We just found out that WEP has been broken since August 2017.
Apparently not many people noticed. The commit which broke
it was:
[[[
CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2017/08/18 11:30:12
Modified files:
sys/net80211 : ieee80211_crypto.c ieee80211_crypto.h
ieee80211_proto.c
Log message:
Clear WPA group keys from memory before initiating a key exchange
with an access point. Prevents false positive 'reused group key'
warnings in dmesg when re-associating to the same access point.
Problem reported by tb@
ok tb@
]]]
Clear group keys in iee80211_newstate only if we're doing WPA.
Otherwise, ieee80211_crypto_clear_groupkeys() will clear WEP
keys configured by userland before associating.
(All WEP keys are group keys.)
Index: ieee80211_proto.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_proto.c,v
retrieving revision 1.83
diff -u -p -r1.83 ieee80211_proto.c
--- ieee80211_proto.c 6 Feb 2018 22:14:52 -0000 1.83
+++ ieee80211_proto.c 27 Apr 2018 14:00:22 -0000
@@ -948,7 +948,8 @@ justcleanup:
break;
}
ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
- ieee80211_crypto_clear_groupkeys(ic);
+ if (ic->ic_flags & IEEE80211_F_RSNON)
+ ieee80211_crypto_clear_groupkeys(ic);
break;
case IEEE80211_S_SCAN:
ic->ic_flags &= ~IEEE80211_F_SIBSS;
@@ -960,7 +961,8 @@ justcleanup:
ni->ni_associd = 0;
ni->ni_rstamp = 0;
ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
- ieee80211_crypto_clear_groupkeys(ic);
+ if (ic->ic_flags & IEEE80211_F_RSNON)
+ ieee80211_crypto_clear_groupkeys(ic);
switch (ostate) {
case IEEE80211_S_INIT:
#ifndef IEEE80211_STA_ONLY
@@ -1006,7 +1008,8 @@ justcleanup:
break;
case IEEE80211_S_AUTH:
ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
- ieee80211_crypto_clear_groupkeys(ic);
+ if (ic->ic_flags & IEEE80211_F_RSNON)
+ ieee80211_crypto_clear_groupkeys(ic);
switch (ostate) {
case IEEE80211_S_INIT:
if (ifp->if_flags & IFF_DEBUG)
