From c64f830ea87ef069074f4c1079a21e1758561045 Mon Sep 17 00:00:00 2001
From: Justin Smith <justsmth@amazon.com>
Date: Mon, 11 Nov 2024 14:41:27 -0500
Subject: [PATCH] PR feedback

---
 crypto/fipsmodule/modes/gcm.c | 57 ++++++++++++++++-------------------
 1 file changed, 26 insertions(+), 31 deletions(-)

diff --git a/crypto/fipsmodule/modes/gcm.c b/crypto/fipsmodule/modes/gcm.c
index cd7869ab3d..206b60c9ad 100644
--- a/crypto/fipsmodule/modes/gcm.c
+++ b/crypto/fipsmodule/modes/gcm.c
@@ -421,18 +421,17 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) {
     len -= len_blocks;
   }
 
-  // This is needed to avoid a compiler warning on powerpc64le using GCC 12.2:
-  // .../aws-lc/crypto/fipsmodule/modes/gcm.c:428:18: error: writing 1 byte into
-  // a region of size 0 [-Werror=stringop-overflow=]
-  // 428 | ctx->Xi[i] ^= aad[i];
-  //     | ~~~~~~~~~~~^~~~~~~~~
-  if (len > 16) {
-    abort();
-    return 0;
-  }
-
   // Process the remainder.
   if (len != 0) {
+    // This is needed to avoid a compiler warning on powerpc64le using GCC 12.2:
+    // .../aws-lc/crypto/fipsmodule/modes/gcm.c:428:18: error: writing 1 byte into
+    // a region of size 0 [-Werror=stringop-overflow=]
+    // 428 | ctx->Xi[i] ^= aad[i];
+    //     | ~~~~~~~~~~~^~~~~~~~~
+    if (len > 16) {
+      abort();
+      return 0;
+    }
     n = (unsigned int)len;
     for (size_t i = 0; i < len; ++i) {
       ctx->Xi[i] ^= aad[i];
@@ -690,20 +689,18 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
     GHASH(ctx, out, len_blocks);
     out += len_blocks;
   }
-
-  // This is needed to avoid a compiler warning on powerpc64le using GCC 12.2:
-  // .../aws-lc/crypto/fipsmodule/modes/gcm.c:688:18: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]
-  // 688 |       ctx->Xi[n] ^= out[n] = in[n] ^ ctx->EKi[n];
-  //     |                  ^~
-  if ((n + len) > 16) {
-    abort();
-    return 0;
-  }
-
   if (len) {
     (*ctx->gcm_key.block)(ctx->Yi, ctx->EKi, key);
     ++ctr;
     CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
+    // This is needed to avoid a compiler warning on powerpc64le using GCC 12.2:
+    // .../aws-lc/crypto/fipsmodule/modes/gcm.c:688:18: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]
+    // 688 |       ctx->Xi[n] ^= out[n] = in[n] ^ ctx->EKi[n];
+    //     |                  ^~
+    if ((n + len) > 16) {
+      abort();
+      return 0;
+    }
     while (len--) {
       ctx->Xi[n] ^= out[n] = in[n] ^ ctx->EKi[n];
       ++n;
@@ -796,21 +793,19 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
     in += len_blocks;
     len -= len_blocks;
   }
-
-  // This is needed to avoid a compiler warning on powerpc64le using GCC 12.2:
-  // aws-lc/crypto/fipsmodule/modes/gcm.c:785:18: error: writing 1 byte into a
-  // region of size 0 [-Werror=stringop-overflow=]
-  // 785 | ctx->Xi[n] ^= c;
-  //     | ~~~~~~~~~~~^~~~
-  if ((n + len) > 16) {
-    abort();
-    return 0;
-  }
-
   if (len) {
     (*ctx->gcm_key.block)(ctx->Yi, ctx->EKi, key);
     ++ctr;
     CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
+    // This is needed to avoid a compiler warning on powerpc64le using GCC 12.2:
+    // aws-lc/crypto/fipsmodule/modes/gcm.c:785:18: error: writing 1 byte into a
+    // region of size 0 [-Werror=stringop-overflow=]
+    // 785 | ctx->Xi[n] ^= c;
+    //     | ~~~~~~~~~~~^~~~
+    if ((n + len) > 16) {
+      abort();
+      return 0;
+    }
     while (len--) {
       uint8_t c = in[n];
       ctx->Xi[n] ^= c;