SPARC T4 assembly pack: treat zero input length in CBC.

The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775

1 files changed, 6 insertions, 0 deletions

diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl
index 19dc1b3058..f5474a2d74 100644
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
@@ -35,6 +35,8 @@ $::code.=<<___;
 .align	32
 ${alg}${bits}_t4_cbc_encrypt:
 	save		%sp, -$::frame, %sp
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .L${bits}_cbc_enc_abort
 	sub		$inp, $out, $blk_init	! $inp!=$out
 ___
 $::code.=<<___ if (!$::evp);
@@ -123,6 +125,7 @@ $::code.=<<___ if (!$::evp);
 	std		%f2, [$ivec + 8]
 ___
 $::code.=<<___;
+.L${bits}_cbc_enc_abort:
 	ret
 	restore
 
@@ -249,6 +252,8 @@ $::code.=<<___;
 .align	32
 ${alg}${bits}_t4_cbc_decrypt:
 	save		%sp, -$::frame, %sp
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .L${bits}_cbc_dec_abort
 	sub		$inp, $out, $blk_init	! $inp!=$out
 ___
 $::code.=<<___ if (!$::evp);
@@ -341,6 +346,7 @@ $::code.=<<___ if (!$::evp);
 	std		%f14, [$ivec + 8]
 ___
 $::code.=<<___;
+.L${bits}_cbc_dec_abort:
 	ret
 	restore