--- /dev/null
+From 14d5e14c8a6c257eb322ddeb294ac4c243a7d2e1 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Fri, 23 Aug 2019 14:48:03 +0200
+Subject: [PATCH 14/15] rt2x00: clear up IV's on key removal
+
+After looking at code I realized that my previous fix
+95844124385e ("rt2x00: clear IV's on start to fix AP mode regression")
+was incomplete. We can still have wrong IV's after re-keyring.
+To fix that, clear up IV's also on key removal.
+
+Fixes: 710e6cc1595e ("rt2800: do not nullify initialization vector data")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+tested-by: Emil Karlson <jekarl@iki.fi>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ .../net/wireless/ralink/rt2x00/rt2800lib.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -1665,13 +1665,18 @@ static void rt2800_config_wcid_attr_ciph
+
+ offset = MAC_IVEIV_ENTRY(key->hw_key_idx);
+
+- rt2800_register_multiread(rt2x00dev, offset,
+- &iveiv_entry, sizeof(iveiv_entry));
+- if ((crypto->cipher == CIPHER_TKIP) ||
+- (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
+- (crypto->cipher == CIPHER_AES))
+- iveiv_entry.iv[3] |= 0x20;
+- iveiv_entry.iv[3] |= key->keyidx << 6;
++ if (crypto->cmd == SET_KEY) {
++ rt2800_register_multiread(rt2x00dev, offset,
++ &iveiv_entry, sizeof(iveiv_entry));
++ if ((crypto->cipher == CIPHER_TKIP) ||
++ (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
++ (crypto->cipher == CIPHER_AES))
++ iveiv_entry.iv[3] |= 0x20;
++ iveiv_entry.iv[3] |= key->keyidx << 6;
++ } else {
++ memset(&iveiv_entry, 0, sizeof(iveiv_entry));
++ }
++
+ rt2800_register_multiwrite(rt2x00dev, offset,
+ &iveiv_entry, sizeof(iveiv_entry));
+ }
projects / openwrt / staging / ynezz.git / blobdiff