On Tue, 2019-06-11 at 15:56 +0200, Ard Biesheuvel wrote: > > > > +++ b/net/mac80211/cfg.c > > > @@ -402,9 +402,6 @@ static int ieee80211_add_key(struct wiphy *wiphy, > > > struct net_device *dev, > > > case WLAN_CIPHER_SUITE_WEP40: > > > case WLAN_CIPHER_SUITE_TKIP: > > > case WLAN_CIPHER_SUITE_WEP104: > > > - if (IS_ERR(local->wep_tx_tfm)) > > > - return -EINVAL; > > > - break; > > > > This shouldn't be possible because in cfg80211 we should be checking > > that only ciphers are allowed that are in the cipher list (which we > > built with the "have_wep" thing before), but perhaps better to be safe > > here just in case we forgot something in cfg80211 - I could see e.g. the > > old WEXT compatibility code not checking too carefully... > > > > OK. I could make it a WARN_ONCE(fips_enabled) perhaps? Sounds good to me. johannes
