Re: [PATCH wireless-next 0/6] Consolidate Michael MIC code into mac80211

Next message: Baolin Wang: "Re: [PATCH v3 14/14] mm/vmscan: unify writeback reclaim statistic and throttling"
Previous message: Tiezhu Yang: "[PATCH v2 1/5] LoongArch: Define format for AM{SWAP/ADD}.{B/H}, DBAR and BSTRINS.D"
In reply to: Eric Biggers: "Re: [PATCH wireless-next 0/6] Consolidate Michael MIC code into mac80211"
Next in thread: Eric Biggers: "Re: [PATCH wireless-next 0/6] Consolidate Michael MIC code into mac80211"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Johannes Berg

Date: Tue Apr 07 2026 - 02:27:33 EST

Hi,

On Sat, 2026-04-04 at 22:27 -0700, Eric Biggers wrote:
> Michael MIC is an inherently weak algorithm that is specific to WPA
> TKIP, which itself was an interim security solution to replace the
> broken WEP standard.

Heh, yeah, we keep thinking about whether or not we can remove either of
them completely, but ... backward compatibility is messy.

> Seeing as Michael MIC is specific to WPA TKIP and should never be used
> elsewhere, this series migrates those few drivers to the mac80211
> implementation of Michael MIC, then removes the crypto implementation of
> Michael MIC. This consolidates duplicate code and prevents other kernel
> subsystems from accidentally using this insecure algorithm.

Makes sense, mostly.

The one thing that feels odd to me in this is moving it to *mac80211*
specifically, and then using that in the ancient drivers. Not only is
that a big module those don't (otherwise) need, but also it makes it
look like you need the softmac stack for those drivers, but they're
really hardmac so that's a bit confusing.

I wouldn't want to have a separate module just for this, but I think
since it's going to be exported anyway, we could move the whole
michael.c file to net/wireless/ and make it part of cfg80211. All
wireless drivers ought to depend on that anyway.

johannes