Skip to content

Commit 5160694

Browse files
committed
crypto: authencesn - Fix src offset when decrypting in-place
jira VULN-181881 cve-bf CVE-2026-31431 commit-author Herbert Xu <herbert@gondor.apana.org.au> commit 1f48ad3 The src SG list offset wasn't set properly when decrypting in-place, fix it. Reported-by: Wolfgang Walter <linux@stwm.de> Fixes: e024941 ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 1f48ad3) Signed-off-by: Sultan Alsawaf <sultan@ciq.com>
1 parent 0ddbd18 commit 5160694

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

crypto/authencesn.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -257,9 +257,11 @@ static int crypto_authenc_esn_decrypt_tail(struct aead_request *req,
257257

258258
decrypt:
259259

260-
if (src != dst)
261-
src = scatterwalk_ffwd(areq_ctx->src, src, assoclen);
262260
dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen);
261+
if (req->src == req->dst)
262+
src = dst;
263+
else
264+
src = scatterwalk_ffwd(areq_ctx->src, src, assoclen);
263265

264266
skcipher_request_set_tfm(skreq, ctx->enc);
265267
skcipher_request_set_callback(skreq, flags,

0 commit comments

Comments
 (0)