[PATCH] mac80211: fix TKIP IV update The TKIP IV should be updated only after MMIC verification, this patch changes it to be at that spot. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>

commit: 50741ae05a4742cae99361f57d84b5f8d33822a4 [log] [tgz]
author: Johannes Berg <johannes@sipsolutions.net> Wed Sep 26 15:19:45 2007 +0200
committer: David S. Miller <davem@sunset.davemloft.net> Wed Oct 10 16:53:16 2007 -0700
tree: e655586b7d22a9504aaad7aa79401e8ff1c71770
parent: fb1c1cd6c5a8988b14c5c6c0dfe55542df3a34c6 [diff] [blame]
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 5b11f14..3abe194 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c

@@ -238,7 +238,8 @@
 int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
 				struct ieee80211_key *key,
 				u8 *payload, size_t payload_len, u8 *ta,
-				int only_iv, int queue)
+				int only_iv, int queue,
+				u32 *out_iv32, u16 *out_iv16)
 {
 	u32 iv32;
 	u32 iv16;
@@ -332,11 +333,14 @@
 	res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
  done:
 	if (res == TKIP_DECRYPT_OK) {
-		/* FIX: these should be updated only after Michael MIC has been
-		 * verified */
-		/* Record previously received IV */
-		key->u.tkip.iv32_rx[queue] = iv32;
-		key->u.tkip.iv16_rx[queue] = iv16;
+		/*
+		 * Record previously received IV, will be copied into the
+		 * key information after MIC verification. It is possible
+		 * that we don't catch replays of fragments but that's ok
+		 * because the Michael MIC verication will then fail.
+		 */
+		*out_iv32 = iv32;
+		*out_iv16 = iv16;
 	}
 
 	return res;
commit	50741ae05a4742cae99361f57d84b5f8d33822a4	[log] [tgz]
author	Johannes Berg <johannes@sipsolutions.net>	Wed Sep 26 15:19:45 2007 +0200
committer	David S. Miller <davem@sunset.davemloft.net>	Wed Oct 10 16:53:16 2007 -0700
tree	e655586b7d22a9504aaad7aa79401e8ff1c71770
parent	fb1c1cd6c5a8988b14c5c6c0dfe55542df3a34c6 [diff] [blame]