Dear congatec git server users, we are currently restructuring the ARM-NXP namespace. Some repositories are moved to a different location. The restructuring will be completed next Monday at the latest. We strongly recommend that you update the repositories after the restructuring. We apologize for the inconvenience.

Best regards, congatec ARM software team

  1. 20 Jul, 2012 2 commits
  2. 27 Apr, 2012 1 commit
  3. 20 Feb, 2012 3 commits
  4. 03 Feb, 2012 2 commits
    • Alexey Dobriyan's avatar
      crypto: sha512 - reduce stack usage to safe number · 3ce55640
      Alexey Dobriyan authored
      commit 51fc6dc8 upstream.
      
      For rounds 16--79, W[i] only depends on W[i - 2], W[i - 7], W[i - 15] and W[i - 16].
      Consequently, keeping all W[80] array on stack is unnecessary,
      only 16 values are really needed.
      
      Using W[16] instead of W[80] greatly reduces stack usage
      (~750 bytes to ~340 bytes on x86_64).
      
      Line by line explanation:
      * BLEND_OP
        array is "circular" now, all indexes have to be modulo 16.
        Round number is positive, so remainder operation should be
        without surprises.
      
      * initial full message scheduling is trimmed to first 16 values which
        come from data block, the rest is calculated before it's needed.
      
      * original loop body is unrolled version of new SHA512_0_15 and
        SHA512_16_79 macros, unrolling was done to not do explicit variable
        renaming. Otherwise it's the very same code after preprocessing.
        See sha1_transform() code which does the same trick.
      
      Patch survives in-tree crypto test and original bugreport test
      (ping flood with hmac(sha512).
      
      See FIPS 180-2 for SHA-512 definition
      http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdfSigned-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3ce55640
    • Alexey Dobriyan's avatar
      crypto: sha512 - make it work, undo percpu message schedule · 7ca6029f
      Alexey Dobriyan authored
      commit 84e31fdb upstream.
      
      commit f9e2bca6
      aka "crypto: sha512 - Move message schedule W[80] to static percpu area"
      created global message schedule area.
      
      If sha512_update will ever be entered twice, hash will be silently
      calculated incorrectly.
      
      Probably the easiest way to notice incorrect hashes being calculated is
      to run 2 ping floods over AH with hmac(sha512):
      
      	#!/usr/sbin/setkey -f
      	flush;
      	spdflush;
      	add IP1 IP2 ah 25 -A hmac-sha512 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025;
      	add IP2 IP1 ah 52 -A hmac-sha512 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000052;
      	spdadd IP1 IP2 any -P out ipsec ah/transport//require;
      	spdadd IP2 IP1 any -P in  ipsec ah/transport//require;
      
      XfrmInStateProtoError will start ticking with -EBADMSG being returned
      from ah_input(). This never happens with, say, hmac(sha1).
      
      With patch applied (on BOTH sides), XfrmInStateProtoError does not tick
      with multiple bidirectional ping flood streams like it doesn't tick
      with SHA-1.
      
      After this patch sha512_transform() will start using ~750 bytes of stack on x86_64.
      This is OK for simple loads, for something more heavy, stack reduction will be done
      separatedly.
      Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7ca6029f
  5. 11 Nov, 2011 1 commit
  6. 25 Oct, 2011 1 commit
    • Nick Bowler's avatar
      crypto: ghash - Avoid null pointer dereference if no key is set · bf9f0eb8
      Nick Bowler authored
      commit 7ed47b7d upstream.
      
      The ghash_update function passes a pointer to gf128mul_4k_lle which will
      be NULL if ghash_setkey is not called or if the most recent call to
      ghash_setkey failed to allocate memory.  This causes an oops.  Fix this
      up by returning an error code in the null case.
      
      This is trivially triggered from unprivileged userspace through the
      AF_ALG interface by simply writing to the socket without setting a key.
      
      The ghash_final function has a similar issue, but triggering it requires
      a memory allocation failure in ghash_setkey _after_ at least one
      successful call to ghash_update.
      
        BUG: unable to handle kernel NULL pointer dereference at 00000670
        IP: [<d88c92d4>] gf128mul_4k_lle+0x23/0x60 [gf128mul]
        *pde = 00000000
        Oops: 0000 [#1] PREEMPT SMP
        Modules linked in: ghash_generic gf128mul algif_hash af_alg nfs lockd nfs_acl sunrpc bridge ipv6 stp llc
      
        Pid: 1502, comm: hashatron Tainted: G        W   3.1.0-rc9-00085-ge9308cfd #32 Bochs Bochs
        EIP: 0060:[<d88c92d4>] EFLAGS: 00000202 CPU: 0
        EIP is at gf128mul_4k_lle+0x23/0x60 [gf128mul]
        EAX: d69db1f0 EBX: d6b8ddac ECX: 00000004 EDX: 00000000
        ESI: 00000670 EDI: d6b8ddac EBP: d6b8ddc8 ESP: d6b8dda4
         DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
        Process hashatron (pid: 1502, ti=d6b8c000 task=d6810000 task.ti=d6b8c000)
        Stack:
         00000000 d69db1f0 00000163 00000000 d6b8ddc8 c101a520 d69db1f0 d52aa000
         00000ff0 d6b8dde8 d88d310f d6b8a3f8 d52aa000 00001000 d88d502c d6b8ddfc
         00001000 d6b8ddf4 c11676ed d69db1e8 d6b8de24 c11679ad d52aa000 00000000
        Call Trace:
         [<c101a520>] ? kmap_atomic_prot+0x37/0xa6
         [<d88d310f>] ghash_update+0x85/0xbe [ghash_generic]
         [<c11676ed>] crypto_shash_update+0x18/0x1b
         [<c11679ad>] shash_ahash_update+0x22/0x36
         [<c11679cc>] shash_async_update+0xb/0xd
         [<d88ce0ba>] hash_sendpage+0xba/0xf2 [algif_hash]
         [<c121b24c>] kernel_sendpage+0x39/0x4e
         [<d88ce000>] ? 0xd88cdfff
         [<c121b298>] sock_sendpage+0x37/0x3e
         [<c121b261>] ? kernel_sendpage+0x4e/0x4e
         [<c10b4dbc>] pipe_to_sendpage+0x56/0x61
         [<c10b4e1f>] splice_from_pipe_feed+0x58/0xcd
         [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
         [<c10b51f5>] __splice_from_pipe+0x36/0x55
         [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
         [<c10b6383>] splice_from_pipe+0x51/0x64
         [<c10b63c2>] ? default_file_splice_write+0x2c/0x2c
         [<c10b63d5>] generic_splice_sendpage+0x13/0x15
         [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
         [<c10b527f>] do_splice_from+0x5d/0x67
         [<c10b6865>] sys_splice+0x2bf/0x363
         [<c129373b>] ? sysenter_exit+0xf/0x16
         [<c104dc1e>] ? trace_hardirqs_on_caller+0x10e/0x13f
         [<c129370c>] sysenter_do_call+0x12/0x32
        Code: 83 c4 0c 5b 5e 5f c9 c3 55 b9 04 00 00 00 89 e5 57 8d 7d e4 56 53 8d 5d e4 83 ec 18 89 45 e0 89 55 dc 0f b6 70 0f c1 e6 04 01 d6 <f3> a5 be 0f 00 00 00 4e 89 d8 e8 48 ff ff ff 8b 45 e0 89 da 0f
        EIP: [<d88c92d4>] gf128mul_4k_lle+0x23/0x60 [gf128mul] SS:ESP 0068:d6b8dda4
        CR2: 0000000000000670
        ---[ end trace 4eaa2a86a8e2da24 ]---
        note: hashatron[1502] exited with preempt_count 1
        BUG: scheduling while atomic: hashatron/1502/0x10000002
        INFO: lockdep is turned off.
        [...]
      Signed-off-by: default avatarNick Bowler <nbowler@elliptictech.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      bf9f0eb8
  7. 16 Aug, 2011 1 commit
  8. 29 Jun, 2011 1 commit
  9. 16 May, 2011 1 commit
  10. 04 May, 2011 2 commits
  11. 31 Mar, 2011 1 commit
  12. 23 Mar, 2011 1 commit
    • Jim Keniston's avatar
      zlib: slim down zlib_deflate() workspace when possible · 565d76cb
      Jim Keniston authored
      Instead of always creating a huge (268K) deflate_workspace with the
      maximum compression parameters (windowBits=15, memLevel=8), allow the
      caller to obtain a smaller workspace by specifying smaller parameter
      values.
      
      For example, when capturing oops and panic reports to a medium with
      limited capacity, such as NVRAM, compression may be the only way to
      capture the whole report.  In this case, a small workspace (24K works
      fine) is a win, whether you allocate the workspace when you need it (i.e.,
      during an oops or panic) or at boot time.
      
      I've verified that this patch works with all accepted values of windowBits
      (positive and negative), memLevel, and compression level.
      Signed-off-by: default avatarJim Keniston <jkenisto@us.ibm.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: David Miller <davem@davemloft.net>
      Cc: Chris Mason <chris.mason@oracle.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      565d76cb
  13. 14 Mar, 2011 1 commit
  14. 04 Mar, 2011 1 commit
  15. 17 Feb, 2011 1 commit
  16. 29 Jan, 2011 3 commits
  17. 04 Jan, 2011 2 commits
  18. 28 Dec, 2010 1 commit
  19. 21 Dec, 2010 1 commit
  20. 08 Dec, 2010 1 commit
  21. 02 Dec, 2010 1 commit
  22. 30 Nov, 2010 2 commits
    • Herbert Xu's avatar
      crypto: algif_skcipher - Handle unaligned receive buffer · bc97e57e
      Herbert Xu authored
      As it is if user-space passes through a receive buffer that's not
      aligned to to the cipher block size, we'll end up encrypting or
      decrypting a partial block which causes a spurious EINVAL to be
      returned.
      
      This patch fixes this by moving the partial block test after the
      af_alg_make_sg call.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      bc97e57e
    • Herbert Xu's avatar
      crypto: algif_skcipher - Fixed overflow when sndbuf is page aligned · 0f6bb83c
      Herbert Xu authored
      When sk_sndbuf is not a multiple of PAGE_SIZE, the limit tests
      in sendmsg fail as the limit variable becomes negative and we're
      using an unsigned comparison.
      
      The same thing can happen if sk_sndbuf is lowered after a sendmsg
      call.
      
      This patch fixes this by always taking the signed maximum of limit
      and 0 before we perform the comparison.
      
      It also rounds the value of sk_sndbuf down to a multiple of PAGE_SIZE
      so that we don't end up allocating a page only to use a small number
      of bytes in it because we're bound by sk_sndbuf.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      0f6bb83c
  23. 29 Nov, 2010 1 commit
  24. 28 Nov, 2010 1 commit
  25. 27 Nov, 2010 3 commits
  26. 26 Nov, 2010 1 commit
    • Herbert Xu's avatar
      crypto: algif_skcipher - User-space interface for skcipher operations · 8ff59090
      Herbert Xu authored
      This patch adds the af_alg plugin for symmetric key ciphers,
      corresponding to the ablkcipher kernel operation type.
      
      Keys can optionally be set through the setsockopt interface.
      
      Once a sendmsg call occurs without MSG_MORE no further writes
      may be made to the socket until all previous data has been read.
      
      IVs and and whether encryption/decryption is performed can be
      set through the setsockopt interface or as a control message
      to sendmsg.
      
      The interface is completely synchronous, all operations are
      carried out in recvmsg(2) and will complete prior to the system
      call returning.
      
      The splice(2) interface support reading the user-space data directly
      without copying (except that the Crypto API itself may copy the data
      if alignment is off).
      
      The recvmsg(2) interface supports directly writing to user-space
      without additional copying, i.e., the kernel crypto interface will
      receive the user-space address as its output SG list.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      8ff59090
  27. 19 Nov, 2010 2 commits
    • Herbert Xu's avatar
      crypto: algif_hash - User-space interface for hash operations · fe869cdb
      Herbert Xu authored
      This patch adds the af_alg plugin for hash, corresponding to
      the ahash kernel operation type.
      
      Keys can optionally be set through the setsockopt interface.
      
      Each sendmsg call will finalise the hash unless sent with a MSG_MORE
      flag.
      
      Partial hash states can be cloned using accept(2).
      
      The interface is completely synchronous, all operations will
      complete prior to the system call returning.
      
      Both sendmsg(2) and splice(2) support reading the user-space
      data directly without copying (except that the Crypto API itself
      may copy the data if alignment is off).
      
      For now only the splice(2) interface supports performing digest
      instead of init/update/final.  In future the sendmsg(2) interface
      will also be modified to use digest/finup where possible so that
      hardware that cannot return a partial hash state can still benefit
      from this interface.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Tested-by: default avatarMartin Willi <martin@strongswan.org>
      fe869cdb
    • Herbert Xu's avatar
      crypto: af_alg - User-space interface for Crypto API · 03c8efc1
      Herbert Xu authored
      This patch creates the backbone of the user-space interface for
      the Crypto API, through a new socket family AF_ALG.
      
      Each session corresponds to one or more connections obtained from
      that socket.  The number depends on the number of inputs/outputs
      of that particular type of operation.  For most types there will
      be a s ingle connection/file descriptor that is used for both input
      and output.  AEAD is one of the few that require two inputs.
      
      Each algorithm type will provide its own implementation that plugs
      into af_alg.  They're keyed using a string such as "skcipher" or
      "hash".
      
      IOW this patch only contains the boring bits that is required
      to hold everything together.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Tested-by: default avatarMartin Willi <martin@strongswan.org>
      03c8efc1
  28. 13 Nov, 2010 1 commit