[PATCH v6] rtw_security: fix cast to restricted __le32

From: Jhih-Ming Huang
Date: Mon Jun 21 2021 - 11:48:32 EST


This patch fixes the sparse warning of fix cast to restricted __le32.

There was a change for replacing private CRC-32 routines with in kernel
ones.
However, the author used le32_to_cpu to convert crc32_le(), and we
should cpu_to_le32.

Ths commit also fixes the payload checking by memcmp instead of checking element
by element and removes the unused variable.

Reported-by: kernel test robot <lkp@xxxxxxxxx>
Signed-off-by: Jhih-Ming Huang <fbihjmeric@xxxxxxxxx>
---
drivers/staging/rtl8723bs/core/rtw_security.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index a99f439328f1..8dc6a976b487 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -92,7 +92,6 @@ void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
{
/* exclude ICV */
- u8 crc[4];
signed int length;
u32 keylength;
u8 *pframe, *payload, *iv, wepkey[16];
@@ -119,10 +118,6 @@ void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
/* decrypt payload include icv */
arc4_setkey(ctx, wepkey, 3 + keylength);
arc4_crypt(ctx, payload, payload, length);
-
- /* calculate icv and compare the icv */
- *((u32 *)crc) = le32_to_cpu(~crc32_le(~0, payload, length - 4));
-
}
}

@@ -537,7 +532,7 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
u32 pnh;
u8 rc4key[16];
u8 ttkey[16];
- u8 crc[4];
+ __le32 crc;
signed int length;

u8 *pframe, *payload, *iv, *prwskey;
@@ -618,10 +613,9 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
arc4_setkey(ctx, rc4key, 16);
arc4_crypt(ctx, payload, payload, length);

- *((u32 *)crc) = le32_to_cpu(~crc32_le(~0, payload, length - 4));
+ crc = cpu_to_le32(~crc32_le(~0, payload, length - 4));

- if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
- crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
+ if (memcmp(&crc, payload + length - 4, 4) != 0)
res = _FAIL;
} else {
res = _FAIL;
--
2.32.0