Skip to content

Commit 8d31342

Browse files
jmberg-inteljmberg-intel
committed
wifi: mac80211: clean up cipher suite handling
Under the previous commit's assumption that FIPS isn't supported by hardware, we don't need to modify the cipher suite list, but just need to use the software one instead of the driver's in this case, so clean up the code. Also fix it to exclude TKIP in this case, since that's also dependent on RC4. Signed-off-by: Johannes Berg <[email protected]> Signed-off-by: Miri Korenblit <[email protected]> Link: https://patch.msgid.link/20250709233537.cff427e8f8a5.I744d1ea6a37e3ea55ae8bc3e770acee734eff268@changeid Signed-off-by: Johannes Berg <[email protected]>
1 parent 5241526 commit 8d31342

File tree

2 files changed

+17
-54
lines changed

2 files changed

+17
-54
lines changed

net/mac80211/ieee80211_i.h

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1403,8 +1403,6 @@ struct ieee80211_local {
14031403
bool rx_mcast_action_reg;
14041404
unsigned int filter_flags; /* FIF_* */
14051405

1406-
bool wiphy_ciphers_allocated;
1407-
14081406
struct cfg80211_chan_def dflt_chandef;
14091407
bool emulate_chanctx;
14101408

net/mac80211/main.c

Lines changed: 17 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
* Copyright 2006-2007 Jiri Benc <[email protected]>
66
* Copyright 2013-2014 Intel Mobile Communications GmbH
77
* Copyright (C) 2017 Intel Deutschland GmbH
8-
* Copyright (C) 2018-2024 Intel Corporation
8+
* Copyright (C) 2018-2025 Intel Corporation
99
*/
1010

1111
#include <net/mac80211.h>
@@ -1025,12 +1025,9 @@ EXPORT_SYMBOL(ieee80211_alloc_hw_nm);
10251025

10261026
static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
10271027
{
1028-
bool have_wep = !fips_enabled; /* FIPS does not permit the use of RC4 */
10291028
bool have_mfp = ieee80211_hw_check(&local->hw, MFP_CAPABLE);
1030-
int r = 0, w = 0;
1031-
u32 *suites;
10321029
static const u32 cipher_suites[] = {
1033-
/* keep WEP first, it may be removed below */
1030+
/* keep WEP and TKIP first, they may be removed below */
10341031
WLAN_CIPHER_SUITE_WEP40,
10351032
WLAN_CIPHER_SUITE_WEP104,
10361033
WLAN_CIPHER_SUITE_TKIP,
@@ -1046,34 +1043,17 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
10461043
WLAN_CIPHER_SUITE_BIP_GMAC_256,
10471044
};
10481045

1049-
if (ieee80211_hw_check(&local->hw, SW_CRYPTO_CONTROL) ||
1050-
local->hw.wiphy->cipher_suites) {
1051-
/* If the driver advertises, or doesn't support SW crypto,
1052-
* we only need to remove WEP if necessary.
1053-
*/
1054-
if (have_wep)
1055-
return 0;
1056-
1057-
/* well if it has _no_ ciphers ... fine */
1058-
if (!local->hw.wiphy->n_cipher_suites)
1059-
return 0;
1060-
1061-
/* Driver provides cipher suites, but we need to exclude WEP */
1062-
suites = kmemdup_array(local->hw.wiphy->cipher_suites,
1063-
local->hw.wiphy->n_cipher_suites,
1064-
sizeof(u32), GFP_KERNEL);
1065-
if (!suites)
1066-
return -ENOMEM;
1067-
1068-
for (r = 0; r < local->hw.wiphy->n_cipher_suites; r++) {
1069-
u32 suite = local->hw.wiphy->cipher_suites[r];
1070-
1071-
if (suite == WLAN_CIPHER_SUITE_WEP40 ||
1072-
suite == WLAN_CIPHER_SUITE_WEP104)
1073-
continue;
1074-
suites[w++] = suite;
1075-
}
1076-
} else {
1046+
if (ieee80211_hw_check(&local->hw, SW_CRYPTO_CONTROL) && fips_enabled) {
1047+
dev_err(local->hw.wiphy->dev.parent,
1048+
"Drivers with SW_CRYPTO_CONTROL cannot work with FIPS\n");
1049+
return -EINVAL;
1050+
}
1051+
1052+
if (WARN_ON(ieee80211_hw_check(&local->hw, SW_CRYPTO_CONTROL) &&
1053+
!local->hw.wiphy->cipher_suites))
1054+
return -EINVAL;
1055+
1056+
if (fips_enabled || !local->hw.wiphy->cipher_suites) {
10771057
/* assign the (software supported and perhaps offloaded)
10781058
* cipher suites
10791059
*/
@@ -1083,19 +1063,13 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
10831063
if (!have_mfp)
10841064
local->hw.wiphy->n_cipher_suites -= 4;
10851065

1086-
if (!have_wep) {
1087-
local->hw.wiphy->cipher_suites += 2;
1088-
local->hw.wiphy->n_cipher_suites -= 2;
1066+
/* FIPS does not permit the use of RC4 */
1067+
if (fips_enabled) {
1068+
local->hw.wiphy->cipher_suites += 3;
1069+
local->hw.wiphy->n_cipher_suites -= 3;
10891070
}
1090-
1091-
/* not dynamically allocated, so just return */
1092-
return 0;
10931071
}
10941072

1095-
local->hw.wiphy->cipher_suites = suites;
1096-
local->hw.wiphy->n_cipher_suites = w;
1097-
local->wiphy_ciphers_allocated = true;
1098-
10991073
return 0;
11001074
}
11011075

@@ -1651,10 +1625,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
16511625
ieee80211_led_exit(local);
16521626
destroy_workqueue(local->workqueue);
16531627
fail_workqueue:
1654-
if (local->wiphy_ciphers_allocated) {
1655-
kfree(local->hw.wiphy->cipher_suites);
1656-
local->wiphy_ciphers_allocated = false;
1657-
}
16581628
kfree(local->int_scan_req);
16591629
return result;
16601630
}
@@ -1725,11 +1695,6 @@ void ieee80211_free_hw(struct ieee80211_hw *hw)
17251695

17261696
mutex_destroy(&local->iflist_mtx);
17271697

1728-
if (local->wiphy_ciphers_allocated) {
1729-
kfree(local->hw.wiphy->cipher_suites);
1730-
local->wiphy_ciphers_allocated = false;
1731-
}
1732-
17331698
idr_for_each(&local->ack_status_frames,
17341699
ieee80211_free_ack_frame, NULL);
17351700
idr_destroy(&local->ack_status_frames);

0 commit comments

Comments
 (0)