@@ -234,6 +234,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
u8 rc4key[16], keyid, *pos = payload;
int res;
const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
+ bool tkip_decrypt_replay = 0;
if (payload_len < 12)
return -1;
@@ -271,7 +272,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
iv32, iv16, key->u.tkip.rx[queue].iv32,
key->u.tkip.rx[queue].iv16);
#endif
- return TKIP_DECRYPT_REPLAY;
+ tkip_decrypt_replay = 1;
}
if (only_iv) {
@@ -338,5 +339,8 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
*out_iv16 = iv16;
}
+ if (tkip_decrypt_replay)
+ return TKIP_DECRYPT_REPLAY;
+
return res;
}
@@ -242,7 +242,9 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
hdr->addr1, hwaccel, rx->queue,
&rx->tkip_iv32,
&rx->tkip_iv16);
- if (res != TKIP_DECRYPT_OK || wpa_test)
+ if ((res != TKIP_DECRYPT_OK || wpa_test) &&
+ !(res == TKIP_DECRYPT_REPLAY &&
+ rx->sdata->vif.type != NL80211_IFTYPE_ADHOC))
return RX_DROP_UNUSABLE;
/* Trim ICV */
@@ -453,7 +455,8 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
ccmp_hdr2pn(pn, skb->data + hdrlen);
- if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) {
+ if ((memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) &&
+ (rx->sdata->vif.type != NL80211_IFTYPE_ADHOC)) {
key->u.ccmp.replays++;
return RX_DROP_UNUSABLE;
}
@@ -576,7 +579,8 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
bip_ipn_swap(ipn, mmie->sequence_number);
- if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
+ if ((memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) &&
+ (rx->sdata->vif.type != NL80211_IFTYPE_ADHOC)) {
key->u.aes_cmac.replays++;
return RX_DROP_UNUSABLE;
}