PERFORCE change 66293 for review

[Sam Leffler]

http://perforce.freebsd.org/chv.cgi?CH=66293

Change 66293 by sam at sam_ebb on 2004/12/03 01:56:45

	correct unicast cipher set setting and take into account
	available s/w ciphers when validated mcast and ucast cipher
	settings

Affected files ...

.. //depot/projects/wifi/sys/net80211/ieee80211_ioctl.c#22 edit

Differences ...

==== //depot/projects/wifi/sys/net80211/ieee80211_ioctl.c#22 (text+ko) ====

@@ -2148,8 +2148,8 @@
 			ic->ic_flags &= ~IEEE80211_F_NOBRIDGE;
 		break;
 	case IEEE80211_IOC_MCASTCIPHER:
-		/* XXX s/w implementations */
-		if ((ic->ic_caps & cipher2cap(ireq->i_val)) == 0)
+		if ((ic->ic_caps & cipher2cap(ireq->i_val)) == 0 &&
+		    !ieee80211_crypto_available(ireq->i_val))
 			return EINVAL;
 		rsn->rsn_mcastcipher = ireq->i_val;
 		error = (ic->ic_flags & IEEE80211_F_WPA) ? ENETRESET : 0;
@@ -2163,17 +2163,20 @@
 		break;
 	case IEEE80211_IOC_UCASTCIPHERS:
 		/*
-		 * Convert cipher set to equivalent capabilities.
+		 * Convert user-specified cipher set to the set
+		 * we can support (via hardware or software).
 		 * NB: this logic intentionally ignores unknown and
 		 * unsupported ciphers so folks can specify 0xff or
 		 * similar and get all available ciphers.
 		 */
 		caps = 0;
 		for (j = 1; j < 32; j++)	/* NB: skip WEP */
-			if (ireq->i_val & (1<<j))
-				caps |= cipher2cap(j);
-		/* XXX s/w implementations */
-		caps &= ic->ic_caps;	/* restrict to supported ciphers */
+			if ((ireq->i_val & (1<<j)) &&
+			    ((ic->ic_caps & cipher2cap(j)) ||
+			     ieee80211_crypto_available(j)))
+				caps |= 1<<j;
+		if (caps == 0)			/* nothing available */
+			return EINVAL;
 		/* XXX verify ciphers ok for unicast use? */
 		/* XXX disallow if running as it'll have no effect */
 		rsn->rsn_ucastcipherset = caps;