Re: net80211: fix WEP

Fri, 27 Apr 2018 07:34:27 -0700 

Verified it fixes WEP.

OK

On 2018 Apr 27 (Fri) at 16:30:50 +0200 (+0200), Stefan Sperling wrote:
:We just found out that WEP has been broken since August 2017.
:Apparently not many people noticed. The commit which broke
:it was:
:
:[[[
:    CVSROOT:   /cvs
:    Module name:       src
:    Changes by:        [email protected]    2017/08/18 11:30:12
:    
:    Modified files:
:       sys/net80211   : ieee80211_crypto.c ieee80211_crypto.h 
:                        ieee80211_proto.c 
:    
:    Log message:
:    Clear WPA group keys from memory before initiating a key exchange
:    with an access point. Prevents false positive 'reused group key'
:    warnings in dmesg when re-associating to the same access point.
:    Problem reported by tb@
:    ok tb@
:]]]
:
:Clear group keys in iee80211_newstate only if we're doing WPA.
:Otherwise, ieee80211_crypto_clear_groupkeys() will clear WEP
:keys configured by userland before associating.
:(All WEP keys are group keys.)
:
:Index: ieee80211_proto.c
:===================================================================
:RCS file: /cvs/src/sys/net80211/ieee80211_proto.c,v
:retrieving revision 1.83
:diff -u -p -r1.83 ieee80211_proto.c
:--- ieee80211_proto.c  6 Feb 2018 22:14:52 -0000       1.83
:+++ ieee80211_proto.c  27 Apr 2018 14:00:22 -0000
:@@ -948,7 +948,8 @@ justcleanup:
:                       break;
:               }
:               ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:-              ieee80211_crypto_clear_groupkeys(ic);
:+              if (ic->ic_flags & IEEE80211_F_RSNON)
:+                      ieee80211_crypto_clear_groupkeys(ic);
:               break;
:       case IEEE80211_S_SCAN:
:               ic->ic_flags &= ~IEEE80211_F_SIBSS;
:@@ -960,7 +961,8 @@ justcleanup:
:               ni->ni_associd = 0;
:               ni->ni_rstamp = 0;
:               ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:-              ieee80211_crypto_clear_groupkeys(ic);
:+              if (ic->ic_flags & IEEE80211_F_RSNON)
:+                      ieee80211_crypto_clear_groupkeys(ic);
:               switch (ostate) {
:               case IEEE80211_S_INIT:
: #ifndef IEEE80211_STA_ONLY
:@@ -1006,7 +1008,8 @@ justcleanup:
:               break;
:       case IEEE80211_S_AUTH:
:               ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE;
:-              ieee80211_crypto_clear_groupkeys(ic);
:+              if (ic->ic_flags & IEEE80211_F_RSNON)
:+                      ieee80211_crypto_clear_groupkeys(ic);
:               switch (ostate) {
:               case IEEE80211_S_INIT:
:                       if (ifp->if_flags & IFF_DEBUG)
:

-- 
Any two philosophers can tell each other all they know in two hours.
                -- Oliver Wendell Holmes, Jr.

Reply via email to