{"id":2231248,"url":"http://patchwork.ozlabs.org/api/patches/2231248/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/03a7c4efef3fce974ec8106bc0cdd5995a99f45e.1777549821.git.massimiliano.pellizzer@canonical.com/","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<03a7c4efef3fce974ec8106bc0cdd5995a99f45e.1777549821.git.massimiliano.pellizzer@canonical.com>","list_archive_url":null,"date":"2026-04-30T12:30:16","name":"[SRU,Q,3/5] crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"c4c03c697c00b4effa3b90aac8d78ccc077ac248","submitter":{"id":89057,"url":"http://patchwork.ozlabs.org/api/people/89057/?format=json","name":"Massimiliano Pellizzer","email":"massimiliano.pellizzer@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/03a7c4efef3fce974ec8106bc0cdd5995a99f45e.1777549821.git.massimiliano.pellizzer@canonical.com/mbox/","series":[{"id":502297,"url":"http://patchwork.ozlabs.org/api/series/502297/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=502297","date":"2026-04-30T12:30:16","name":"CVE-2026-31431","version":1,"mbox":"http://patchwork.ozlabs.org/series/502297/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231248/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231248/checks/","tags":{},"related":[],"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=d4bjYzz+;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5tnx71Mdz23gx\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 22:31:33 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wIQYA-0004XV-Al; Thu, 30 Apr 2026 12:31:26 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <massimiliano.pellizzer@canonical.com>)\n id 1wIQY4-0004ON-OZ\n for kernel-team@lists.ubuntu.com; Thu, 30 Apr 2026 12:31:20 +0000","from mail-wm1-f70.google.com (mail-wm1-f70.google.com\n [209.85.128.70])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 93E343F9C1\n for <kernel-team@lists.ubuntu.com>; Thu, 30 Apr 2026 12:31:20 +0000 (UTC)","by mail-wm1-f70.google.com with SMTP id\n 5b1f17b1804b1-488c0120047so6994225e9.0\n for <kernel-team@lists.ubuntu.com>; Thu, 30 Apr 2026 05:31:20 -0700 (PDT)","from tuxedo-infinitybook.ts.net\n (net-93-71-66-38.cust.vodafonedsl.it. [93.71.66.38])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-48a81ed6bafsm103695005e9.2.2026.04.30.05.31.18\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 30 Apr 2026 05:31:18 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1777552280;\n bh=LhiRXjvSawfT7FR86R2mKm2XNWoTtLbRfOb+VFFm268=;\n h=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n MIME-Version;\n b=d4bjYzz+GgcCWcQObUaMJDWDnA7rs820YTQGglOEOU5tdXjNfNG2JhR76JvxJkNuQ\n OUpbJkJLHvQs8aaJcf2zs0COT16491sDj9MRz6fY4y6YxgTTfhPSrg9uFA9ZeRPFRC\n flw08eWu9FPu3RuY4gFi5N7pptuNe+R7yDMyAW2W2iGbJVoBVU6hEjy/J9Ivd6fPpl\n 3WYOn/PFQ6rd/+Kq0tvVkvOgr+F/cVFlc4CGtcSa0T2EtMvTvjzeNOpIVCbo2zfsbU\n EmhRCqiwdApHbSKvPtMz+ZxhKPnu3HamyS2CF//3PdF05txYudHOXCum21VdOMx1IR\n 9MQzOulp9iwtgfPhZGNvrEnWViLhwY9keehsAdtcaIFqY75+X/cSU3X+NqxxdaQmsn\n 9Ohw3xY0IIRnUo47T5nEXdh/jRNS5rE0Qx8TDayb35rKDSsmDDyNJig9dLHk3KYu8q\n g7UchyJT/U4Eaxrjx8mZC7vVOQfYe/8kIlKp+A0j+QSsUxZu0WBPAfbKkPJIF3C0yL\n 73Qdv7FayKl8AZIRmfNWJqQyQuBYQsnRKVxgx+jsXqOoVlJTdtnF2P56lkiTawIg/+\n xRhuW7aLJHIeI/zlAftL898/EyRjOe0ITzSIFD+Rs93iOqJHen6oDgEFizx7EqYCxb\n 7s8h/Vvx6H8C1gCSQ9+mqBgA=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777552280; x=1778157080;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=LhiRXjvSawfT7FR86R2mKm2XNWoTtLbRfOb+VFFm268=;\n b=Ilz1r57LtMU2ynvyYkrgkiNB5nuqke8PQKSydXfYf1LkVSwUXb+WYvkzHf5Ds1eatF\n vVJG+tmeOFMYV6tbgzMkqvCXVDpOwBEAzCuxK5BDZvjwjhaOMwSojyJQYeX3GRSO+SFR\n L9sa8FAo7bxwHuxOsZfZmx0kC8/H5HEbzQC0iTV8EopdXuPV8StgwqrI76rRzKx278gH\n S/+do1rLAalXR4pdCp0Oh1VHWHy7+DwPNqtU+PJt8LkS0oLChYdWi4Y7OSTPmmVEB9C2\n PuT1O+x2ty+6dI7LBleZpUxOf/mcDpp4LHtjVrNem7fREVTrUW8rzOZSOO5O4/L+jd/I\n RqrA==","X-Gm-Message-State":"AOJu0Yw1kFHPQ0+IJJdOUQQp7K8dliScy2R+D9X94agLW+etUSXsELxp\n Oyc3Fv+u4LAsqJ9c5Lf/i1i7B3/UUI0YRM/eWKcIGDP918+qk4l80vU5AqJHHgRUNxsyOt5DI25\n gL5HzGnH9oBgerg6vx16dqV7g+UxcUZrW3S+W1gU594+qB69Erj8gD34bAcp40M+X31CvbansTd\n QCTgVHhnT9LNERYQ==","X-Gm-Gg":"AeBDievG4hEteJE7XKGW15MtAYKWTCIJHrhihLMH293D+R0ZijRgsdq5hVPdzn/qipy\n 3PZ2EvnWxnh/fAWeYQ/+ffDC8Wp5Wi1KKieingmH4UXECK0E2u4+1FIbMss0/B05gsVirAJjP+X\n 7mNsU+8U3V0vwUsbfGonxD+6rXHnDKvz/i0YlQQegTLwJOym1YBGfqxz7/ahN+WU1Bs2xeRUzAP\n U4x4XQD8p2q+j7hTpHhXe40E7mHAVoPjHsyQM1ZoyZ45ouQHbwhs7cUmQreUrDwe8VHvGVmYYjd\n rJKPwIEmpe/tTGoutdFveBzbjzDUcWR/wZlfmmUwJM0Gcp3RE0nfqWj1RQk6j2G7YdXRZMAOO32\n wWBJzK19xSt/2oBRdEWHa7bJl8bwtoe3VMPNYor/B1WjNejyXl8UZ9ZX/e6aclVs21N1j/NxCh8\n cvp4asr1E1s3qz6dGG3Q6QloytC2tiH9sGgRnNHCtHHvR/I49rzG60J5qFxhi+JXMOTjBLPMZpe\n RRsv3ahcumE9hY1naK8MpY=","X-Received":["by 2002:a05:600c:3b8c:b0:485:3ff1:d5ed with SMTP id\n 5b1f17b1804b1-48a83d6e1b2mr49193765e9.1.1777552279656;\n Thu, 30 Apr 2026 05:31:19 -0700 (PDT)","by 2002:a05:600c:3b8c:b0:485:3ff1:d5ed with SMTP id\n 5b1f17b1804b1-48a83d6e1b2mr49193155e9.1.1777552279082;\n Thu, 30 Apr 2026 05:31:19 -0700 (PDT)"],"From":"Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][Q][PATCH 3/5] crypto: authencesn - Do not place hiseq at end of\n dst for out-of-place decryption","Date":"Thu, 30 Apr 2026 14:30:16 +0200","Message-ID":"\n <03a7c4efef3fce974ec8106bc0cdd5995a99f45e.1777549821.git.massimiliano.pellizzer@canonical.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<cover.1777549821.git.massimiliano.pellizzer@canonical.com>","References":"\n <177754965576.503496.12142658280614619991@tuxedo-infinitybook.public>\n <cover.1777549821.git.massimiliano.pellizzer@canonical.com>","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"From: Herbert Xu <herbert@gondor.apana.org.au>\n\nWhen decrypting data that is not in-place (src != dst), there is\nno need to save the high-order sequence bits in dst as it could\nsimply be re-copied from the source.\n\nHowever, the data to be hashed need to be rearranged accordingly.\n\nReported-by: Taeyang Lee <0wn@theori.io>\nFixes: 104880a6b470 (\"crypto: authencesn - Convert to new AEAD interface\")\nSigned-off-by: Herbert Xu <herbert@gondor.apana.org.au>\n\nThanks,\n\nSigned-off-by: Herbert Xu <herbert@gondor.apana.org.au>\n(cherry picked from commit e02494114ebf7c8b42777c6cd6982f113bfdbec7)\nCVE-2026-31431\nSigned-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>\n---\n crypto/authencesn.c | 48 +++++++++++++++++++++++++++------------------\n 1 file changed, 29 insertions(+), 19 deletions(-)","diff":"diff --git a/crypto/authencesn.c b/crypto/authencesn.c\nindex 542a978663b9..c0a01d738d9b 100644\n--- a/crypto/authencesn.c\n+++ b/crypto/authencesn.c\n@@ -207,6 +207,7 @@ static int crypto_authenc_esn_decrypt_tail(struct aead_request *req,\n \tu8 *ohash = areq_ctx->tail;\n \tunsigned int cryptlen = req->cryptlen - authsize;\n \tunsigned int assoclen = req->assoclen;\n+\tstruct scatterlist *src = req->src;\n \tstruct scatterlist *dst = req->dst;\n \tu8 *ihash = ohash + crypto_ahash_digestsize(auth);\n \tu32 tmp[2];\n@@ -214,23 +215,27 @@ static int crypto_authenc_esn_decrypt_tail(struct aead_request *req,\n \tif (!authsize)\n \t\tgoto decrypt;\n \n-\t/* Move high-order bits of sequence number back. */\n-\tscatterwalk_map_and_copy(tmp, dst, 4, 4, 0);\n-\tscatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0);\n-\tscatterwalk_map_and_copy(tmp, dst, 0, 8, 1);\n+\tif (src == dst) {\n+\t\t/* Move high-order bits of sequence number back. */\n+\t\tscatterwalk_map_and_copy(tmp, dst, 4, 4, 0);\n+\t\tscatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0);\n+\t\tscatterwalk_map_and_copy(tmp, dst, 0, 8, 1);\n+\t} else\n+\t\tmemcpy_sglist(dst, src, assoclen);\n \n \tif (crypto_memneq(ihash, ohash, authsize))\n \t\treturn -EBADMSG;\n \n decrypt:\n \n-\tsg_init_table(areq_ctx->dst, 2);\n+\tif (src != dst)\n+\t\tsrc = scatterwalk_ffwd(areq_ctx->src, src, assoclen);\n \tdst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen);\n \n \tskcipher_request_set_tfm(skreq, ctx->enc);\n \tskcipher_request_set_callback(skreq, flags,\n \t\t\t\t      req->base.complete, req->base.data);\n-\tskcipher_request_set_crypt(skreq, dst, dst, cryptlen, req->iv);\n+\tskcipher_request_set_crypt(skreq, src, dst, cryptlen, req->iv);\n \n \treturn crypto_skcipher_decrypt(skreq);\n }\n@@ -255,6 +260,7 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req)\n \tunsigned int assoclen = req->assoclen;\n \tunsigned int cryptlen = req->cryptlen;\n \tu8 *ihash = ohash + crypto_ahash_digestsize(auth);\n+\tstruct scatterlist *src = req->src;\n \tstruct scatterlist *dst = req->dst;\n \tu32 tmp[2];\n \tint err;\n@@ -262,24 +268,28 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req)\n \tif (assoclen < 8)\n \t\treturn -EINVAL;\n \n-\tcryptlen -= authsize;\n-\n-\tif (req->src != dst)\n-\t\tmemcpy_sglist(dst, req->src, assoclen + cryptlen);\n+\tif (!authsize)\n+\t\tgoto tail;\n \n+\tcryptlen -= authsize;\n \tscatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,\n \t\t\t\t authsize, 0);\n \n-\tif (!authsize)\n-\t\tgoto tail;\n-\n \t/* Move high-order bits of sequence number to the end. */\n-\tscatterwalk_map_and_copy(tmp, dst, 0, 8, 0);\n-\tscatterwalk_map_and_copy(tmp, dst, 4, 4, 1);\n-\tscatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 1);\n-\n-\tsg_init_table(areq_ctx->dst, 2);\n-\tdst = scatterwalk_ffwd(areq_ctx->dst, dst, 4);\n+\tscatterwalk_map_and_copy(tmp, src, 0, 8, 0);\n+\tif (src == dst) {\n+\t\tscatterwalk_map_and_copy(tmp, dst, 4, 4, 1);\n+\t\tscatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 1);\n+\t\tdst = scatterwalk_ffwd(areq_ctx->dst, dst, 4);\n+\t} else {\n+\t\tscatterwalk_map_and_copy(tmp, dst, 0, 4, 1);\n+\t\tscatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen - 4, 4, 1);\n+\n+\t\tsrc = scatterwalk_ffwd(areq_ctx->src, src, 8);\n+\t\tdst = scatterwalk_ffwd(areq_ctx->dst, dst, 4);\n+\t\tmemcpy_sglist(dst, src, assoclen + cryptlen - 8);\n+\t\tdst = req->dst;\n+\t}\n \n \tahash_request_set_tfm(ahreq, auth);\n \tahash_request_set_crypt(ahreq, dst, ohash, assoclen + cryptlen);\n","prefixes":["SRU","Q","3/5"]}