summaryrefslogtreecommitdiff
path: root/crypto/camellia.c
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2012-01-14 21:40:57 +0300
committerHerbert Xu <herbert@gondor.apana.org.au>2012-01-15 12:39:17 +1100
commit51fc6dc8f948047364f7d42a4ed89b416c6cc0a3 (patch)
tree4d0fb9ce98440289ace6045e08ad0a6141fe52ea /crypto/camellia.c
parent84e31fdb7c797a7303e0cc295cb9bc8b73fb872d (diff)
downloadlwn-51fc6dc8f948047364f7d42a4ed89b416c6cc0a3.tar.gz
lwn-51fc6dc8f948047364f7d42a4ed89b416c6cc0a3.zip
crypto: sha512 - reduce stack usage to safe number
For rounds 16--79, W[i] only depends on W[i - 2], W[i - 7], W[i - 15] and W[i - 16]. Consequently, keeping all W[80] array on stack is unnecessary, only 16 values are really needed. Using W[16] instead of W[80] greatly reduces stack usage (~750 bytes to ~340 bytes on x86_64). Line by line explanation: * BLEND_OP array is "circular" now, all indexes have to be modulo 16. Round number is positive, so remainder operation should be without surprises. * initial full message scheduling is trimmed to first 16 values which come from data block, the rest is calculated before it's needed. * original loop body is unrolled version of new SHA512_0_15 and SHA512_16_79 macros, unrolling was done to not do explicit variable renaming. Otherwise it's the very same code after preprocessing. See sha1_transform() code which does the same trick. Patch survives in-tree crypto test and original bugreport test (ping flood with hmac(sha512). See FIPS 180-2 for SHA-512 definition http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/camellia.c')
0 files changed, 0 insertions, 0 deletions