qcacld-3.0: Security enhancement fixes for RSNE frame parser

Adds logic in frame parser to use default RSN IE fields if optional
fields are not present in IE. So if RSN IE doesn't contain AKM,
group and unicast cipher use the default AKM(AKM_IEEE8021X) and
cipher (CCMP). Also adds sanity checks for RSNE in the frame parser.

Change-Id: I120a29c21407f82aab2c6fcdcaf1095518cb71b5
CRs-Fixed: 2195951

core/hdd/src/wlan_hdd_assoc.c

@@ -4999,8 +4999,8 @@ static int32_t hdd_process_genie(struct hdd_adapter *adapter,
 				 uint16_t gen_ie_len, uint8_t *gen_ie)
 {
 	tHalHandle halHandle = WLAN_HDD_GET_HAL_CTX(adapter);
-	tDot11fIERSN dot11RSNIE;
-	tDot11fIEWPA dot11WPAIE;
+	tDot11fIERSN dot11RSNIE = {0};
+	tDot11fIEWPA dot11WPAIE = {0};
 	uint8_t *pRsnIe;
 	uint16_t RSNIeLen;
 	uint32_t parse_status;
@@ -5032,16 +5032,18 @@ static int32_t hdd_process_genie(struct hdd_adapter *adapter,
 				parse_status);
 			return -EINVAL;
 		}
+		hdd_debug("gp_cipher_suite_present: %d",
+			 dot11RSNIE.gp_cipher_suite_present);
 		/* Copy out the encryption and authentication types */
 		hdd_debug("pairwise cipher suite count: %d",
 			 dot11RSNIE.pwise_cipher_suite_count);
 		hdd_debug("authentication suite count: %d",
-			 dot11RSNIE.akm_suite_count);
-		/* dot11RSNIE.akm_suite_count */
+			 dot11RSNIE.akm_suite_cnt);
+		/* dot11RSNIE.akm_suite_cnt */
 		/* Just translate the FIRST one */
 		*pAuthType =
 			hdd_translate_rsn_to_csr_auth_type(
-					dot11RSNIE.akm_suites[0]);
+					dot11RSNIE.akm_suite[0]);
 		/* dot11RSNIE.pwise_cipher_suite_count */
 		*pEncryptType =
 			hdd_translate_rsn_to_csr_encryption_type(
@@ -5239,8 +5241,9 @@ int hdd_set_genie_to_csr(struct hdd_adapter *adapter,
 		if (status)
 			hdd_set_def_rsne_override(&pWextState->roamProfile,
 					    RSNAuthType);
+		return 0;
 	}
-	return 0;
+	return status;
 }
 
 #ifdef WLAN_FEATURE_FILS_SK

core/hdd/src/wlan_hdd_hostapd.c

@@ -2690,8 +2690,8 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
 			 bool *pMFPRequired,
 			 uint16_t gen_ie_len, uint8_t *gen_ie)
 {
-	tDot11fIERSN dot11RSNIE;
-	tDot11fIEWPA dot11WPAIE;
+	tDot11fIERSN dot11RSNIE = {0};
+	tDot11fIEWPA dot11WPAIE = {0};
 
 	uint8_t *pRsnIe;
 	uint16_t RSNIeLen;
@@ -2723,15 +2723,15 @@ int hdd_softap_unpack_ie(tHalHandle halHandle,
 		hdd_debug("pairwise cipher suite count: %d",
 		       dot11RSNIE.pwise_cipher_suite_count);
 		hdd_debug("authentication suite count: %d",
-		       dot11RSNIE.akm_suite_count);
+		       dot11RSNIE.akm_suite_cnt);
 		/*
 		 * Here we have followed the apple base code,
 		 * but probably I suspect we can do something different
-		 * dot11RSNIE.akm_suite_count
+		 * dot11RSNIE.akm_suite_cnt
 		 * Just translate the FIRST one
 		 */
 		*pAuthType =
-			hdd_translate_rsn_to_csr_auth_type(dot11RSNIE.akm_suites[0]);
+		    hdd_translate_rsn_to_csr_auth_type(dot11RSNIE.akm_suite[0]);
 		/* dot11RSNIE.pwise_cipher_suite_count */
 		*pEncryptType =
 			hdd_translate_rsn_to_csr_encryption_type(dot11RSNIE.

core/mac/src/cfg/cfgUtil/dot11f.frms

@@ -1437,10 +1437,10 @@ IE RSN (EID_RSN)                          // 7.3.2.25
     // to 61.  However, that seems needlessly wasteful of space.
     pwise_cipher_suites[4][0..6] COUNTIS pwise_cipher_suite_count;
     // Optional count of AKM suite selectors
-    OPTIONAL akm_suite_count, 2;
+    OPTIONAL akm_suite_cnt, 2;
     // Again, I see nothing in the Standard explicitly limiting the number of
     // AKM suite selectors other than the maximum size of an IE.
-    akm_suites[4][0..6] COUNTIS akm_suite_count;
+    akm_suite[4][0..6] COUNTIS akm_suite_cnt;
     OPTIONAL RSN_Cap[2];
     // Finally, the IE may contain zero or more PMKIDs:
     OPTIONAL pmkid_count, 2;

core/mac/src/include/dot11f.h

@@ -35,7 +35,7 @@
  *
  *
  * This file was automatically generated by 'framesc'
- * Thu Feb  8 19:55:19 2018 from the following file(s):
+ * Fri Feb 16 12:30:33 2018 from the following file(s):
  *
  * dot11f.frms
  *
@@ -6631,14 +6631,17 @@ uint32_t dot11f_get_packed_ieric_data_desc(
 typedef struct sDot11fIERSN {
 	uint8_t             present;
 	uint16_t            version /* Must be 1! */;
+	uint8_t             gp_cipher_suite_present;
 	uint8_t             gp_cipher_suite[4];
 	uint16_t            pwise_cipher_suite_count;
 	uint8_t             pwise_cipher_suites[6][4];
-	uint16_t            akm_suite_count;
-	uint8_t             akm_suites[6][4];
+	uint16_t            akm_suite_cnt;
+	uint8_t             akm_suite[6][4];
+	uint8_t             RSN_Cap_present;
 	uint8_t             RSN_Cap[2];
 	uint16_t            pmkid_count;
 	uint8_t             pmkid[4][16];
+	uint8_t             gp_mgmt_cipher_suite_present;
 	uint8_t             gp_mgmt_cipher_suite[4];
 } tDot11fIERSN;
 

core/mac/src/include/parser_api.h

@@ -1192,22 +1192,6 @@ static inline QDF_STATUS populate_dot11f_he_bss_color_change(
 	return QDF_STATUS_SUCCESS;
 }
 #endif
-
-/**
- * sir_unpack_rsn_ie: wrapper to uRSN IE and update def RSN params
- * if optional fields are not present.
- * @mac_ctx: mac context
- * @buf: rsn ie buffer pointer
- * @buf_len: rsn ie buffer length
- * @rsn_ie: outframe rsn ie structure
- * @append_ie: flag to indicate if the rsn_ie need to be appended from buf
- *
- * Return: parse status
- */
-uint32_t sir_unpack_rsn_ie(tpAniSirGlobal mac_ctx, uint8_t *buf,
-				  uint8_t buf_len, tDot11fIERSN *rsn_ie,
-				  bool append_ie);
-
 /**
  * sir_unpack_beacon_ie: wrapper to unpack beacon and update def RSN params
  * if optional fields are not present.

core/mac/src/pe/lim/lim_process_assoc_req_frame.c

@@ -835,8 +835,8 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx,
 					 uint8_t sub_type, bool *pmf_connection)
 {
 	const uint8_t *wps_ie = NULL;
-	tDot11fIEWPA dot11f_ie_wpa;
-	tDot11fIERSN dot11f_ie_rsn;
+	tDot11fIEWPA dot11f_ie_wpa = {0};
+	tDot11fIERSN dot11f_ie_rsn = {0};
 	tSirRetStatus status = eSIR_SUCCESS;
 	/*
 	 * Clear the buffers so that frame parser knows that there isn't a
@@ -865,7 +865,7 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx,
 			if (assoc_req->rsnPresent) {
 				if (assoc_req->rsn.length) {
 					/* Unpack the RSN IE */
-					if (sir_unpack_rsn_ie(mac_ctx,
+					if (dot11f_unpack_ie_rsn(mac_ctx,
 						&assoc_req->rsn.info[0],
 						assoc_req->rsn.length,
 						&dot11f_ie_rsn, false) !=

core/mac/src/pe/lim/lim_process_fils.c

@@ -1074,7 +1074,7 @@ bool lim_process_fils_auth_frame2(tpAniSirGlobal mac_ctx,
 	if (rx_auth_frm_body->authAlgoNumber != SIR_FILS_SK_WITHOUT_PFS)
 		return false;
 
-	if (sir_unpack_rsn_ie(mac_ctx,
+	if (dot11f_unpack_ie_rsn(mac_ctx,
 				&rx_auth_frm_body->rsn_ie.info[0],
 				rx_auth_frm_body->rsn_ie.length,
 				&dot11f_ie_rsn, 0) != DOT11F_PARSE_SUCCESS) {

core/mac/src/pe/lim/lim_sme_req_utils.c

@@ -284,7 +284,7 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
 	} else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2) &&
 		   (rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID)) {
 		pe_debug("Only RSN IE is present");
-		sir_unpack_rsn_ie(mac_ctx, &rsn_ie->rsnIEdata[2],
+		dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
 				     rsn_ie->rsnIEdata[1],
 				     &session->gStartBssRSNIe, false);
 		return true;
@@ -312,7 +312,7 @@ lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
 		return false;
 	} else {
 		/* Both RSN and WPA IEs are present */
-		sir_unpack_rsn_ie(mac_ctx, &rsn_ie->rsnIEdata[2],
+		dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
 				     rsn_ie->rsnIEdata[1],
 				     &session->gStartBssRSNIe, false);
 		dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[wpa_idx + 6],

core/mac/src/sys/legacy/src/utils/src/dot11f.c

@@ -33,7 +33,7 @@
  *
  *
  * This file was automatically generated by 'framesc'
- * Thu Feb  8 19:55:19 2018 from the following file(s):
+ * Fri Feb 16 12:30:33 2018 from the following file(s):
  *
  * dot11f.frms
  *
@@ -4866,6 +4866,8 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx,
 			      bool append_ie)
 {
 	uint32_t status = DOT11F_PARSE_SUCCESS;
+	uint8_t def_cipher_suite[4] = {0x00, 0x0f, 0xac, 0x04};
+	uint8_t def_akm_suite[4] = {0x00, 0x0f, 0xac, 0x01};
 	(void) pBuf; (void)ielen; /* Shutup the compiler */
 	if (pDst->present)
 		status = DOT11F_DUPLICATE_IE;
@@ -4878,26 +4880,55 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx,
 		return status | DOT11F_BAD_FIXED_VALUE;
 	}
 	if (!ielen) {
-		pDst->pwise_cipher_suite_count = 0U;
-		pDst->akm_suite_count = 0U;
+		pDst->RSN_Cap_present = 0U;
+		pDst->gp_mgmt_cipher_suite_present = 0U;
+		pDst->gp_cipher_suite_present = 1;
+		DOT11F_MEMCPY(pCtx, pDst->gp_cipher_suite, def_cipher_suite, 4);
+		pDst->pwise_cipher_suite_count = 1;
+		DOT11F_MEMCPY(pCtx,
+				pDst->pwise_cipher_suites, def_cipher_suite, 4);
+		pDst->akm_suite_cnt = 1;
+		DOT11F_MEMCPY(pCtx, pDst->akm_suite, def_akm_suite, 4);
 		pDst->pmkid_count = 0U;
 		return 0U;
 	} else {
+		pDst->gp_cipher_suite_present = 1;
+		if (ielen < 4) {
+			pDst->present = 0;
+			return DOT11F_SKIPPED_BAD_IE;
+		}
+
 		DOT11F_MEMCPY(pCtx, pDst->gp_cipher_suite, pBuf, 4);
 		pBuf += 4;
 		ielen -= (uint8_t)4;
 	}
 	if (!ielen) {
-		pDst->pwise_cipher_suite_count = 0U;
-		pDst->akm_suite_count = 0U;
+		pDst->RSN_Cap_present = 0U;
+		pDst->gp_mgmt_cipher_suite_present = 0U;
+		pDst->pwise_cipher_suite_count = 1;
+		DOT11F_MEMCPY(pCtx,
+				pDst->pwise_cipher_suites, def_cipher_suite, 4);
+		pDst->akm_suite_cnt = 1;
+		DOT11F_MEMCPY(pCtx, pDst->akm_suite, def_akm_suite, 4);
 		pDst->pmkid_count = 0U;
 		return 0U;
 	} else {
+		if (ielen < 2) {
+			pDst->present = 0;
+			return DOT11F_SKIPPED_BAD_IE;
+		}
+
 		framesntohs(pCtx, &pDst->pwise_cipher_suite_count, pBuf, 0);
 		pBuf += 2;
 		ielen -= (uint8_t)2;
 	}
-	if (pDst->pwise_cipher_suite_count > 6) {
+	if (!pDst->pwise_cipher_suite_count ||
+		pDst->pwise_cipher_suite_count > 6) {
+		pDst->present = 0;
+		return DOT11F_SKIPPED_BAD_IE;
+	}
+
+	if (ielen < pDst->pwise_cipher_suite_count * 4) {
 		pDst->present = 0;
 		return DOT11F_SKIPPED_BAD_IE;
 	}
@@ -4906,34 +4937,63 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx,
 	pBuf += (pDst->pwise_cipher_suite_count * 4);
 	ielen -= (pDst->pwise_cipher_suite_count * 4);
 	if (!ielen) {
-		pDst->akm_suite_count = 0U;
+		pDst->RSN_Cap_present = 0U;
+		pDst->gp_mgmt_cipher_suite_present = 0U;
+		pDst->akm_suite_cnt = 1;
+		DOT11F_MEMCPY(pCtx, pDst->akm_suite, def_akm_suite, 4);
 		pDst->pmkid_count = 0U;
 		return 0U;
 	} else {
-		framesntohs(pCtx, &pDst->akm_suite_count, pBuf, 0);
+		if (ielen < 2) {
+			pDst->present = 0;
+			return DOT11F_SKIPPED_BAD_IE;
+		}
+
+		framesntohs(pCtx, &pDst->akm_suite_cnt, pBuf, 0);
 		pBuf += 2;
 		ielen -= (uint8_t)2;
 	}
-	if (pDst->akm_suite_count > 6) {
+	if (!pDst->akm_suite_cnt ||
+		pDst->akm_suite_cnt > 6) {
 		pDst->present = 0;
 		return DOT11F_SKIPPED_BAD_IE;
 	}
 
-	DOT11F_MEMCPY(pCtx, pDst->akm_suites, pBuf, (pDst->akm_suite_count * 4));
-	pBuf += (pDst->akm_suite_count * 4);
-	ielen -= (pDst->akm_suite_count * 4);
+	if (ielen < pDst->akm_suite_cnt * 4) {
+		pDst->present = 0;
+		return DOT11F_SKIPPED_BAD_IE;
+	}
+
+	DOT11F_MEMCPY(pCtx, pDst->akm_suite, pBuf, (pDst->akm_suite_cnt * 4));
+	pBuf += (pDst->akm_suite_cnt * 4);
+	ielen -= (pDst->akm_suite_cnt * 4);
 	if (!ielen) {
+		pDst->RSN_Cap_present = 0U;
+		pDst->gp_mgmt_cipher_suite_present = 0U;
 		pDst->pmkid_count = 0U;
 		return 0U;
 	} else {
+		pDst->RSN_Cap_present = 1;
+		if (ielen < 2) {
+			pDst->present = 0;
+			return DOT11F_SKIPPED_BAD_IE;
+		}
+
 		DOT11F_MEMCPY(pCtx, pDst->RSN_Cap, pBuf, 2);
 		pBuf += 2;
 		ielen -= (uint8_t)2;
 	}
 	if (!ielen) {
+		pDst->RSN_Cap_present = 0U;
+		pDst->gp_mgmt_cipher_suite_present = 0U;
 		pDst->pmkid_count = 0U;
 		return 0U;
 	} else {
+		if (ielen < 2) {
+			pDst->present = 0;
+			return DOT11F_SKIPPED_BAD_IE;
+		}
+
 		framesntohs(pCtx, &pDst->pmkid_count, pBuf, 0);
 		pBuf += 2;
 		ielen -= (uint8_t)2;
@@ -4943,12 +5003,23 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx,
 		return DOT11F_SKIPPED_BAD_IE;
 	}
 
+	if (ielen < pDst->pmkid_count * 16) {
+		pDst->present = 0;
+		return DOT11F_SKIPPED_BAD_IE;
+	}
+
 	DOT11F_MEMCPY(pCtx, pDst->pmkid, pBuf, (pDst->pmkid_count * 16));
 	pBuf += (pDst->pmkid_count * 16);
 	ielen -= (pDst->pmkid_count * 16);
 	if (!ielen) {
 		return 0U;
 	} else {
+		pDst->gp_mgmt_cipher_suite_present = 1;
+		if (ielen < 4) {
+			pDst->present = 0;
+			return DOT11F_SKIPPED_BAD_IE;
+		}
+
 		DOT11F_MEMCPY(pCtx, pDst->gp_mgmt_cipher_suite, pBuf, 4);
 	}
 	(void)pCtx;
@@ -13128,7 +13199,8 @@ uint32_t dot11f_get_packed_iersn(tpAniSirGlobal pCtx,
 	(void)pCtx;
 	while (pIe->present) {
 		*pnNeeded += 2;
-		if (pIe->gp_cipher_suite) {
+		if (pIe->gp_cipher_suite_present) {
+
 			*pnNeeded += 4;
 		} else {
 			break;
@@ -13139,22 +13211,30 @@ uint32_t dot11f_get_packed_iersn(tpAniSirGlobal pCtx,
 			break;
 		}
 		*pnNeeded += (pIe->pwise_cipher_suite_count * 4);
-		if (pIe->akm_suite_count) {
+		if (pIe->akm_suite_cnt) {
+			*pnNeeded += 2;
+		} else {
+			break;
+		}
+		*pnNeeded += (pIe->akm_suite_cnt * 4);
+		if (pIe->RSN_Cap_present) {
+
 			*pnNeeded += 2;
 		} else {
 			break;
 		}
-		*pnNeeded += (pIe->akm_suite_count * 4);
-		/* RSN_Cap */
-		*pnNeeded += 2;
 		if (pIe->pmkid_count) {
 			*pnNeeded += 2;
 		} else {
 			break;
 		}
 		*pnNeeded += (pIe->pmkid_count * 16);
-		/* gp_mgmt_cipher_suite */
-		*pnNeeded += 4;
+		if (pIe->gp_mgmt_cipher_suite_present) {
+
+			*pnNeeded += 4;
+		} else {
+			break;
+		}
 		break;
 	}
 	return status;
@@ -21414,7 +21494,7 @@ uint32_t dot11f_pack_ie_rsn(tpAniSirGlobal pCtx,
 		frameshtons(pCtx, pBuf, pSrc->version, 0);
 		*pnConsumed += 2;
 		pBuf += 2;
-		if (pSrc->gp_cipher_suite) {
+		if (pSrc->gp_cipher_suite_present) {
 			DOT11F_MEMCPY(pCtx, pBuf, pSrc->gp_cipher_suite, 4);
 			*pnConsumed += 4;
 			pBuf += 4;
@@ -21431,20 +21511,23 @@ uint32_t dot11f_pack_ie_rsn(tpAniSirGlobal pCtx,
 		DOT11F_MEMCPY(pCtx, pBuf, &(pSrc->pwise_cipher_suites), (pSrc->pwise_cipher_suite_count * 4));
 		*pnConsumed += (pSrc->pwise_cipher_suite_count * 4);
 		pBuf += (pSrc->pwise_cipher_suite_count * 4);
-		if (pSrc->akm_suite_count) {
-			frameshtons(pCtx, pBuf, pSrc->akm_suite_count, 0);
+		if (pSrc->akm_suite_cnt) {
+			frameshtons(pCtx, pBuf, pSrc->akm_suite_cnt, 0);
+			*pnConsumed += 2;
+			pBuf += 2;
+		} else {
+			break;
+		}
+		DOT11F_MEMCPY(pCtx, pBuf, &(pSrc->akm_suite), (pSrc->akm_suite_cnt * 4));
+		*pnConsumed += (pSrc->akm_suite_cnt * 4);
+		pBuf += (pSrc->akm_suite_cnt * 4);
+		if (pSrc->RSN_Cap_present) {
+			DOT11F_MEMCPY(pCtx, pBuf, pSrc->RSN_Cap, 2);
 			*pnConsumed += 2;
 			pBuf += 2;
 		} else {
 			break;
 		}
-		DOT11F_MEMCPY(pCtx, pBuf, &(pSrc->akm_suites), (pSrc->akm_suite_count * 4));
-		*pnConsumed += (pSrc->akm_suite_count * 4);
-		pBuf += (pSrc->akm_suite_count * 4);
-		/* RSN_Cap */
-		DOT11F_MEMCPY(pCtx, pBuf, pSrc->RSN_Cap, 2);
-		*pnConsumed += 2;
-		pBuf += 2;
 		if (pSrc->pmkid_count) {
 			frameshtons(pCtx, pBuf, pSrc->pmkid_count, 0);
 			*pnConsumed += 2;
@@ -21455,10 +21538,13 @@ uint32_t dot11f_pack_ie_rsn(tpAniSirGlobal pCtx,
 		DOT11F_MEMCPY(pCtx, pBuf, &(pSrc->pmkid), (pSrc->pmkid_count * 16));
 		*pnConsumed += (pSrc->pmkid_count * 16);
 		pBuf += (pSrc->pmkid_count * 16);
-		/* gp_mgmt_cipher_suite */
-		DOT11F_MEMCPY(pCtx, pBuf, pSrc->gp_mgmt_cipher_suite, 4);
-		*pnConsumed += 4;
-		/* fieldsEndFlag = 1 */
+		if (pSrc->gp_mgmt_cipher_suite_present) {
+			DOT11F_MEMCPY(pCtx, pBuf, pSrc->gp_mgmt_cipher_suite, 4);
+			*pnConsumed += 4;
+			/* fieldsEndFlag = 1 */
+		} else {
+			break;
+		}
 		break;
 	}
 	(void)pCtx;

core/mac/src/sys/legacy/src/utils/src/parser_api.c

@@ -1499,7 +1499,7 @@ populate_dot11f_rsn(tpAniSirGlobal pMac,
 	if (pRsnIe->length) {
 		idx = find_ie_location(pMac, pRsnIe, DOT11F_EID_RSN);
 		if (0 <= idx) {
-			status = sir_unpack_rsn_ie(pMac, pRsnIe->rsnIEdata + idx + 2,   /* EID, length */
+			status = dot11f_unpack_ie_rsn(pMac, pRsnIe->rsnIEdata + idx + 2,   /* EID, length */
 						      pRsnIe->rsnIEdata[idx + 1],
 						      pDot11f, false);
 			if (DOT11F_FAILED(status)) {
@@ -3392,7 +3392,7 @@ sir_beacon_ie_ese_bcn_report(tpAniSirGlobal pMac,
 	}
 	qdf_mem_zero(pBies, sizeof(tDot11fBeaconIEs));
 	/* delegate to the framesc-generated code, */
-	status = sir_unpack_beacon_ie(pMac, pPayload, nPayload,
+	status = dot11f_unpack_beacon_i_es(pMac, pPayload, nPayload,
 					   pBies, false);
 
 	if (DOT11F_FAILED(status)) {
@@ -3670,72 +3670,6 @@ static inline void update_bss_color_change_from_beacon_ies(
 {}
 #endif
 
-/**
- * sir_update_def_rsn_params: Update def RSN params if optional fields are
- * not present.
- * @rsn_ie: RSN ie structure
- *
- * Check if the RSN IE contain optional params and if not fill with the
- * default values
- *
- * Return: void
- */
-static void sir_update_def_rsn_params(tDot11fIERSN *rsn_ie)
-{
-	uint8_t zero_gp_cipher_suite[RSN_OUI_SIZE] = {0x00, 0x00, 0x00, 0x00};
-	uint8_t def_cipher_suite[RSN_OUI_SIZE] = {0x00, 0x0f, 0xac, 0x04};
-	uint8_t def_akm_suite[RSN_OUI_SIZE] = {0x00, 0x0f, 0xac, 0x01};
-
-	if (!qdf_mem_cmp(rsn_ie->gp_cipher_suite, zero_gp_cipher_suite,
-			 RSN_OUI_SIZE)) {
-		qdf_mem_copy(rsn_ie->gp_cipher_suite, def_cipher_suite,
-			     RSN_OUI_SIZE);
-		rsn_ie->pwise_cipher_suite_count = 1;
-		qdf_mem_copy(rsn_ie->pwise_cipher_suites, def_cipher_suite,
-			     RSN_OUI_SIZE);
-		rsn_ie->akm_suite_count = 1;
-		qdf_mem_copy(rsn_ie->akm_suites, def_akm_suite, RSN_OUI_SIZE);
-	} else if (!rsn_ie->pwise_cipher_suite_count) {
-		rsn_ie->pwise_cipher_suite_count = 1;
-		qdf_mem_copy(rsn_ie->pwise_cipher_suites, def_cipher_suite,
-			     RSN_OUI_SIZE);
-		rsn_ie->akm_suite_count = 1;
-		qdf_mem_copy(rsn_ie->akm_suites, def_akm_suite, RSN_OUI_SIZE);
-
-	} else if (!rsn_ie->akm_suite_count) {
-		rsn_ie->akm_suite_count = 1;
-		qdf_mem_copy(rsn_ie->akm_suites, def_akm_suite, RSN_OUI_SIZE);
-	}
-}
-
-uint32_t sir_unpack_rsn_ie(tpAniSirGlobal mac_ctx, uint8_t *buf,
-				  uint8_t buf_len, tDot11fIERSN *rsn_ie,
-				  bool append_ie)
-{
-	uint32_t status;
-
-	status = dot11f_unpack_ie_rsn(mac_ctx, buf, buf_len, rsn_ie, append_ie);
-
-	if (rsn_ie->present)
-		sir_update_def_rsn_params(rsn_ie);
-
-	return status;
-}
-
-uint32_t sir_unpack_beacon_ie(tpAniSirGlobal mac_ctx, uint8_t *buf,
-	uint32_t buf_len, tDot11fBeaconIEs *frame, bool append_ie)
-{
-	uint32_t status;
-
-	status = dot11f_unpack_beacon_i_es(mac_ctx, buf, buf_len,
-						   frame, append_ie);
-
-	if (frame->RSN.present)
-		sir_update_def_rsn_params(&frame->RSN);
-
-	return status;
-}
-
 tSirRetStatus
 sir_parse_beacon_ie(tpAniSirGlobal pMac,
 		    tpSirProbeRespBeacon pBeaconStruct,
@@ -3754,7 +3688,7 @@ sir_parse_beacon_ie(tpAniSirGlobal pMac,
 	}
 	qdf_mem_zero(pBies, sizeof(tDot11fBeaconIEs));
 	/* delegate to the framesc-generated code, */
-	status = sir_unpack_beacon_ie(pMac, pPayload, nPayload,
+	status = dot11f_unpack_beacon_i_es(pMac, pPayload, nPayload,
 					   pBies, false);
 
 	if (DOT11F_FAILED(status)) {

core/sme/src/common/sme_api.c

@@ -16032,7 +16032,7 @@ uint32_t sme_unpack_rsn_ie(tHalHandle hal, uint8_t *buf,
 {
 	tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal);
 
-	return sir_unpack_rsn_ie(mac_ctx, buf, buf_len, rsn_ie, append_ie);
+	return dot11f_unpack_ie_rsn(mac_ctx, buf, buf_len, rsn_ie, append_ie);
 }
 
 /**

core/sme/src/csr/csr_api_roam.c

@@ -6406,11 +6406,11 @@ static QDF_STATUS csr_roam_save_params(tpAniSirGlobal mac_ctx,
 			/*
 			 * Calculate the actual length
 			 * version + gp_cipher_suite + pwise_cipher_suite_count
-			 * + akm_suite_count + reserved + pwise_cipher_suites
+			 * + akm_suite_cnt + reserved + pwise_cipher_suites
 			 */
 			nIeLen = 8 + 2 + 2
 				+ (rsnie->pwise_cipher_suite_count * 4)
-				+ (rsnie->akm_suite_count * 4);
+				+ (rsnie->akm_suite_cnt * 4);
 			if (rsnie->pmkid_count)
 				/* pmkid */
 				nIeLen += 2 + rsnie->pmkid_count * 4;
@@ -6422,7 +6422,7 @@ static QDF_STATUS csr_roam_save_params(tpAniSirGlobal mac_ctx,
 
 			session_ptr->pWpaRsnRspIE[0] = DOT11F_EID_RSN;
 			session_ptr->pWpaRsnRspIE[1] = (uint8_t) nIeLen;
-			/* copy upto akm_suites */
+			/* copy upto akm_suite */
 			pIeBuf = session_ptr->pWpaRsnRspIE + 2;
 			qdf_mem_copy(pIeBuf, &rsnie->version,
 					sizeof(rsnie->version));
@@ -6439,17 +6439,17 @@ static QDF_STATUS csr_roam_save_params(tpAniSirGlobal mac_ctx,
 					rsnie->pwise_cipher_suite_count * 4);
 				pIeBuf += rsnie->pwise_cipher_suite_count * 4;
 			}
-			qdf_mem_copy(pIeBuf, &rsnie->akm_suite_count, 2);
+			qdf_mem_copy(pIeBuf, &rsnie->akm_suite_cnt, 2);
 			pIeBuf += 2;
-			if (rsnie->akm_suite_count) {
-				/* copy akm_suites */
-				qdf_mem_copy(pIeBuf, rsnie->akm_suites,
-					rsnie->akm_suite_count * 4);
-				pIeBuf += rsnie->akm_suite_count * 4;
+			if (rsnie->akm_suite_cnt) {
+				/* copy akm_suite */
+				qdf_mem_copy(pIeBuf, rsnie->akm_suite,
+					rsnie->akm_suite_cnt * 4);
+				pIeBuf += rsnie->akm_suite_cnt * 4;
 			}
 			/* copy the rest */
-			qdf_mem_copy(pIeBuf, rsnie->akm_suites +
-				rsnie->akm_suite_count * 4,
+			qdf_mem_copy(pIeBuf, rsnie->akm_suite +
+				rsnie->akm_suite_cnt * 4,
 				2 + rsnie->pmkid_count * 4);
 			session_ptr->nWpaRsnRspIeLength = nIeLen + 2;
 		}

core/sme/src/csr/csr_util.c

@@ -1597,7 +1597,7 @@ QDF_STATUS csr_parse_bss_description_ies(tHalHandle hHal,
 		      GET_FIELD_OFFSET(tSirBssDescription, ieFields));
 
 	if (ieLen > 0 && pIEStruct) {
-		if (!DOT11F_FAILED(sir_unpack_beacon_ie
+		if (!DOT11F_FAILED(dot11f_unpack_beacon_i_es
 				    (pMac, (uint8_t *) pBssDesc->ieFields,
 				    ieLen, pIEStruct, false)))
 		status = QDF_STATUS_SUCCESS;
@@ -3370,10 +3370,10 @@ static bool csr_get_rsn_information(tHalHandle hal, tCsrAuthList *auth_type,
 	c_ucast_cipher =
 		(uint8_t) (rsn_ie->pwise_cipher_suite_count);
 
-	c_auth_suites = (uint8_t) (rsn_ie->akm_suite_count);
+	c_auth_suites = (uint8_t) (rsn_ie->akm_suite_cnt);
 	for (i = 0; i < c_auth_suites && i < CSR_RSN_MAX_AUTH_SUITES; i++) {
 		qdf_mem_copy((void *)&authsuites[i],
-			(void *)&rsn_ie->akm_suites[i], CSR_RSN_OUI_SIZE);
+			(void *)&rsn_ie->akm_suite[i], CSR_RSN_OUI_SIZE);
 	}
 
 	/* Check - Is requested unicast Cipher supported by the BSS. */
@@ -3886,7 +3886,7 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId,
 #endif
 	tDot11fBeaconIEs *pIesLocal = pIes;
 	eCsrAuthType negAuthType = eCSR_AUTH_TYPE_UNKNOWN;
-	tDot11fIERSN rsn_ie;
+	tDot11fIERSN rsn_ie = {0};
 
 	qdf_mem_zero(&pmkid_cache, sizeof(pmkid_cache));
 	qdf_mem_zero(&rsn_ie, sizeof(rsn_ie));
@@ -3908,7 +3908,7 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId,
 		 * the AP, so that only common capability are enabled.
 		 */
 		if (pProfile->pRSNReqIE && pProfile->nRSNReqIELength) {
-			sir_unpack_rsn_ie(pMac, pProfile->pRSNReqIE + 2,
+			dot11f_unpack_ie_rsn(pMac, pProfile->pRSNReqIE + 2,
 				  pProfile->nRSNReqIELength -2, &rsn_ie, false);
 			pIesLocal->RSN.RSN_Cap[0] = pIesLocal->RSN.RSN_Cap[0] &
 						    rsn_ie.RSN_Cap[0];