SPARC T4 assembly pack: treat zero input length in CBC.

The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775

1 files changed, 15 insertions, 0 deletions

diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl
index 8a4c71009b..1dc60243d4 100644
--- a/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/des/asm/dest4-sparcv9.pl
@@ -94,6 +94,9 @@ $code.=<<___;
 .globl	des_t4_cbc_encrypt
 .align	32
 des_t4_cbc_encrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	nop
 	ld		[$ivec + 0], %f0	! load ivec
 	ld		[$ivec + 4], %f1
 
@@ -165,6 +168,9 @@ des_t4_cbc_encrypt:
 	st		%f0, [$ivec + 0]	! write out ivec
 	retl
 	st		%f1, [$ivec + 4]
+.Lcbc_abort:
+	retl
+	nop
 
 .align	16
 2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
@@ -189,6 +195,9 @@ des_t4_cbc_encrypt:
 .globl	des_t4_cbc_decrypt
 .align	32
 des_t4_cbc_decrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	nop
 	ld		[$ivec + 0], %f2	! load ivec
 	ld		[$ivec + 4], %f3
 
@@ -294,6 +303,9 @@ $code.=<<___;
 .globl	des_t4_ede3_cbc_encrypt
 .align	32
 des_t4_ede3_cbc_encrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	nop
 	ld		[$ivec + 0], %f0	! load ivec
 	ld		[$ivec + 4], %f1
 
@@ -443,6 +455,9 @@ des_t4_ede3_cbc_encrypt:
 .globl	des_t4_ede3_cbc_decrypt
 .align	32
 des_t4_ede3_cbc_decrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	nop
 	ld		[$ivec + 0], %f2	! load ivec
 	ld		[$ivec + 4], %f3