Re: [PATCH v3 3/7] net/lib80211: move WEP handling to ARC4 library code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 11, 2019 at 03:47:46PM +0200, Ard Biesheuvel wrote:
> The crypto API abstraction is not very useful for invoking ciphers
> directly, especially in the case of arc4, which only has a generic
> implementation in C. So let's invoke the library code directly.
> 
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> ---
>  net/wireless/Kconfig              |  1 +
>  net/wireless/lib80211_crypt_wep.c | 49 +++++---------------
>  2 files changed, 13 insertions(+), 37 deletions(-)
> 
> diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
> index 6310ddede220..6d9c48cea07e 100644
> --- a/net/wireless/Kconfig
> +++ b/net/wireless/Kconfig
> @@ -213,6 +213,7 @@ config LIB80211
>  
>  config LIB80211_CRYPT_WEP
>  	tristate
> +	select CRYPTO_LIB_ARC4
>  
>  config LIB80211_CRYPT_CCMP
>  	tristate
> diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c
> index 20c1ad63ad44..9a4e4653fe64 100644
> --- a/net/wireless/lib80211_crypt_wep.c
> +++ b/net/wireless/lib80211_crypt_wep.c
> @@ -11,6 +11,7 @@
>   */
>  
>  #include <linux/err.h>
> +#include <linux/fips.h>
>  #include <linux/module.h>
>  #include <linux/init.h>
>  #include <linux/slab.h>
> @@ -22,7 +23,7 @@
>  
>  #include <net/lib80211.h>
>  
> -#include <linux/crypto.h>
> +#include <crypto/arc4.h>
>  #include <linux/crc32.h>
>  
>  MODULE_AUTHOR("Jouni Malinen");
> @@ -35,51 +36,30 @@ struct lib80211_wep_data {
>  	u8 key[WEP_KEY_LEN + 1];
>  	u8 key_len;
>  	u8 key_idx;
> -	struct crypto_cipher *tx_tfm;
> -	struct crypto_cipher *rx_tfm;
> +	struct arc4_ctx tx_ctx;
> +	struct arc4_ctx rx_ctx;
>  };
>  
>  static void *lib80211_wep_init(int keyidx)
>  {
>  	struct lib80211_wep_data *priv;
>  
> +	if (fips_enabled)
> +		return NULL;
> +
>  	priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
>  	if (priv == NULL)
> -		goto fail;
> +		return NULL;
>  	priv->key_idx = keyidx;
>  
> -	priv->tx_tfm = crypto_alloc_cipher("arc4", 0, 0);
> -	if (IS_ERR(priv->tx_tfm)) {
> -		priv->tx_tfm = NULL;
> -		goto fail;
> -	}
> -
> -	priv->rx_tfm = crypto_alloc_cipher("arc4", 0, 0);
> -	if (IS_ERR(priv->rx_tfm)) {
> -		priv->rx_tfm = NULL;
> -		goto fail;
> -	}
>  	/* start WEP IV from a random value */
>  	get_random_bytes(&priv->iv, 4);
>  
>  	return priv;
> -
> -      fail:
> -	if (priv) {
> -		crypto_free_cipher(priv->tx_tfm);
> -		crypto_free_cipher(priv->rx_tfm);
> -		kfree(priv);
> -	}
> -	return NULL;
>  }
>  
>  static void lib80211_wep_deinit(void *priv)
>  {
> -	struct lib80211_wep_data *_priv = priv;
> -	if (_priv) {
> -		crypto_free_cipher(_priv->tx_tfm);
> -		crypto_free_cipher(_priv->rx_tfm);
> -	}
>  	kfree(priv);
>  }

How about changing lib80211_wep_deinit() to use kzfree()?  As a result of
changing to the ARC4 library, the arc4_ctx is no longer zeroed.  Of course it's
not any worse than it was before since the raw key is already in
lib80211_wep_data too, but it really ought to be kzfree()...

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux