[PATCH wireless-next v2 0/6] Consolidate Michael MIC code into cfg80211

[Eric Biggers]

Michael MIC is an inherently weak algorithm that is specific to WPA
TKIP, which itself was an interim security solution to replace the
broken WEP standard.

Currently, the primary implementation of Michael MIC in the kernel is
the one in the mac80211 module.  But there's also a duplicate
implementation in crypto/michael_mic.c which is exposed via the
crypto_shash API.  It's used only by a few wireless drivers.

Seeing as Michael MIC is specific to WPA TKIP and should never be used
elsewhere, this series removes the crypto subsystem's implementation of
Michael MIC, leaving just the wireless subsystem's implementation.  To
do that, it moves the latter implementation from mac80211 to cfg80211,
then converts the above-mentioned drivers to use it.

This consolidates duplicate code and prevents other kernel subsystems
from accidentally using this insecure algorithm.

Changed in v2:

    - Added preparatory patch to fix a bisection hazard.

    - Moved michael_mic() to cfg80211 so that ipw2x00 doesn't have to
      start depending on mac80211.

    - Adjusted the 'fips_enabled' error messages, and updated the commit
      messages to clarify that ath11k and ath12k don't actually work at
      all in FIPS mode but that these patches don't aim to fix that.

Eric Biggers (6):
  wifi: ipw2x00: Rename michael_mic() to libipw_michael_mic()
  wifi: mac80211, cfg80211: Export michael_mic() and move it to cfg80211
  wifi: ath11k: Use michael_mic() from cfg80211
  wifi: ath12k: Use michael_mic() from cfg80211
  wifi: ipw2x00: Use michael_mic() from cfg80211
  crypto: Remove michael_mic from crypto_shash API

 arch/arm/configs/omap2plus_defconfig          |   1 -
 arch/arm/configs/spitz_defconfig              |   1 -
 arch/arm64/configs/defconfig                  |   1 -
 arch/m68k/configs/amiga_defconfig             |   1 -
 arch/m68k/configs/apollo_defconfig            |   1 -
 arch/m68k/configs/atari_defconfig             |   1 -
 arch/m68k/configs/bvme6000_defconfig          |   1 -
 arch/m68k/configs/hp300_defconfig             |   1 -
 arch/m68k/configs/mac_defconfig               |   1 -
 arch/m68k/configs/multi_defconfig             |   1 -
 arch/m68k/configs/mvme147_defconfig           |   1 -
 arch/m68k/configs/mvme16x_defconfig           |   1 -
 arch/m68k/configs/q40_defconfig               |   1 -
 arch/m68k/configs/sun3_defconfig              |   1 -
 arch/m68k/configs/sun3x_defconfig             |   1 -
 arch/mips/configs/bigsur_defconfig            |   1 -
 arch/mips/configs/decstation_64_defconfig     |   1 -
 arch/mips/configs/decstation_defconfig        |   1 -
 arch/mips/configs/decstation_r4k_defconfig    |   1 -
 arch/mips/configs/gpr_defconfig               |   1 -
 arch/mips/configs/ip32_defconfig              |   1 -
 arch/mips/configs/lemote2f_defconfig          |   1 -
 arch/mips/configs/malta_qemu_32r6_defconfig   |   1 -
 arch/mips/configs/maltaaprp_defconfig         |   1 -
 arch/mips/configs/maltasmvp_defconfig         |   1 -
 arch/mips/configs/maltasmvp_eva_defconfig     |   1 -
 arch/mips/configs/maltaup_defconfig           |   1 -
 arch/mips/configs/mtx1_defconfig              |   1 -
 arch/mips/configs/rm200_defconfig             |   1 -
 arch/mips/configs/sb1250_swarm_defconfig      |   1 -
 arch/parisc/configs/generic-32bit_defconfig   |   1 -
 arch/parisc/configs/generic-64bit_defconfig   |   1 -
 arch/powerpc/configs/g5_defconfig             |   1 -
 arch/powerpc/configs/linkstation_defconfig    |   1 -
 arch/powerpc/configs/mvme5100_defconfig       |   1 -
 arch/powerpc/configs/powernv_defconfig        |   1 -
 arch/powerpc/configs/ppc64_defconfig          |   1 -
 arch/powerpc/configs/ppc64e_defconfig         |   1 -
 arch/powerpc/configs/ppc6xx_defconfig         |   1 -
 arch/powerpc/configs/ps3_defconfig            |   1 -
 arch/s390/configs/debug_defconfig             |   1 -
 arch/s390/configs/defconfig                   |   1 -
 arch/sh/configs/sh2007_defconfig              |   1 -
 arch/sh/configs/titan_defconfig               |   1 -
 arch/sh/configs/ul2_defconfig                 |   1 -
 arch/sparc/configs/sparc32_defconfig          |   1 -
 arch/sparc/configs/sparc64_defconfig          |   1 -
 crypto/Kconfig                                |  12 --
 crypto/Makefile                               |   1 -
 crypto/michael_mic.c                          | 176 ------------------
 crypto/tcrypt.c                               |   4 -
 crypto/testmgr.c                              |   6 -
 crypto/testmgr.h                              |  50 -----
 drivers/net/wireless/ath/ath11k/Kconfig       |   1 -
 drivers/net/wireless/ath/ath11k/dp.c          |   2 -
 drivers/net/wireless/ath/ath11k/dp_rx.c       |  60 +-----
 drivers/net/wireless/ath/ath11k/peer.h        |   1 -
 drivers/net/wireless/ath/ath12k/Kconfig       |   1 -
 drivers/net/wireless/ath/ath12k/dp.c          |   2 -
 drivers/net/wireless/ath/ath12k/dp_peer.h     |   1 -
 drivers/net/wireless/ath/ath12k/dp_rx.c       |  55 +-----
 drivers/net/wireless/ath/ath12k/dp_rx.h       |   4 -
 drivers/net/wireless/ath/ath12k/wifi7/dp_rx.c |   7 +-
 drivers/net/wireless/intel/ipw2x00/Kconfig    |   1 -
 .../intel/ipw2x00/libipw_crypto_tkip.c        | 120 +-----------
 include/linux/ieee80211.h                     |   5 +
 net/mac80211/Makefile                         |   1 -
 net/mac80211/michael.h                        |  22 ---
 net/mac80211/wpa.c                            |   1 -
 net/wireless/Makefile                         |   2 +-
 .../michael.c => wireless/michael-mic.c}      |   5 +-
 71 files changed, 30 insertions(+), 557 deletions(-)
 delete mode 100644 crypto/michael_mic.c
 delete mode 100644 net/mac80211/michael.h
 rename net/{mac80211/michael.c => wireless/michael-mic.c} (96%)


base-commit: aa5e9884a2d63aa20fc3396d369382c1ecd16109
-- 
2.53.0