Use hash transform function return type for passing burn stack depth

* cipher/gostr4311-94.c (transform): Return stack burn depth.
* cipher/hash-common.c (_gcry_md_block_write): Use stack burn depth
returned by 'hd->bwrite'.
* cipher/hash-common.h (_gcry_md_block_write_t): Change return type to
'unsigned int'.
(gry_md_block_ctx_t): Remove 'stack_burn'.
* cipher/md4.c (transform): Return stack burn depth.
(md4_final): Use stack burn depth from transform.
* cipher/md5.c (transform): Return stack burn depth.
(md5_final): Use stack burn depth from transform.
* cipher/rmd160.c (transform): Return stack burn depth.
(rmd160_final): Use stack burn depth from transform.
* cipher/sha1.c (transform): Return stack burn depth.
(sha1_final): Use stack burn depth from transform.
* cipher/sha256.c (transform): Return stack burn depth.
(sha256_final): Use stack burn depth from transform.
* cipher/sha512.c (__transform, transform): Return stack burn depth.
(sha512_final): Use stack burn depth from transform.
* cipher/stribog.c (transform64): Return stack burn depth.
* cipher/tiger.c (transform): Return stack burn depth.
(tiger_final): Use stack burn depth from transform.
--

Transform function might want different depth of stack burn depending on
detected CPU features (like in SHA-512 on ARM with NEON). So return
stack burn depth from transform functions as a request or a hint to
calling function.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>

1 files changed, 11 insertions, 16 deletions

diff --git a/cipher/sha512.c b/cipher/sha512.c
index ed63ae61..26cbe14d 100644
--- a/cipher/sha512.c
+++ b/cipher/sha512.c
@@ -63,7 +63,6 @@
 # endif
 #endif
 
-
 typedef struct
 {
   u64 h0, h1, h2, h3, h4, h5, h6, h7;
@@ -78,7 +77,7 @@ typedef struct
 #endif
 } SHA512_CONTEXT;
 
-static void
+static unsigned int
 transform (void *context, const unsigned char *data);
 
 static void
@@ -100,7 +99,6 @@ sha512_init (void *context)
   ctx->bctx.count = 0;
   ctx->bctx.blocksize = 128;
   ctx->bctx.bwrite = transform;
-  ctx->bctx.stack_burn = 256;
 
 #ifdef USE_ARM_NEON_ASM
   ctx->use_neon = (_gcry_get_hw_features () & HWF_ARM_NEON) != 0;
@@ -126,7 +124,6 @@ sha384_init (void *context)
   ctx->bctx.count = 0;
   ctx->bctx.blocksize = 128;
   ctx->bctx.bwrite = transform;
-  ctx->bctx.stack_burn = 256;
 
 #ifdef USE_ARM_NEON_ASM
   ctx->use_neon = (_gcry_get_hw_features () & HWF_ARM_NEON) != 0;
@@ -211,7 +208,7 @@ static const u64 k[] =
 /****************
  * Transform the message W which consists of 16 64-bit-words
  */
-static void
+static unsigned int
 __transform (SHA512_STATE *hd, const unsigned char *data)
 {
   u64 a, b, c, d, e, f, g, h;
@@ -489,6 +486,9 @@ __transform (SHA512_STATE *hd, const unsigned char *data)
   hd->h5 += f;
   hd->h6 += g;
   hd->h7 += h;
+
+  return /* burn_stack */ (8 + 16) * sizeof(u64) + sizeof(u32) +
+                          3 * sizeof(void*);
 }
 
 
@@ -499,7 +499,7 @@ void _gcry_sha512_transform_armv7_neon (SHA512_STATE *hd,
 #endif
 
 
-static void
+static unsigned int
 transform (void *context, const unsigned char *data)
 {
   SHA512_CONTEXT *ctx = context;
@@ -509,17 +509,13 @@ transform (void *context, const unsigned char *data)
     {
       _gcry_sha512_transform_armv7_neon(&ctx->state, data, k);
 
-      /* TODO: return burn stack to md_block_write */
-      /* return stack burn depth */
-      return /*(sizeof(void *) * 3)*/;
+      /* _gcry_sha512_transform_armv7_neon does not store sensitive data
+       * to stack.  */
+      return /* no burn_stack */ 0;
     }
 #endif
 
-  __transform (&ctx->state, data);
-
-  /* TODO: return burn stack to md_block_write */
-  /* return stack burn depth */
-  return /*256*/;
+  return __transform (&ctx->state, data) + 3 * sizeof(void*);
 }
 
 
@@ -587,8 +583,7 @@ sha512_final (void *context)
   hd->bctx.buf[125] = lsb >> 16;
   hd->bctx.buf[126] = lsb >> 8;
   hd->bctx.buf[127] = lsb;
-  transform (hd, hd->bctx.buf);
-  stack_burn_depth = hd->bctx.stack_burn;
+  stack_burn_depth = transform (hd, hd->bctx.buf);
   _gcry_burn_stack (stack_burn_depth);
 
   p = hd->bctx.buf;