SPARC T4 assembly pack: treat zero input length in CBC.

The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775
(cherry picked from commit 5e44c144e649a53bae2724b34d908f6cb26b01ed)

diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl
index 8a4c71009b09665992f367f7e2bf50172b6abebc..1dc60243d4fbda91314f2d2dc33ca1eb0aa1b6c3 100644 (file)
--- a/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/des/asm/dest4-sparcv9.pl
@@ -94,6 +94,9 @@ $code.=<<___;
 .globl des_t4_cbc_encrypt
 .align 32
 des_t4_cbc_encrypt:
+       cmp             $len, 0
+       be,pn           $::size_t_cc, .Lcbc_abort
+       nop
        ld              [$ivec + 0], %f0        ! load ivec
        ld              [$ivec + 4], %f1
 
@@ -165,6 +168,9 @@ des_t4_cbc_encrypt:
        st              %f0, [$ivec + 0]        ! write out ivec
        retl
        st              %f1, [$ivec + 4]
+.Lcbc_abort:
+       retl
+       nop
 
 .align 16
 2:     ldxa            [$inp]0x82, %g4         ! avoid read-after-write hazard
@@ -189,6 +195,9 @@ des_t4_cbc_encrypt:
 .globl des_t4_cbc_decrypt
 .align 32
 des_t4_cbc_decrypt:
+       cmp             $len, 0
+       be,pn           $::size_t_cc, .Lcbc_abort
+       nop
        ld              [$ivec + 0], %f2        ! load ivec
        ld              [$ivec + 4], %f3
 
@@ -294,6 +303,9 @@ $code.=<<___;
 .globl des_t4_ede3_cbc_encrypt
 .align 32
 des_t4_ede3_cbc_encrypt:
+       cmp             $len, 0
+       be,pn           $::size_t_cc, .Lcbc_abort
+       nop
        ld              [$ivec + 0], %f0        ! load ivec
        ld              [$ivec + 4], %f1
 
@@ -443,6 +455,9 @@ des_t4_ede3_cbc_encrypt:
 .globl des_t4_ede3_cbc_decrypt
 .align 32
 des_t4_ede3_cbc_decrypt:
+       cmp             $len, 0
+       be,pn           $::size_t_cc, .Lcbc_abort
+       nop
        ld              [$ivec + 0], %f2        ! load ivec
        ld              [$ivec + 4], %f3
 

diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl
index 6b47bb1af45e8d232cbd090962ac391cb3d9090f..dc55b34e415bff776b5f06c33913c331d1ce91aa 100644 (file)
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
@@ -35,6 +35,8 @@ $::code.=<<___;
 .align 32
 ${alg}${bits}_t4_cbc_encrypt:
        save            %sp, -$::frame, %sp
+       cmp             $len, 0
+       be,pn           $::size_t_cc, .L${bits}_cbc_enc_abort
        sub             $inp, $out, $blk_init   ! $inp!=$out
 ___
 $::code.=<<___ if (!$::evp);
@@ -123,6 +125,7 @@ $::code.=<<___ if (!$::evp);
        std             %f2, [$ivec + 8]
 ___
 $::code.=<<___;
+.L${bits}_cbc_enc_abort:
        ret
        restore
 
@@ -249,6 +252,8 @@ $::code.=<<___;
 .align 32
 ${alg}${bits}_t4_cbc_decrypt:
        save            %sp, -$::frame, %sp
+       cmp             $len, 0
+       be,pn           $::size_t_cc, .L${bits}_cbc_dec_abort
        sub             $inp, $out, $blk_init   ! $inp!=$out
 ___
 $::code.=<<___ if (!$::evp);
@@ -341,6 +346,7 @@ $::code.=<<___ if (!$::evp);
        std             %f14, [$ivec + 8]
 ___
 $::code.=<<___;
+.L${bits}_cbc_dec_abort:
        ret
        restore