Re: [PATCH v3 2/7] net/mac80211: move WEP handling to ARC4 library interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 11 Jun 2019 at 15:55, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:
>
> On Tue, 2019-06-11 at 15:53 +0200, Ard Biesheuvel wrote:
> > On Tue, 11 Jun 2019 at 15:52, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:
> > >
> > > On Tue, 2019-06-11 at 15:47 +0200, Ard Biesheuvel wrote:
> > > >
> > > > +++ b/net/mac80211/mlme.c
> > > > @@ -5038,8 +5038,6 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
> > > >               auth_alg = WLAN_AUTH_OPEN;
> > > >               break;
> > > >       case NL80211_AUTHTYPE_SHARED_KEY:
> > > > -             if (IS_ERR(local->wep_tx_tfm))
> > > > -                     return -EOPNOTSUPP;
> > > >               auth_alg = WLAN_AUTH_SHARED_KEY;
> > >
> > > This bit is probably not right, we directly use the WEP functions for
> > > shared key authentication.
> > >
> >
> > OK. So we need to change this test to
> >
> > > > -             if (fips_enabled)
> > > > -                     return -EOPNOTSUPP;
>
> Right.
>
> > Does this also apply to
> >
> > diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
> > index a1973a26c7fc..9d8a8878a487 100644
> > --- a/net/mac80211/cfg.c
> > +++ b/net/mac80211/cfg.c
> > @@ -402,9 +402,6 @@ static int ieee80211_add_key(struct wiphy *wiphy,
> > struct net_device *dev,
> >   case WLAN_CIPHER_SUITE_WEP40:
> >   case WLAN_CIPHER_SUITE_TKIP:
> >   case WLAN_CIPHER_SUITE_WEP104:
> > -     if (IS_ERR(local->wep_tx_tfm))
> > -         return -EINVAL;
> > -     break;
>
> This shouldn't be possible because in cfg80211 we should be checking
> that only ciphers are allowed that are in the cipher list (which we
> built with the "have_wep" thing before), but perhaps better to be safe
> here just in case we forgot something in cfg80211 - I could see e.g. the
> old WEXT compatibility code not checking too carefully...
>

OK. I could make it a WARN_ONCE(fips_enabled) perhaps?



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux