From: Greg Kroah-Hartman Date: Mon, 4 May 2026 12:21:10 +0000 (+0200) Subject: 6.18-stable patches X-Git-Tag: v6.12.86~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cbf205230e8f3735d08c5d5b0d5f295706112ce0;p=thirdparty%2Fkernel%2Fstable-queue.git 6.18-stable patches added patches: crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch --- diff --git a/queue-6.18/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch b/queue-6.18/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch new file mode 100644 index 0000000000..858e4ef904 --- /dev/null +++ b/queue-6.18/crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch @@ -0,0 +1,60 @@ +From 5db6ef9847717329f12c5ea8aba7e9f588a980c0 Mon Sep 17 00:00:00 2001 +From: Yucheng Lu +Date: Wed, 22 Apr 2026 21:45:04 +0800 +Subject: crypto: authencesn - reject short ahash digests during instance creation + +From: Yucheng Lu + +commit 5db6ef9847717329f12c5ea8aba7e9f588a980c0 upstream. + +authencesn requires either a zero authsize or an authsize of at least +4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of +high-order sequence number data at the end of the authenticated data. + +While crypto_authenc_esn_setauthsize() already rejects explicit +non-zero authsizes in the range 1..3, crypto_authenc_esn_create() +still copied auth->digestsize into inst->alg.maxauthsize without +validating it. The AEAD core then initialized the tfm's default +authsize from that value. + +As a result, selecting an ahash with digest size 1..3, such as +cbcmac(cipher_null), exposed authencesn instances whose default +authsize was invalid even though setauthsize() would have rejected the +same value. AF_ALG could then trigger the ESN tail handling with a +too-short tag and hit an out-of-bounds access. + +Reject authencesn instances whose ahash digest size is in the invalid +non-zero range 1..3 so that no tfm can inherit an unsupported default +authsize. + +Fixes: f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver") +Cc: stable@kernel.org +Reported-by: Yifan Wu +Reported-by: Juefei Pu +Co-developed-by: Yuan Tan +Signed-off-by: Yuan Tan +Suggested-by: Xin Liu +Tested-by: Yuhang Zheng +Reviewed-by: Eric Biggers +Signed-off-by: Yucheng Lu +Signed-off-by: Ren Wei +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + crypto/authencesn.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/crypto/authencesn.c ++++ b/crypto/authencesn.c +@@ -390,6 +390,11 @@ static int crypto_authenc_esn_create(str + auth = crypto_spawn_ahash_alg(&ctx->auth); + auth_base = &auth->base; + ++ if (auth->digestsize > 0 && auth->digestsize < 4) { ++ err = -EINVAL; ++ goto err_free_inst; ++ } ++ + err = crypto_grab_skcipher(&ctx->enc, aead_crypto_instance(inst), + crypto_attr_alg_name(tb[2]), 0, mask); + if (err) diff --git a/queue-6.18/series b/queue-6.18/series index c76482b99e..a38d0fd266 100644 --- a/queue-6.18/series +++ b/queue-6.18/series @@ -260,3 +260,4 @@ iio-frequency-admv1013-fix-null-pointer-dereference-on-str.patch net-qrtr-ns-limit-the-maximum-server-registration-per-node.patch net-qrtr-ns-limit-the-maximum-number-of-lookups.patch net-qrtr-ns-limit-the-total-number-of-nodes.patch +crypto-authencesn-reject-short-ahash-digests-during-instance-creation.patch