On 1/16/12, Eric Dumazet eric.duma...@gmail.com wrote:
Le lundi 16 janvier 2012 à 09:56 +, David Laight a écrit :
Doesn't this badly overflow W[] ..
+#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \
+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \
...
+ for (i = 0; i
Doesn't this badly overflow W[] ..
+#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \
+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \
...
+ for (i = 0; i 16; i += 8) {
...
+ SHA512_0_15(i + 7, b, c, d, e, f, g, h, a);
+ }
David
--
To
On 1/16/12, David Laight david.lai...@aculab.com wrote:
Doesn't this badly overflow W[] ..
+#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \
+t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \
...
+for (i = 0; i 16; i += 8) {
...
+SHA512_0_15(i + 7, b, c, d, e,
Le lundi 16 janvier 2012 à 09:56 +, David Laight a écrit :
Doesn't this badly overflow W[] ..
+#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \
+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \
...
+ for (i = 0; i 16; i += 8) {
...
+ SHA512_0_15(i + 7, b,
For rounds 16--79, W[i] only depends on W[i - 2], W[i - 7], W[i - 15] and W[i -
16].
Consequently, keeping all W[80] array on stack is unnecessary,
only 16 values are really needed.
Using W[16] instead of W[80] greatly reduces stack usage
(~750 bytes to ~340 bytes on x86_64).
Line by line
On Sat, Jan 14, 2012 at 10:40 AM, Alexey Dobriyan adobri...@gmail.com wrote:
Line by line explanation:
* BLEND_OP
array is circular now, all indexes have to be modulo 16.
Round number is positive, so remainder operation should be
without surprises.
Don't use % except on unsigned values.
On Sat, Jan 14, 2012 at 11:08:45AM -0800, Linus Torvalds wrote:
On Sat, Jan 14, 2012 at 10:40 AM, Alexey Dobriyan adobri...@gmail.com wrote:
Line by line explanation:
* BLEND_OP
array is circular now, all indexes have to be modulo 16.
Round number is positive, so remainder operation
On Sat, Jan 14, 2012 at 12:41 PM, Alexey Dobriyan adobri...@gmail.com wrote:
For the record, it generates andl $15 here.
Ok. That means that gcc was able to prove that it never had any signed
values (which is certainly reasonable when you do things like for
(i=0; iX;i++)). But it's better to