From 81c1a15eb4a273eabedfcc28eb6afa4b50cb8a46 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 30 Sep 2025 16:08:34 +0800 Subject: crypto: zstd - Fix compression bug caused by truncation Use size_t for the return value of zstd_compress_cctx as otherwise negative errors will be truncated to a positive value. Reported-by: Han Xu Fixes: f5ad93ffb541 ("crypto: zstd - convert to acomp") Signed-off-by: Herbert Xu Reviewed-by: David Sterba Tested-by: Han Xu Signed-off-by: Herbert Xu --- crypto/zstd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto') diff --git a/crypto/zstd.c b/crypto/zstd.c index c2a19cb0879d..ac318d333b68 100644 --- a/crypto/zstd.c +++ b/crypto/zstd.c @@ -83,7 +83,7 @@ static void zstd_exit(struct crypto_acomp *acomp_tfm) static int zstd_compress_one(struct acomp_req *req, struct zstd_ctx *ctx, const void *src, void *dst, unsigned int *dlen) { - unsigned int out_len; + size_t out_len; ctx->cctx = zstd_init_cctx(ctx->wksp, ctx->wksp_size); if (!ctx->cctx) -- cgit v1.2.3 From ca1354f7999d30cf565e810b56cba688927107c6 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 6 Oct 2025 10:07:53 +0800 Subject: Revert "crypto: testmgr - desupport SHA-1 for FIPS 140" This reverts commit 9d50a25eeb05c45fef46120f4527885a14c84fb2. Reported-by: Jiri Slaby Reported-by: Jon Kohler Link: https://lore.kernel.org/all/05b7ef65-37bb-4391-9ec9-c382d51bae4d@kernel.org/ Link: https://lore.kernel.org/all/26F8FCC9-B448-4A89-81DF-6BAADA03E174@nutanix.com/ Signed-off-by: Herbert Xu --- crypto/testmgr.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'crypto') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index ee33ba21ae2b..3e284706152a 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4186,6 +4186,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "authenc(hmac(sha1),cbc(aes))", .generic_driver = "authenc(hmac-sha1-lib,cbc(aes-generic))", .test = alg_test_aead, + .fips_allowed = 1, .suite = { .aead = __VECS(hmac_sha1_aes_cbc_tv_temp) } @@ -4206,6 +4207,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha1),ctr(aes))", .test = alg_test_null, + .fips_allowed = 1, }, { .alg = "authenc(hmac(sha1),ecb(cipher_null))", .generic_driver = "authenc(hmac-sha1-lib,ecb-cipher_null)", @@ -4216,6 +4218,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", .test = alg_test_null, + .fips_allowed = 1, }, { .alg = "authenc(hmac(sha224),cbc(des))", .generic_driver = "authenc(hmac-sha224-lib,cbc(des-generic))", @@ -5078,6 +5081,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "hmac(sha1)", .generic_driver = "hmac-sha1-lib", .test = alg_test_hash, + .fips_allowed = 1, .suite = { .hash = __VECS(hmac_sha1_tv_template) } @@ -5448,6 +5452,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "sha1", .generic_driver = "sha1-lib", .test = alg_test_hash, + .fips_allowed = 1, .suite = { .hash = __VECS(sha1_tv_template) } -- cgit v1.2.3 From c0d36727bf39bb16ef0a67ed608e279535ebf0da Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 2 Oct 2025 17:45:39 +0800 Subject: crypto: rng - Ensure set_ent is always present Ensure that set_ent is always set since only drbg provides it. Fixes: 77ebdabe8de7 ("crypto: af_alg - add extra parameters for DRBG interface") Reported-by: Yiqi Sun Signed-off-by: Herbert Xu --- crypto/rng.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'crypto') diff --git a/crypto/rng.c b/crypto/rng.c index b8ae6ebc091d..ee1768c5a400 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -168,6 +168,11 @@ out: EXPORT_SYMBOL_GPL(crypto_del_default_rng); #endif +static void rng_default_set_ent(struct crypto_rng *tfm, const u8 *data, + unsigned int len) +{ +} + int crypto_register_rng(struct rng_alg *alg) { struct crypto_alg *base = &alg->base; @@ -179,6 +184,9 @@ int crypto_register_rng(struct rng_alg *alg) base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; base->cra_flags |= CRYPTO_ALG_TYPE_RNG; + if (!alg->set_ent) + alg->set_ent = rng_default_set_ent; + return crypto_register_alg(base); } EXPORT_SYMBOL_GPL(crypto_register_rng); -- cgit v1.2.3