6.18-stable patches

added patches:
	crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch

diff --git a/queue-6.18/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch b/queue-6.18/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch
new file mode 100644 (file)
index 0000000..858e4ef
--- /dev/null
+++ b/queue-6.18/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch
@@ -0,0 +1,60 @@
+From 5db6ef9847717329f12c5ea8aba7e9f588a980c0 Mon Sep 17 00:00:00 2001
+From: Yucheng Lu <kanolyc@gmail.com>
+Date: Wed, 22 Apr 2026 21:45:04 +0800
+Subject: crypto: authencesn - reject short ahash digests during instance creation
+
+From: Yucheng Lu <kanolyc@gmail.com>
+
+commit 5db6ef9847717329f12c5ea8aba7e9f588a980c0 upstream.
+
+authencesn requires either a zero authsize or an authsize of at least
+4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of
+high-order sequence number data at the end of the authenticated data.
+
+While crypto_authenc_esn_setauthsize() already rejects explicit
+non-zero authsizes in the range 1..3, crypto_authenc_esn_create()
+still copied auth->digestsize into inst->alg.maxauthsize without
+validating it.  The AEAD core then initialized the tfm's default
+authsize from that value.
+
+As a result, selecting an ahash with digest size 1..3, such as
+cbcmac(cipher_null), exposed authencesn instances whose default
+authsize was invalid even though setauthsize() would have rejected the
+same value.  AF_ALG could then trigger the ESN tail handling with a
+too-short tag and hit an out-of-bounds access.
+
+Reject authencesn instances whose ahash digest size is in the invalid
+non-zero range 1..3 so that no tfm can inherit an unsupported default
+authsize.
+
+Fixes: f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver")
+Cc: stable@kernel.org
+Reported-by: Yifan Wu <yifanwucs@gmail.com>
+Reported-by: Juefei Pu <tomapufckgml@gmail.com>
+Co-developed-by: Yuan Tan <yuantan098@gmail.com>
+Signed-off-by: Yuan Tan <yuantan098@gmail.com>
+Suggested-by: Xin Liu <bird@lzu.edu.cn>
+Tested-by: Yuhang Zheng <z1652074432@gmail.com>
+Reviewed-by: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Yucheng Lu <kanolyc@gmail.com>
+Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/authencesn.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/crypto/authencesn.c
++++ b/crypto/authencesn.c
+@@ -390,6 +390,11 @@ static int crypto_authenc_esn_create(str
+       auth = crypto_spawn_ahash_alg(&ctx->auth);
+       auth_base = &auth->base;
+ 
++      if (auth->digestsize > 0 && auth->digestsize < 4) {
++              err = -EINVAL;
++              goto err_free_inst;
++      }
++
+       err = crypto_grab_skcipher(&ctx->enc, aead_crypto_instance(inst),
+                                  crypto_attr_alg_name(tb[2]), 0, mask);
+       if (err)

diff --git a/queue-6.18/series b/queue-6.18/series
index c76482b99e8999331e338acbccdd8df781ee6298..a38d0fd266e9709ef2f9123ee8507f09ffbc554e 100644 (file)
--- a/queue-6.18/series
+++ b/queue-6.18/series
@@ -260,3 +260,4 @@ iio-frequency-admv1013-fix-null-pointer-dereference-on-str.patch
 net-qrtr-ns-limit-the-maximum-server-registration-per-node.patch
 net-qrtr-ns-limit-the-maximum-number-of-lookups.patch
 net-qrtr-ns-limit-the-total-number-of-nodes.patch
+crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch