From 199821a8807b7e8f19ffc919d629a8e075461830 Mon Sep 17 00:00:00 2001
From: "Paul E. Jones" <paulej@packetizer.com>
Date: Wed, 10 Jan 2024 15:26:44 -0500
Subject: [PATCH] Change loops to use local size_t variables

---
 crypto/cipher/aes_icm.c | 13 ++++++-------
 crypto/hash/hmac.c      |  5 ++---
 include/srtp_priv.h     |  2 +-
 srtp/srtp.c             | 15 ++++++---------
 4 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c
index 31226c0f2..2d2cae40a 100644
--- a/crypto/cipher/aes_icm.c
+++ b/crypto/cipher/aes_icm.c
@@ -300,7 +300,6 @@ static srtp_err_status_t srtp_aes_icm_encrypt(void *cv,
 {
     srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
     unsigned int bytes_to_encr = (unsigned int)*enc_len;
-    unsigned int i;
     uint32_t *b;
 
     /* check that there's enough segment left*/
@@ -313,7 +312,7 @@ static srtp_err_status_t srtp_aes_icm_encrypt(void *cv,
     debug_print(srtp_mod_aes_icm, "block index: %d", htons(c->counter.v16[7]));
     if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) {
         /* deal with odd case of small bytes_to_encr */
-        for (i = (sizeof(v128_t) - c->bytes_in_buffer);
+        for (size_t i = (sizeof(v128_t) - c->bytes_in_buffer);
              i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) {
             *buf++ ^= c->keystream_buffer.v8[i];
         }
@@ -325,8 +324,8 @@ static srtp_err_status_t srtp_aes_icm_encrypt(void *cv,
 
     } else {
         /* encrypt bytes until the remaining data is 16-byte aligned */
-        for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t);
-             i++) {
+        for (size_t i = (sizeof(v128_t) - c->bytes_in_buffer);
+             i < sizeof(v128_t); i++) {
             *buf++ ^= c->keystream_buffer.v8[i];
         }
 
@@ -335,7 +334,7 @@ static srtp_err_status_t srtp_aes_icm_encrypt(void *cv,
     }
 
     /* now loop over entire 16-byte blocks of keystream */
-    for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) {
+    for (size_t i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) {
         /* fill buffer with new keystream */
         srtp_aes_icm_advance(c);
 
@@ -385,12 +384,12 @@ static srtp_err_status_t srtp_aes_icm_encrypt(void *cv,
         /* fill buffer with new keystream */
         srtp_aes_icm_advance(c);
 
-        for (i = 0; i < (bytes_to_encr & 0xf); i++) {
+        for (size_t i = 0; i < (bytes_to_encr & 0xf); i++) {
             *buf++ ^= c->keystream_buffer.v8[i];
         }
 
         /* reset the keystream buffer size to right value */
-        c->bytes_in_buffer = sizeof(v128_t) - i;
+        c->bytes_in_buffer = sizeof(v128_t) - (bytes_to_encr & 0xf);
     } else {
         /* no tail, so just reset the keystream buffer size to zero */
         c->bytes_in_buffer = 0;
diff --git a/crypto/hash/hmac.c b/crypto/hash/hmac.c
index b2d00c9a5..402427b4f 100644
--- a/crypto/hash/hmac.c
+++ b/crypto/hash/hmac.c
@@ -117,7 +117,6 @@ static srtp_err_status_t srtp_hmac_init(void *statev,
                                         size_t key_len)
 {
     srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
-    size_t i;
     uint8_t ipad[64];
 
     /*
@@ -132,12 +131,12 @@ static srtp_err_status_t srtp_hmac_init(void *statev,
      * set values of ipad and opad by exoring the key into the
      * appropriate constant values
      */
-    for (i = 0; i < key_len; i++) {
+    for (size_t i = 0; i < key_len; i++) {
         ipad[i] = key[i] ^ 0x36;
         state->opad[i] = key[i] ^ 0x5c;
     }
     /* set the rest of ipad, opad to constant values */
-    for (; i < 64; i++) {
+    for (size_t i = key_len; i < 64; i++) {
         ipad[i] = 0x36;
         ((uint8_t *)state->opad)[i] = 0x5c;
     }
diff --git a/include/srtp_priv.h b/include/srtp_priv.h
index e1d015087..da19e7156 100644
--- a/include/srtp_priv.h
+++ b/include/srtp_priv.h
@@ -134,7 +134,7 @@ typedef struct srtp_session_keys_t {
 typedef struct srtp_stream_ctx_t_ {
     uint32_t ssrc;
     srtp_session_keys_t *session_keys;
-    unsigned int num_master_keys;
+    size_t num_master_keys;
     srtp_rdbx_t rtp_rdbx;
     srtp_sec_serv_t rtp_services;
     srtp_rdb_t rtcp_rdb;
diff --git a/srtp/srtp.c b/srtp/srtp.c
index f6fca5103..0fe475f8f 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -177,7 +177,6 @@ static srtp_err_status_t srtp_stream_dealloc(
     const srtp_stream_ctx_t *stream_template)
 {
     srtp_err_status_t status;
-    unsigned int i = 0;
     srtp_session_keys_t *session_keys = NULL;
     srtp_session_keys_t *template_session_keys = NULL;
 
@@ -187,7 +186,7 @@ static srtp_err_status_t srtp_stream_dealloc(
      * anything else
      */
     if (stream->session_keys) {
-        for (i = 0; i < stream->num_master_keys; i++) {
+        for (size_t i = 0; i < stream->num_master_keys; i++) {
             session_keys = &stream->session_keys[i];
 
             if (stream_template &&
@@ -377,7 +376,7 @@ static srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
 {
     srtp_stream_ctx_t *str;
     srtp_err_status_t stat;
-    unsigned int i = 0;
+    size_t i = 0;
     srtp_session_keys_t *session_keys = NULL;
 
     stat = srtp_valid_policy(p);
@@ -544,7 +543,6 @@ static srtp_err_status_t srtp_stream_clone(
 {
     srtp_err_status_t status;
     srtp_stream_ctx_t *str;
-    unsigned int i = 0;
     srtp_session_keys_t *session_keys = NULL;
     const srtp_session_keys_t *template_session_keys = NULL;
 
@@ -566,7 +564,7 @@ static srtp_err_status_t srtp_stream_clone(
         return srtp_err_status_alloc_fail;
     }
 
-    for (i = 0; i < stream_template->num_master_keys; i++) {
+    for (size_t i = 0; i < stream_template->num_master_keys; i++) {
         session_keys = &str->session_keys[i];
         template_session_keys = &stream_template->session_keys[i];
 
@@ -920,7 +918,6 @@ srtp_err_status_t srtp_stream_init_all_master_keys(
     srtp_master_key_t **keys,
     const unsigned int max_master_keys)
 {
-    unsigned int i = 0;
     srtp_err_status_t status = srtp_err_status_ok;
     srtp_master_key_t single_master_key;
 
@@ -933,7 +930,8 @@ srtp_err_status_t srtp_stream_init_all_master_keys(
     } else {
         srtp->num_master_keys = max_master_keys;
 
-        for (i = 0; i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS;
+        for (size_t i = 0;
+             i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS;
              i++) {
             status = srtp_stream_init_keys(srtp, keys[i], i);
 
@@ -1637,7 +1635,6 @@ srtp_session_keys_t *srtp_get_session_keys(srtp_stream_ctx_t *stream,
     size_t base_mki_start_location = pkt_octet_len;
     size_t mki_start_location = 0;
     size_t tag_len = 0;
-    unsigned int i = 0;
 
     // Determine the authentication tag size
     if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
@@ -1654,7 +1651,7 @@ srtp_session_keys_t *srtp_get_session_keys(srtp_stream_ctx_t *stream,
 
     base_mki_start_location -= tag_len;
 
-    for (i = 0; i < stream->num_master_keys; i++) {
+    for (size_t i = 0; i < stream->num_master_keys; i++) {
         if (stream->session_keys[i].mki_size != 0 &&
             stream->session_keys[i].mki_size <= base_mki_start_location) {
             *mki_size = stream->session_keys[i].mki_size;