From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 10 Oct 2025 11:01:23 +0000 (+0200)
Subject: 6.17-stable patches
X-Git-Tag: v6.6.111~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9526a221686fe0cbd54c0c955f307c9bdaacd10a;p=thirdparty%2Fkernel%2Fstable-queue.git

6.17-stable patches

added patches:
	crypto-rng-ensure-set_ent-is-always-present.patch
	crypto-zstd-fix-compression-bug-caused-by-truncation.patch
	revert-crypto-testmgr-desupport-sha-1-for-fips-140.patch
---

diff --git a/queue-6.17/crypto-rng-ensure-set_ent-is-always-present.patch b/queue-6.17/crypto-rng-ensure-set_ent-is-always-present.patch
new file mode 100644
index 0000000000..3b5a7ee1ae
--- /dev/null
+++ b/queue-6.17/crypto-rng-ensure-set_ent-is-always-present.patch
@@ -0,0 +1,43 @@
+From c0d36727bf39bb16ef0a67ed608e279535ebf0da Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 2 Oct 2025 17:45:39 +0800
+Subject: crypto: rng - Ensure set_ent is always present
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit c0d36727bf39bb16ef0a67ed608e279535ebf0da upstream.
+
+Ensure that set_ent is always set since only drbg provides it.
+
+Fixes: 77ebdabe8de7 ("crypto: af_alg - add extra parameters for DRBG interface")
+Reported-by: Yiqi Sun <sunyiqixm@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/rng.c |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/crypto/rng.c
++++ b/crypto/rng.c
+@@ -168,6 +168,11 @@ out:
+ EXPORT_SYMBOL_GPL(crypto_del_default_rng);
+ #endif
+ 
++static void rng_default_set_ent(struct crypto_rng *tfm, const u8 *data,
++				unsigned int len)
++{
++}
++
+ int crypto_register_rng(struct rng_alg *alg)
+ {
+ 	struct crypto_alg *base = &alg->base;
+@@ -179,6 +184,9 @@ int crypto_register_rng(struct rng_alg *
+ 	base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
+ 	base->cra_flags |= CRYPTO_ALG_TYPE_RNG;
+ 
++	if (!alg->set_ent)
++		alg->set_ent = rng_default_set_ent;
++
+ 	return crypto_register_alg(base);
+ }
+ EXPORT_SYMBOL_GPL(crypto_register_rng);
diff --git a/queue-6.17/crypto-zstd-fix-compression-bug-caused-by-truncation.patch b/queue-6.17/crypto-zstd-fix-compression-bug-caused-by-truncation.patch
new file mode 100644
index 0000000000..7b63cefdd7
--- /dev/null
+++ b/queue-6.17/crypto-zstd-fix-compression-bug-caused-by-truncation.patch
@@ -0,0 +1,39 @@
+From 81c1a15eb4a273eabedfcc28eb6afa4b50cb8a46 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 30 Sep 2025 16:08:34 +0800
+Subject: crypto: zstd - Fix compression bug caused by truncation
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 81c1a15eb4a273eabedfcc28eb6afa4b50cb8a46 upstream.
+
+Use size_t for the return value of zstd_compress_cctx as otherwise
+negative errors will be truncated to a positive value.
+
+Reported-by: Han Xu <han.xu@nxp.com>
+Fixes: f5ad93ffb541 ("crypto: zstd - convert to acomp")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Tested-by: Han Xu <han.xu@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/zstd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/zstd.c b/crypto/zstd.c
+index c2a19cb0879d..ac318d333b68 100644
+--- a/crypto/zstd.c
++++ b/crypto/zstd.c
+@@ -83,7 +83,7 @@ static void zstd_exit(struct crypto_acomp *acomp_tfm)
+ static int zstd_compress_one(struct acomp_req *req, struct zstd_ctx *ctx,
+ 			     const void *src, void *dst, unsigned int *dlen)
+ {
+-	unsigned int out_len;
++	size_t out_len;
+ 
+ 	ctx->cctx = zstd_init_cctx(ctx->wksp, ctx->wksp_size);
+ 	if (!ctx->cctx)
+-- 
+2.51.0
+
diff --git a/queue-6.17/revert-crypto-testmgr-desupport-sha-1-for-fips-140.patch b/queue-6.17/revert-crypto-testmgr-desupport-sha-1-for-fips-140.patch
new file mode 100644
index 0000000000..916f1cd169
--- /dev/null
+++ b/queue-6.17/revert-crypto-testmgr-desupport-sha-1-for-fips-140.patch
@@ -0,0 +1,68 @@
+From ca1354f7999d30cf565e810b56cba688927107c6 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Mon, 6 Oct 2025 10:07:53 +0800
+Subject: Revert "crypto: testmgr - desupport SHA-1 for FIPS 140"
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit ca1354f7999d30cf565e810b56cba688927107c6 upstream.
+
+This reverts commit 9d50a25eeb05c45fef46120f4527885a14c84fb2.
+
+Reported-by: Jiri Slaby <jirislaby@kernel.org>
+Reported-by: Jon Kohler <jon@nutanix.com>
+Link: https://lore.kernel.org/all/05b7ef65-37bb-4391-9ec9-c382d51bae4d@kernel.org/
+Link: https://lore.kernel.org/all/26F8FCC9-B448-4A89-81DF-6BAADA03E174@nutanix.com/
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/testmgr.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/crypto/testmgr.c b/crypto/testmgr.c
+index ee33ba21ae2b..3e284706152a 100644
+--- a/crypto/testmgr.c
++++ b/crypto/testmgr.c
+@@ -4186,6 +4186,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 		.alg = "authenc(hmac(sha1),cbc(aes))",
+ 		.generic_driver = "authenc(hmac-sha1-lib,cbc(aes-generic))",
+ 		.test = alg_test_aead,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.aead = __VECS(hmac_sha1_aes_cbc_tv_temp)
+ 		}
+@@ -4206,6 +4207,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "authenc(hmac(sha1),ctr(aes))",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 	}, {
+ 		.alg = "authenc(hmac(sha1),ecb(cipher_null))",
+ 		.generic_driver = "authenc(hmac-sha1-lib,ecb-cipher_null)",
+@@ -4216,6 +4218,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
+ 		.test = alg_test_null,
++		.fips_allowed = 1,
+ 	}, {
+ 		.alg = "authenc(hmac(sha224),cbc(des))",
+ 		.generic_driver = "authenc(hmac-sha224-lib,cbc(des-generic))",
+@@ -5078,6 +5081,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 		.alg = "hmac(sha1)",
+ 		.generic_driver = "hmac-sha1-lib",
+ 		.test = alg_test_hash,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.hash = __VECS(hmac_sha1_tv_template)
+ 		}
+@@ -5448,6 +5452,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 		.alg = "sha1",
+ 		.generic_driver = "sha1-lib",
+ 		.test = alg_test_hash,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.hash = __VECS(sha1_tv_template)
+ 		}
+-- 
+2.51.0
+
diff --git a/queue-6.17/series b/queue-6.17/series
index ed4e7aa308..363a64f305 100644
--- a/queue-6.17/series
+++ b/queue-6.17/series
@@ -17,3 +17,6 @@ staging-axis-fifo-fix-tx-handling-on-copy_from_user-failure.patch
 staging-axis-fifo-flush-rx-fifo-on-read-errors.patch
 driver-core-faux-set-power.no_pm-for-faux-devices.patch
 driver-core-pm-set-power.no_callbacks-along-with-power.no_pm.patch
+revert-crypto-testmgr-desupport-sha-1-for-fips-140.patch
+crypto-zstd-fix-compression-bug-caused-by-truncation.patch
+crypto-rng-ensure-set_ent-is-always-present.patch