On Wed, Jun 12, 2019 at 06:19:52PM +0200, Ard Biesheuvel wrote: > This is a follow-up to, and supersedes [0], which moved some WEP code from > the cipher to the skcipher interface, in order to reduce the use of the bare > cipher interface in non-crypto subsystem code. > > Since using the skcipher interface to invoke the generic C implementation of > an algorithm that is known at compile time is rather pointless, this series > moves those users to a new arc4 library interface instead, which is based on > the existing code. > > Along the way, the arc4 cipher implementation is removed entirely, and only > the ecb(arc4) code is preserved, which is used in a number of places in the > kernel, and is known to be used by at least 'iwd' from user space via the > algif_skcipher API. > > Changes since v4: > - add a missing MODULE_LICENSE() for the new libarc4 module > - add a missing 'select CRYPTO_LIB_ARC4' to the lib80211-tkip patch > - some cosmetic changes for the skcipher driver after removing the cipher code > - a testmgr fix to ensure that the test framework understands that this skcipher > driver is the reference for testing ecb(arc4) > > Changes since v3: > - fix some remaining occurrences where a tfm non-NULL test should be replaced > with a fips_enabled test > - use kzfree() or memzero_explicit() to clear the arc4 ctx where appropriate > - clean up the function naming of the crypto arc4 driver when removing the > cipher part > - remove .h declaration of a function that is being removed > - revert a prior CIFS change that moved a variable from the stack to the heap, > which is no longer necessary > - remove arc4 softdep from the cifs code > > Changes since v2: > - drop the crypto_ prefix from the arc4 library functions and types > - rename the source file to arc4.c but keep the lib prefix for the actual > module to prevent a clash with the crypto API driver > - preserve the existing behavior wrt the fips_enabled flag, which prevents > any use of ARC4 (note that the fips_enabled flag evaluates to 'false' at > compile time for kernels that lack the feature, so with these patches, we > get rid of most of the runtime logic regarding FIPS for builds that don't > have it enabled) > > [0] https://lore.kernel.org/linux-crypto/20190607144944.13485-1-ard.biesheuvel@xxxxxxxxxx/ > > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Eric Biggers <ebiggers@xxxxxxxxxx> > Cc: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> > > Ard Biesheuvel (7): > crypto: arc4 - refactor arc4 core code into separate library > net/mac80211: move WEP handling to ARC4 library interface > net/lib80211: move WEP handling to ARC4 library code > net/lib80211: move TKIP handling to ARC4 library code > crypto: arc4 - remove cipher implementation > ppp: mppe: switch to RC4 library interface > fs: cifs: switch to RC4 library interface > > MAINTAINERS | 1 + > crypto/Kconfig | 4 + > crypto/arc4.c | 124 +++----------------- > crypto/testmgr.c | 1 + > drivers/net/ppp/Kconfig | 3 +- > drivers/net/ppp/ppp_mppe.c | 97 +++------------ > fs/cifs/Kconfig | 2 +- > fs/cifs/cifsencrypt.c | 62 +++------- > fs/cifs/cifsfs.c | 1 - > include/crypto/arc4.h | 10 ++ > lib/Makefile | 2 +- > lib/crypto/Makefile | 4 + > lib/crypto/arc4.c | 74 ++++++++++++ > net/mac80211/Kconfig | 2 +- > net/mac80211/cfg.c | 4 +- > net/mac80211/ieee80211_i.h | 4 +- > net/mac80211/key.h | 1 + > net/mac80211/main.c | 6 +- > net/mac80211/mlme.c | 3 +- > net/mac80211/tkip.c | 8 +- > net/mac80211/tkip.h | 4 +- > net/mac80211/wep.c | 49 ++------ > net/mac80211/wep.h | 5 +- > net/mac80211/wpa.c | 4 +- > net/wireless/Kconfig | 2 + > net/wireless/lib80211_crypt_tkip.c | 48 +++----- > net/wireless/lib80211_crypt_wep.c | 51 ++------ > 27 files changed, 205 insertions(+), 371 deletions(-) > create mode 100644 lib/crypto/Makefile > create mode 100644 lib/crypto/arc4.c For the series: Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx> - Eric