drivers/staging/rtl8723bs/core/rtw_security.c | 299 +++++++++--------- 1 file changed, 149 insertions(+), 150 deletions(-)
Reduce nesting by early returns.
Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com>
---
drivers/staging/rtl8723bs/core/rtw_security.c | 299 +++++++++---------
1 file changed, 149 insertions(+), 150 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index b489babe7432..412edfdf9636 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -453,47 +453,45 @@ u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
/* 4 start to encrypt each fragment */
- if (pattrib->encrypt == _TKIP_) {
+ if (pattrib->encrypt != _TKIP_)
+ return _SUCCESS;
- {
- if (is_multicast_ether_addr(pattrib->ra))
- prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
- else
- prwskey = pattrib->dot118021x_UncstKey.skey;
+ if (is_multicast_ether_addr(pattrib->ra))
+ prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
+ else
+ prwskey = pattrib->dot118021x_UncstKey.skey;
- for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
- iv = pframe + pattrib->hdrlen;
- payload = pframe + pattrib->iv_len + pattrib->hdrlen;
+ for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
+ iv = pframe + pattrib->hdrlen;
+ payload = pframe + pattrib->iv_len + pattrib->hdrlen;
- GET_TKIP_PN(iv, dot11txpn);
+ GET_TKIP_PN(iv, dot11txpn);
- pnl = (u16)(dot11txpn.val);
- pnh = (u32)(dot11txpn.val >> 16);
+ pnl = (u16)(dot11txpn.val);
+ pnh = (u32)(dot11txpn.val >> 16);
- phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
+ phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
- phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
+ phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
- if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
- length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
- crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
+ if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
+ length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
- arc4_setkey(ctx, rc4key, 16);
- arc4_crypt(ctx, payload, payload, length);
- arc4_crypt(ctx, payload + length, crc.f1, 4);
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc.f1, 4);
- } else {
- length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
- crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
+ } else {
+ length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
- arc4_setkey(ctx, rc4key, 16);
- arc4_crypt(ctx, payload, payload, length);
- arc4_crypt(ctx, payload + length, crc.f1, 4);
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc.f1, 4);
- pframe += pxmitpriv->frag_len;
- pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
- }
- }
+ pframe += pxmitpriv->frag_len;
+ pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
}
}
return res;
@@ -521,82 +519,82 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
/* 4 start to decrypt recvframe */
- if (prxattrib->encrypt == _TKIP_) {
- stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
- if (stainfo) {
- if (is_multicast_ether_addr(prxattrib->ra)) {
- static unsigned long start;
- static u32 no_gkey_bc_cnt;
- static u32 no_gkey_mc_cnt;
-
- if (!psecuritypriv->binstallGrpkey) {
- res = _FAIL;
-
- if (start == 0)
- start = jiffies;
-
- if (is_broadcast_mac_addr(prxattrib->ra))
- no_gkey_bc_cnt++;
- else
- no_gkey_mc_cnt++;
-
- if (jiffies_to_msecs(jiffies - start) > 1000) {
- if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
- netdev_dbg(padapter->pnetdev,
- FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
- FUNC_ADPT_ARG(padapter),
- no_gkey_bc_cnt,
- no_gkey_mc_cnt);
- }
- start = jiffies;
- no_gkey_bc_cnt = 0;
- no_gkey_mc_cnt = 0;
- }
- goto exit;
- }
+ if (prxattrib->encrypt != _TKIP_)
+ return _SUCCESS;
+
+ stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
+ if (!stainfo)
+ return _FAIL;
+
+ if (is_multicast_ether_addr(prxattrib->ra)) {
+ static unsigned long start;
+ static u32 no_gkey_bc_cnt;
+ static u32 no_gkey_mc_cnt;
+
+ if (!psecuritypriv->binstallGrpkey) {
+ res = _FAIL;
+
+ if (start == 0)
+ start = jiffies;
+ if (is_broadcast_mac_addr(prxattrib->ra))
+ no_gkey_bc_cnt++;
+ else
+ no_gkey_mc_cnt++;
+
+ if (jiffies_to_msecs(jiffies - start) > 1000) {
if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
netdev_dbg(padapter->pnetdev,
- FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
+ FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
FUNC_ADPT_ARG(padapter),
no_gkey_bc_cnt,
no_gkey_mc_cnt);
}
- start = 0;
+ start = jiffies;
no_gkey_bc_cnt = 0;
no_gkey_mc_cnt = 0;
-
- prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
- } else {
- prwskey = &stainfo->dot118021x_UncstKey.skey[0];
}
+ goto exit;
+ }
- iv = pframe + prxattrib->hdrlen;
- payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
- length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
+ if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
+ netdev_dbg(padapter->pnetdev,
+ FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
+ FUNC_ADPT_ARG(padapter),
+ no_gkey_bc_cnt,
+ no_gkey_mc_cnt);
+ }
+ start = 0;
+ no_gkey_bc_cnt = 0;
+ no_gkey_mc_cnt = 0;
- GET_TKIP_PN(iv, dot11txpn);
+ prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
+ } else {
+ prwskey = &stainfo->dot118021x_UncstKey.skey[0];
+ }
- pnl = (u16)(dot11txpn.val);
- pnh = (u32)(dot11txpn.val >> 16);
+ iv = pframe + prxattrib->hdrlen;
+ payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
+ length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
- phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
- phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
+ GET_TKIP_PN(iv, dot11txpn);
- /* 4 decrypt payload include icv */
+ pnl = (u16)(dot11txpn.val);
+ pnh = (u32)(dot11txpn.val >> 16);
- arc4_setkey(ctx, rc4key, 16);
- arc4_crypt(ctx, payload, payload, length);
+ phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
+ phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
- *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
+ /* 4 decrypt payload include icv */
- if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
- crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
- res = _FAIL;
- } else {
- res = _FAIL;
- }
- }
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+
+ *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
+
+ if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
+ crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
+ res = _FAIL;
exit:
return res;
}
@@ -969,24 +967,25 @@ u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
/* 4 start to encrypt each fragment */
- if (pattrib->encrypt == _AES_) {
- if (is_multicast_ether_addr(pattrib->ra))
- prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
- else
- prwskey = pattrib->dot118021x_UncstKey.skey;
+ if (pattrib->encrypt != _AES_)
+ return _SUCCESS;
- for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
- if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
- length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ if (is_multicast_ether_addr(pattrib->ra))
+ prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
+ else
+ prwskey = pattrib->dot118021x_UncstKey.skey;
- aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
- } else {
- length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
+ if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
+ length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
- aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
- pframe += pxmitpriv->frag_len;
- pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
- }
+ aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
+ } else {
+ length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+
+ aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
+ pframe += pxmitpriv->frag_len;
+ pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
}
}
return res;
@@ -1213,69 +1212,69 @@ u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
/* 4 start to encrypt each fragment */
- if (prxattrib->encrypt == _AES_) {
- stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
- if (stainfo) {
- if (is_multicast_ether_addr(prxattrib->ra)) {
- static unsigned long start;
- static u32 no_gkey_bc_cnt;
- static u32 no_gkey_mc_cnt;
-
- if (!psecuritypriv->binstallGrpkey) {
- res = _FAIL;
-
- if (start == 0)
- start = jiffies;
-
- if (is_broadcast_mac_addr(prxattrib->ra))
- no_gkey_bc_cnt++;
- else
- no_gkey_mc_cnt++;
-
- if (jiffies_to_msecs(jiffies - start) > 1000) {
- if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
- netdev_dbg(padapter->pnetdev,
- FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
- FUNC_ADPT_ARG(padapter),
- no_gkey_bc_cnt,
- no_gkey_mc_cnt);
- }
- start = jiffies;
- no_gkey_bc_cnt = 0;
- no_gkey_mc_cnt = 0;
- }
-
- goto exit;
- }
+ if (prxattrib->encrypt != _AES_)
+ return _SUCCESS;
+
+ stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
+ if (!stainfo)
+ return _FAIL;
+
+ if (is_multicast_ether_addr(prxattrib->ra)) {
+ static unsigned long start;
+ static u32 no_gkey_bc_cnt;
+ static u32 no_gkey_mc_cnt;
+ if (!psecuritypriv->binstallGrpkey) {
+ res = _FAIL;
+
+ if (start == 0)
+ start = jiffies;
+
+ if (is_broadcast_mac_addr(prxattrib->ra))
+ no_gkey_bc_cnt++;
+ else
+ no_gkey_mc_cnt++;
+
+ if (jiffies_to_msecs(jiffies - start) > 1000) {
if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
netdev_dbg(padapter->pnetdev,
- FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
+ FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
FUNC_ADPT_ARG(padapter),
no_gkey_bc_cnt,
no_gkey_mc_cnt);
}
- start = 0;
+ start = jiffies;
no_gkey_bc_cnt = 0;
no_gkey_mc_cnt = 0;
-
- prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
- if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
- res = _FAIL;
- goto exit;
- }
- } else {
- prwskey = &stainfo->dot118021x_UncstKey.skey[0];
}
- length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
+ goto exit;
+ }
- res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
+ if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
+ netdev_dbg(padapter->pnetdev,
+ FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
+ FUNC_ADPT_ARG(padapter),
+ no_gkey_bc_cnt,
+ no_gkey_mc_cnt);
+ }
+ start = 0;
+ no_gkey_bc_cnt = 0;
+ no_gkey_mc_cnt = 0;
- } else {
+ prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
+ if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
res = _FAIL;
+ goto exit;
}
+ } else {
+ prwskey = &stainfo->dot118021x_UncstKey.skey[0];
}
+
+ length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
+
+ res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
+
exit:
return res;
}
--
2.51.0Hi Maksym, Your patch doesn't apply cleanly on top of the staging-next branch. Recently, we merged a patch that replaced is_broadcast_mac_addr() with the standard kernel function is_broadcast_ether_addr(), which is causing conflicts. Additionally, someone recently tried to do a similar refactoring just for rtw_aes_decrypt() but introduced a major bug. They wrote if (stainfo) instead of if (!stainfo), causing it to fail on valid pointers and crash on invalid ones. Your patch actually fixes their mistake. Could you please rebase your work onto the latest staging-next branch and send a v2 series? It would be best to split it into two patches(a patch series): first, a bug fix for rtw_aes_decrypt() to correct the if (!stainfo) logic (please add a fixes tag), and second, your early-return refactoring for the remaining functions. Also, don't forget to fix the subsystem prefix in your subject line to staging: rtl8723bs: Looking forward to the v2. Best regards, Luka Gejak
The null-pointer-guard was incorrect, returning _FAIL on valid pointer.
Invert the guard, so it returns _FAIL on invalid pointer.
Fixes: e23ad1570028 ("staging: rtl8723bs: use guard clause for stainfo check")
Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com>
---
drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index a00504ff2910..f467cb5b1dca 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -1212,7 +1212,7 @@ u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
if (prxattrib->encrypt != _AES_)
return _SUCCESS;
stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
- if (stainfo)
+ if (!stainfo)
return _FAIL;
if (is_multicast_ether_addr(prxattrib->ra)) {
static unsigned long start;
--
2.51.0On Thu, Apr 16, 2026 at 11:53:37PM +0400, Maksym Pikhotskyi wrote:
> The null-pointer-guard was incorrect, returning _FAIL on valid pointer.
> Invert the guard, so it returns _FAIL on invalid pointer.
>
> Fixes: e23ad1570028 ("staging: rtl8723bs: use guard clause for stainfo check")
> Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com>
> ---
You need to put a little note here under the --- cut off line which says:
v2: rebased on linux-next.
Also added another fix?
Please send v3. You can still add my Reviewed-by tag though.
regards,
dan carpenter
On Thu, Apr 16, 2026 at 11:53:37PM +0400, Maksym Pikhotskyi wrote:
> The null-pointer-guard was incorrect, returning _FAIL on valid pointer.
> Invert the guard, so it returns _FAIL on invalid pointer.
>
> Fixes: e23ad1570028 ("staging: rtl8723bs: use guard clause for stainfo check")
> Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com>
> ---
Ugh. Crap. Thanks.
Reviewed-by: Dan Carpenter <error27@gmail.com>
regards,
dan carpenter
On Thu Apr 16, 2026 at 9:53 PM CEST, Maksym Pikhotskyi wrote:
> The null-pointer-guard was incorrect, returning _FAIL on valid pointer.
> Invert the guard, so it returns _FAIL on invalid pointer.
>
> Fixes: e23ad1570028 ("staging: rtl8723bs: use guard clause for stainfo check")
> Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com>
> ---
> drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
> index a00504ff2910..f467cb5b1dca 100644
> --- a/drivers/staging/rtl8723bs/core/rtw_security.c
> +++ b/drivers/staging/rtl8723bs/core/rtw_security.c
> @@ -1212,7 +1212,7 @@ u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
> if (prxattrib->encrypt != _AES_)
> return _SUCCESS;
> stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
> - if (stainfo)
> + if (!stainfo)
> return _FAIL;
> if (is_multicast_ether_addr(prxattrib->ra)) {
> static unsigned long start;
You should Cc stable and also add Reported-by tag since you weren't the
one to point out the bug.
Best regards,
Luka Gejak
On Thu, Apr 16, 2026 at 10:42:07PM +0200, Luka Gejak wrote:
> On Thu Apr 16, 2026 at 9:53 PM CEST, Maksym Pikhotskyi wrote:
> > The null-pointer-guard was incorrect, returning _FAIL on valid pointer.
> > Invert the guard, so it returns _FAIL on invalid pointer.
> >
> > Fixes: e23ad1570028 ("staging: rtl8723bs: use guard clause for stainfo check")
> > Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com>
> > ---
> > drivers/staging/rtl8723bs/core/rtw_security.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
> > index a00504ff2910..f467cb5b1dca 100644
> > --- a/drivers/staging/rtl8723bs/core/rtw_security.c
> > +++ b/drivers/staging/rtl8723bs/core/rtw_security.c
> > @@ -1212,7 +1212,7 @@ u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
> > if (prxattrib->encrypt != _AES_)
> > return _SUCCESS;
> > stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
> > - if (stainfo)
> > + if (!stainfo)
> > return _FAIL;
> > if (is_multicast_ether_addr(prxattrib->ra)) {
> > static unsigned long start;
>
> You should Cc stable.
The bug isn't in any stable releases so no need to Cc stable.
regards,
dan carpenter
Reduce nesting by early returns.
Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com>
---
drivers/staging/rtl8723bs/core/rtw_security.c | 205 +++++++++---------
1 file changed, 102 insertions(+), 103 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index f467cb5b1dca..2a5a4c0de9b1 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -449,47 +449,45 @@ u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
/* 4 start to encrypt each fragment */
- if (pattrib->encrypt == _TKIP_) {
+ if (pattrib->encrypt != _TKIP_)
+ return _SUCCESS;
- {
- if (is_multicast_ether_addr(pattrib->ra))
- prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
- else
- prwskey = pattrib->dot118021x_UncstKey.skey;
+ if (is_multicast_ether_addr(pattrib->ra))
+ prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
+ else
+ prwskey = pattrib->dot118021x_UncstKey.skey;
- for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
- iv = pframe + pattrib->hdrlen;
- payload = pframe + pattrib->iv_len + pattrib->hdrlen;
+ for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
+ iv = pframe + pattrib->hdrlen;
+ payload = pframe + pattrib->iv_len + pattrib->hdrlen;
- GET_TKIP_PN(iv, dot11txpn);
+ GET_TKIP_PN(iv, dot11txpn);
- pnl = (u16)(dot11txpn.val);
- pnh = (u32)(dot11txpn.val >> 16);
+ pnl = (u16)(dot11txpn.val);
+ pnh = (u32)(dot11txpn.val >> 16);
- phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
+ phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
- phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
+ phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
- if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
- length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
- crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
+ if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
+ length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
- arc4_setkey(ctx, rc4key, 16);
- arc4_crypt(ctx, payload, payload, length);
- arc4_crypt(ctx, payload + length, crc.f1, 4);
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc.f1, 4);
- } else {
- length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
- crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
+ } else {
+ length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
- arc4_setkey(ctx, rc4key, 16);
- arc4_crypt(ctx, payload, payload, length);
- arc4_crypt(ctx, payload + length, crc.f1, 4);
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc.f1, 4);
- pframe += pxmitpriv->frag_len;
- pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
- }
- }
+ pframe += pxmitpriv->frag_len;
+ pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
}
}
return res;
@@ -517,82 +515,82 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
/* 4 start to decrypt recvframe */
- if (prxattrib->encrypt == _TKIP_) {
- stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
- if (stainfo) {
- if (is_multicast_ether_addr(prxattrib->ra)) {
- static unsigned long start;
- static u32 no_gkey_bc_cnt;
- static u32 no_gkey_mc_cnt;
-
- if (!psecuritypriv->binstallGrpkey) {
- res = _FAIL;
-
- if (start == 0)
- start = jiffies;
-
- if (is_broadcast_ether_addr(prxattrib->ra))
- no_gkey_bc_cnt++;
- else
- no_gkey_mc_cnt++;
-
- if (jiffies_to_msecs(jiffies - start) > 1000) {
- if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
- netdev_dbg(padapter->pnetdev,
- FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
- FUNC_ADPT_ARG(padapter),
- no_gkey_bc_cnt,
- no_gkey_mc_cnt);
- }
- start = jiffies;
- no_gkey_bc_cnt = 0;
- no_gkey_mc_cnt = 0;
- }
- goto exit;
- }
+ if (prxattrib->encrypt != _TKIP_)
+ return _SUCCESS;
+ stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
+ if (!stainfo)
+ return _FAIL;
+
+ if (is_multicast_ether_addr(prxattrib->ra)) {
+ static unsigned long start;
+ static u32 no_gkey_bc_cnt;
+ static u32 no_gkey_mc_cnt;
+
+ if (!psecuritypriv->binstallGrpkey) {
+ res = _FAIL;
+
+ if (start == 0)
+ start = jiffies;
+
+ if (is_broadcast_ether_addr(prxattrib->ra))
+ no_gkey_bc_cnt++;
+ else
+ no_gkey_mc_cnt++;
+
+ if (jiffies_to_msecs(jiffies - start) > 1000) {
if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
netdev_dbg(padapter->pnetdev,
- FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
+ FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
FUNC_ADPT_ARG(padapter),
no_gkey_bc_cnt,
no_gkey_mc_cnt);
}
- start = 0;
+ start = jiffies;
no_gkey_bc_cnt = 0;
no_gkey_mc_cnt = 0;
-
- prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
- } else {
- prwskey = &stainfo->dot118021x_UncstKey.skey[0];
}
+ goto exit;
+ }
- iv = pframe + prxattrib->hdrlen;
- payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
- length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
+ if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
+ netdev_dbg(padapter->pnetdev,
+ FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
+ FUNC_ADPT_ARG(padapter),
+ no_gkey_bc_cnt,
+ no_gkey_mc_cnt);
+ }
+ start = 0;
+ no_gkey_bc_cnt = 0;
+ no_gkey_mc_cnt = 0;
- GET_TKIP_PN(iv, dot11txpn);
+ prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
+ } else {
+ prwskey = &stainfo->dot118021x_UncstKey.skey[0];
+ }
- pnl = (u16)(dot11txpn.val);
- pnh = (u32)(dot11txpn.val >> 16);
+ iv = pframe + prxattrib->hdrlen;
+ payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
+ length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
- phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
- phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
+ GET_TKIP_PN(iv, dot11txpn);
- /* 4 decrypt payload include icv */
+ pnl = (u16)(dot11txpn.val);
+ pnh = (u32)(dot11txpn.val >> 16);
- arc4_setkey(ctx, rc4key, 16);
- arc4_crypt(ctx, payload, payload, length);
+ phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
+ phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
- *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
+ /* 4 decrypt payload include icv */
- if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
- crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
- res = _FAIL;
- } else {
- res = _FAIL;
- }
- }
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+
+ *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
+
+ if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
+ crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
+ res = _FAIL;
exit:
return res;
}
@@ -965,24 +963,25 @@ u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
/* 4 start to encrypt each fragment */
- if (pattrib->encrypt == _AES_) {
- if (is_multicast_ether_addr(pattrib->ra))
- prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
- else
- prwskey = pattrib->dot118021x_UncstKey.skey;
+ if (pattrib->encrypt != _AES_)
+ return _SUCCESS;
- for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
- if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
- length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ if (is_multicast_ether_addr(pattrib->ra))
+ prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
+ else
+ prwskey = pattrib->dot118021x_UncstKey.skey;
- aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
- } else {
- length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+ for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
+ if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
+ length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
- aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
- pframe += pxmitpriv->frag_len;
- pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
- }
+ aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
+ } else {
+ length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
+
+ aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
+ pframe += pxmitpriv->frag_len;
+ pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
}
}
return res;
--
2.51.0On April 16, 2026 9:53:38 PM GMT+02:00, Maksym Pikhotskyi <mpikhotskyi@gmail.com> wrote: >Reduce nesting by early returns. > >Signed-off-by: Maksym Pikhotskyi <mpikhotskyi@gmail.com> >--- ... Hi Maksym, Your logic is spot on. However, your subject line and commit message should be more detailed. Please try answering questions like why you made these changes and where they apply (mentioning the specific functions or file(if it changes whole file) in the commit body). Also, it would be preferable if you sent your v3 as a completely separate thread. Best regards, Luka Gejak
© 2016 - 2026 Red Hat, Inc.