From: "John W. Linville" <linville@tuxdriver.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH v3] mac80211: remove wep dependency
Date: Tue, 20 Jul 2010 14:56:44 -0400 [thread overview]
Message-ID: <20100720185643.GB3468@tuxdriver.com> (raw)
In-Reply-To: <1279623588.3706.17.camel@jlt3.sipsolutions.net>
On Tue, Jul 20, 2010 at 12:59:48PM +0200, Johannes Berg wrote:
> On Wed, 2010-07-07 at 15:07 -0400, John W. Linville wrote:
> > The current mac80211 code assumes that WEP is always available. If WEP
> > fails to initialize, ieee80211_register_hw will always fail.
> >
> > In some cases (e.g. FIPS certification), the cryptography used by WEP is
> > unavailable. However, in such cases there is no good reason why CCMP
> > encryption (or even no link level encryption) cannot be used. So, this
> > patch removes mac80211's assumption that WEP (and TKIP) will always be
> > available for use.
> >
> > Signed-off-by: John W. Linville <linville@tuxdriver.com>
> > ---
> > v3 -> actually post changed patch...
> > v2 -> make it safe to call ieee80211_wep_free even if ieee80211_wep_init
> > had failed
>
> I think this is missing a change like this:
>
> --- a/net/mac80211/cfg.c
> +++ b/net/mac80211/cfg.c
> @@ -1228,6 +1228,10 @@ static int ieee80211_scan(struct wiphy *wiphy,
> static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev,
> struct cfg80211_auth_request *req)
> {
> + if (req->auth_type == NL80211_AUTHTYPE_SHARED_KEY &&
> + IS_ERR(sdata->local->wep_tx_tfm))
> + return -EINVAL;
> +
> return ieee80211_mgd_auth(IEEE80211_DEV_TO_SUB_IF(dev), req);
> }
>
>
> since otherwise you could end up trying to encrypt the auth frame with
> the uninitialised WEP TFM?
Yes, I think that makes sense. The check in ieee80211_wep_encrypt_data
will make it safe either way, but that will trigger a warning
in ieee80211_send_auth and leave us unable to return an error to
the ieee80211_auth caller. Also, it will send the auth request
unencrypted...
Care to send that as a "real" patch? :-)
John
--
John W. Linville Someday the world will need a hero, and you
linville@tuxdriver.com might be all we have. Be ready.
next prev parent reply other threads:[~2010-07-20 19:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-06 20:19 [PATCH] mac80211: remove wep dependency John W. Linville
2010-07-07 18:44 ` [PATCH v2] " John W. Linville
2010-07-07 19:07 ` [PATCH v3] " John W. Linville
2010-07-20 10:59 ` Johannes Berg
2010-07-20 18:56 ` John W. Linville [this message]
2010-07-21 8:09 ` [PATCH] mac80211: refuse shared key auth when WEP is unavailable Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100720185643.GB3468@tuxdriver.com \
--to=linville@tuxdriver.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.