| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFzMBFzxY0oT_fWegtMZ6rFGdtfv1CBnUM7YxnMza75spw@mail.gmail.com>
Date: Sat, 14 Jan 2012 13:14:33 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
linux-crypto@...r.kernel.org, netdev@...r.kernel.org,
ken@...elabs.ch, Steffen Klassert <steffen.klassert@...unet.com>,
Eric Dumazet <eric.dumazet@...il.com>, security@...nel.org
Subject: Re: [PATCH 2/3] sha512: reduce stack usage to safe number
On Sat, Jan 14, 2012 at 12:41 PM, Alexey Dobriyan <adobriyan@...il.com> wrote:
>
> For the record, it generates "andl $15" here.
Ok. That means that gcc was able to prove that it never had any signed
values (which is certainly reasonable when you do things like "for
(i=0; i<X;i++)"). But it's better to simply not rely on gcc always
getting details like this right.
It's also better to use a model that simply doesn't even require you
as a programmer to have to even *think* about signed values.
It's easy to get "%" wrong by mistake (signed integer modulus didn't
even use to have well-defined semantics in traditional C), and there
is almost never any excuse for using it for powers-of-two.
> Here is updated patch which explicitly uses & (equally tested):
Thanks,
Linus
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists