b/crypto/aes/key_wrap.c
@@ -59,6 +59,8 @@
     0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6,
 };
 
+static const unsigned kBound = 6;
+
 int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
                  const uint8_t *in, size_t in_len) {
   /* See RFC 3394, section 2.2.1. */
@@ -77,7 +79,7 @@
 
   size_t n = in_len / 8;
 
-  for (unsigned j = 0; j < 6; j++) {
+  for (unsigned j = 0; j < kBound; j++) {
     for (size_t i = 1; i <= n; i++) {
       memcpy(A + 8, out + 8 * i, 8);
       AES_encrypt(A, A, key);
@@ -113,7 +115,7 @@
 
   size_t n = (in_len / 8) - 1;
 
-  for (unsigned j = 5; j < 6; j--) {
+  for (unsigned j = kBound - 1; j < kBound; j--) {
     for (size_t i = n; i > 0; i--) {
       uint32_t t = (uint32_t)(n * j + i);
       A[7] ^= t & 0xff;