On Thu, 15 Aug 2019, Stefan Sperling wrote: > On Thu, Aug 15, 2019 at 03:47:02PM +1200, richard.n.proc...@gmail.com wrote: > > > I agree we should handle a missing key but suggest an alternative > > > approach > > > below. > > Hmm... your patch is surprisingly simple. I like it :) > > I am still a bit worried about iwm firmware failing to install the key, > which this patch would not handle. But that's a separate question.
See below for updated diff. Nice idea to add a panic on encrypt. Also I've followed the existing idiom of m_freem(m0); return NULL; I've checked that all assignments to k_flags are to fresh keys; the new flag is never clobbered. The new check will be accounted against is_rx_wepfail ("input wep/wpa packets failed"). Lightly tested with a download and ifconfig up/down. ok? best, Richard. Index: net80211/ieee80211_crypto.c =================================================================== RCS file: /cvs/src/sys/net80211/ieee80211_crypto.c,v retrieving revision 1.74 diff -u -p -u -p -r1.74 ieee80211_crypto.c --- net80211/ieee80211_crypto.c 24 Sep 2018 20:14:59 -0000 1.74 +++ net80211/ieee80211_crypto.c 16 Aug 2019 09:50:47 -0000 @@ -157,6 +157,10 @@ ieee80211_set_key(struct ieee80211com *i /* should not get there */ error = EINVAL; } + + if (error == 0) + k->k_flags |= IEEE80211_KEY_SWCRYPTO; + return error; } @@ -209,6 +213,9 @@ struct mbuf * ieee80211_encrypt(struct ieee80211com *ic, struct mbuf *m0, struct ieee80211_key *k) { + if ((k->k_flags & IEEE80211_KEY_SWCRYPTO) == 0) + panic("%s: unset key %d", __func__, k->k_id); + switch (k->k_cipher) { case IEEE80211_CIPHER_WEP40: case IEEE80211_CIPHER_WEP104: @@ -280,6 +287,12 @@ ieee80211_decrypt(struct ieee80211com *i } k = &ic->ic_nw_keys[kid]; } + + if ((k->k_flags & IEEE80211_KEY_SWCRYPTO) == 0) { + m_free(m0); + return NULL; + } + switch (k->k_cipher) { case IEEE80211_CIPHER_WEP40: case IEEE80211_CIPHER_WEP104: Index: net80211/ieee80211_crypto.h =================================================================== RCS file: /cvs/src/sys/net80211/ieee80211_crypto.h,v retrieving revision 1.25 diff -u -p -u -p -r1.25 ieee80211_crypto.h --- net80211/ieee80211_crypto.h 18 Aug 2017 17:30:12 -0000 1.25 +++ net80211/ieee80211_crypto.h 16 Aug 2019 09:50:47 -0000 @@ -78,6 +78,7 @@ struct ieee80211_key { #define IEEE80211_KEY_GROUP 0x00000001 /* group data key */ #define IEEE80211_KEY_TX 0x00000002 /* Tx+Rx */ #define IEEE80211_KEY_IGTK 0x00000004 /* integrity group key */ +#define IEEE80211_KEY_SWCRYPTO 0x00000080 /* loaded for software crypto */ u_int k_len; u_int64_t k_rsc[IEEE80211_NUM_TID];