summaryrefslogtreecommitdiffstats
path: root/net/mac80211/tkip.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2007-09-26 15:19:45 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 16:53:16 -0700
commit50741ae05a4742cae99361f57d84b5f8d33822a4 (patch)
treee655586b7d22a9504aaad7aa79401e8ff1c71770 /net/mac80211/tkip.c
parentfb1c1cd6c5a8988b14c5c6c0dfe55542df3a34c6 (diff)
downloadlinux-stable-50741ae05a4742cae99361f57d84b5f8d33822a4.tar.gz
linux-stable-50741ae05a4742cae99361f57d84b5f8d33822a4.tar.bz2
linux-stable-50741ae05a4742cae99361f57d84b5f8d33822a4.zip
[PATCH] mac80211: fix TKIP IV update
The TKIP IV should be updated only after MMIC verification, this patch changes it to be at that spot. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/tkip.c')
-rw-r--r--net/mac80211/tkip.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 5b11f14abfba..3abe194e4d55 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -238,7 +238,8 @@ void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
struct ieee80211_key *key,
u8 *payload, size_t payload_len, u8 *ta,
- int only_iv, int queue)
+ int only_iv, int queue,
+ u32 *out_iv32, u16 *out_iv16)
{
u32 iv32;
u32 iv16;
@@ -332,11 +333,14 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
done:
if (res == TKIP_DECRYPT_OK) {
- /* FIX: these should be updated only after Michael MIC has been
- * verified */
- /* Record previously received IV */
- key->u.tkip.iv32_rx[queue] = iv32;
- key->u.tkip.iv16_rx[queue] = iv16;
+ /*
+ * Record previously received IV, will be copied into the
+ * key information after MIC verification. It is possible
+ * that we don't catch replays of fragments but that's ok
+ * because the Michael MIC verication will then fail.
+ */
+ *out_iv32 = iv32;
+ *out_iv16 = iv16;
}
return res;