6.6-stable patches

added patches:
	crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch

diff --git a/queue-6.6/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch b/queue-6.6/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch
new file mode 100644 (file)
index 0000000..b49e1b9
--- /dev/null
+++ b/queue-6.6/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch
@@ -0,0 +1,60 @@
+From 5db6ef9847717329f12c5ea8aba7e9f588a980c0 Mon Sep 17 00:00:00 2001
+From: Yucheng Lu <kanolyc@gmail.com>
+Date: Wed, 22 Apr 2026 21:45:04 +0800
+Subject: crypto: authencesn - reject short ahash digests during instance creation
+
+From: Yucheng Lu <kanolyc@gmail.com>
+
+commit 5db6ef9847717329f12c5ea8aba7e9f588a980c0 upstream.
+
+authencesn requires either a zero authsize or an authsize of at least
+4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of
+high-order sequence number data at the end of the authenticated data.
+
+While crypto_authenc_esn_setauthsize() already rejects explicit
+non-zero authsizes in the range 1..3, crypto_authenc_esn_create()
+still copied auth->digestsize into inst->alg.maxauthsize without
+validating it.  The AEAD core then initialized the tfm's default
+authsize from that value.
+
+As a result, selecting an ahash with digest size 1..3, such as
+cbcmac(cipher_null), exposed authencesn instances whose default
+authsize was invalid even though setauthsize() would have rejected the
+same value.  AF_ALG could then trigger the ESN tail handling with a
+too-short tag and hit an out-of-bounds access.
+
+Reject authencesn instances whose ahash digest size is in the invalid
+non-zero range 1..3 so that no tfm can inherit an unsupported default
+authsize.
+
+Fixes: f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver")
+Cc: stable@kernel.org
+Reported-by: Yifan Wu <yifanwucs@gmail.com>
+Reported-by: Juefei Pu <tomapufckgml@gmail.com>
+Co-developed-by: Yuan Tan <yuantan098@gmail.com>
+Signed-off-by: Yuan Tan <yuantan098@gmail.com>
+Suggested-by: Xin Liu <bird@lzu.edu.cn>
+Tested-by: Yuhang Zheng <z1652074432@gmail.com>
+Reviewed-by: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Yucheng Lu <kanolyc@gmail.com>
+Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/authencesn.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/crypto/authencesn.c
++++ b/crypto/authencesn.c
+@@ -397,6 +397,11 @@ static int crypto_authenc_esn_create(str
+       auth = crypto_spawn_ahash_alg(&ctx->auth);
+       auth_base = &auth->base;
+ 
++      if (auth->digestsize > 0 && auth->digestsize < 4) {
++              err = -EINVAL;
++              goto err_free_inst;
++      }
++
+       err = crypto_grab_skcipher(&ctx->enc, aead_crypto_instance(inst),
+                                  crypto_attr_alg_name(tb[2]), 0, mask);
+       if (err)

diff --git a/queue-6.6/series b/queue-6.6/series
index 4f79b5f12c2f4d07109010d299c48071f555fb96..f95694840e8f67759d2b9937143d2426c198ab10 100644 (file)
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -132,3 +132,4 @@ ntfs3-fix-integer-overflow-in-run_unpack-volume-boundary-check.patch
 rtmutex-use-waiter-task-instead-of-current-in-remove_waiter.patch
 scsi-sd-fix-missing-put_disk-when-device_add-disk_dev-fails.patch
 seg6-fix-seg6-lwtunnel-output-redirect-for-l2-reduced-encap-mode.patch
+crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch