From 052ecf91d2d2811b4d72cf9f066a988b904b6432 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Wed, 25 Jun 2014 22:12:32 +0200
Subject: [PATCH] aesp8-ppc.pl: rigid input verification in key setup.

---
 crypto/aes/asm/aesp8-ppc.pl | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl
index b660cd5b2c..3ee8979e76 100755
--- a/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/aes/asm/aesp8-ppc.pl
@@ -89,8 +89,22 @@ Lconsts:
 .${prefix}_set_encrypt_key:
 Lset_encrypt_key:
 	mflr		r11
-	lis		r0,0xfff0
 	$PUSH		r11,$LRSAVE($sp)
+
+	li		$ptr,-1
+	${UCMP}i	$inp,0
+	beq-		Lenc_key_abort		# if ($inp==0) return -1;
+	${UCMP}i	$out,0
+	beq-		Lenc_key_abort		# if ($out==0) return -1;
+	li		$ptr,-2
+	cmpwi		$bits,128
+	blt-		Lenc_key_abort
+	cmpwi		$bits,256
+	bgt-		Lenc_key_abort
+	andi.		r0,$bits,0x3f
+	bne-		Lenc_key_abort
+
+	lis		r0,0xfff0
 	mfspr		$vrsave,256
 	mtspr		256,r0
 
@@ -321,10 +335,12 @@ Ldone:
 	lvx		$in1,0,$inp		# redundant in aligned case
 	vsel		$in1,$outhead,$in1,$outmask
 	stvx		$in1,0,$inp
-	xor		r3,r3,r3		# return value
+	li		$ptr,0
 	mtspr		256,$vrsave
 	stw		$rounds,0($out)
 
+Lenc_key_abort:
+	mr		r3,$ptr
 	blr
 	.long		0
 	.byte		0,12,0x14,1,0,0,3,0
@@ -340,6 +356,9 @@ Ldone:
 	bl		Lset_encrypt_key
 	mtlr		r10
 
+	cmpwi		r3,0
+	bne-		Ldec_key_abort
+
 	slwi		$cnt,$rounds,4
 	subi		$inp,$out,240		# first round key
 	srwi		$rounds,$rounds,1
@@ -368,6 +387,7 @@ Ldeckey:
 	bdnz		Ldeckey
 
 	xor		r3,r3,r3		# return value
+Ldec_key_abort:
 	addi		$sp,$sp,$FRAME
 	blr
 	.long		0
-- 
2.25.1