Re: [CRYPTO]: Miscompiling sha256.c by gcc 3.2.3 and arch pentium3,4

From: Arnd Bergmann
Date: Fri Jan 30 2004 - 10:48:59 EST


James Morris wrote:
> Have you noticed if this happens for any of the other crypto algorithms?

Just as a reminder, there is still an issue with extreme stack usage
of some of the algorithms, depending on compiler version and
flags.

The worst I have seen was around 16kb for twofish_setkey on 64 bit
s390 with gcc-3.1 (iirc). Right now, I get up to 4kb for this
function with gcc-3.3.1, which probably works but is definitely
a bad sign. I've seen this as well on other architectures (iirc
on x86_64), but not as severe.

Other algorithms are bad as well, these are the top scores from
Jörn Engel's checkstack.pl (s390 64bit 2.6.1 gcc-3.3.1):

0x00000a twofish_setkey: lay %r15,-3960(%r15)
0x0026fc aes_decrypt: lay %r15,-1168(%r15)
0x000c0c aes_encrypt: lay %r15,-1000(%r15)
0x00000e sha512_transform: lay %r15,-936(%r15)
0x001292 test_deflate: lay %r15,-784(%r15)
0x0028a2 cast6_decrypt: lay %r15,-696(%r15)
0x00d1a0 twofish_encrypt: lay %r15,-664(%r15)
0x001b34 setkey: lay %r15,-656(%r15)
0x00e2b0 twofish_decrypt: lay %r15,-624(%r15)
0x000c9e cast6_encrypt: lay %r15,-600(%r15)
0x000014 sha1_transform: lay %r15,-504(%r15)
^
This is the stack size --------|

Arnd <><

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/