Re: [PATCH 03/15] mka: Incorrect conf_offset sent in MKPDU when in policy mode "SHOULD_SECURE"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Mar 12, 2018 at 01:21:48PM +0000, Michael Siedzik wrote:
> You are correct.  In the case where policy is set to SHOULD_ENCRYPT but MACsec capability is only MACSEC_CAP_INTEGRITY (i.e., integrity without confidentiality), my patch would have attempted to encrypt with offset 0.  The patch should have retained the macsec_capable comparison.  Something like this:
> 
>                 if ((kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF) &&
>                     (policy == SHOULD_ENCRYPT)) {
>                         kay->macsec_encrypt = TRUE;
>                         kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
>                 } else {  /* SHOULD_SECURE */
>                         kay->macsec_encrypt = FALSE;
>                         kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
>                 }

Thanks, applied.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux