On Wed, Jun 12, 2019 at 06:19:52PM +0200, Ard Biesheuvel wrote:
> This is a follow-up to, and supersedes [0], which moved some WEP code from
> the cipher to the skcipher interface, in order to reduce the use of the bare
> cipher interface in non-crypto subsystem code.
>
> Since using the skcipher interface to invoke the generic C implementation of
> an algorithm that is known at compile time is rather pointless, this series
> moves those users to a new arc4 library interface instead, which is based on
> the existing code.
>
> Along the way, the arc4 cipher implementation is removed entirely, and only
> the ecb(arc4) code is preserved, which is used in a number of places in the
> kernel, and is known to be used by at least 'iwd' from user space via the
> algif_skcipher API.
>
> Changes since v4:
> - add a missing MODULE_LICENSE() for the new libarc4 module
> - add a missing 'select CRYPTO_LIB_ARC4' to the lib80211-tkip patch
> - some cosmetic changes for the skcipher driver after removing the cipher code
> - a testmgr fix to ensure that the test framework understands that this
> skcipher
> driver is the reference for testing ecb(arc4)
>
> Changes since v3:
> - fix some remaining occurrences where a tfm non-NULL test should be replaced
> with a fips_enabled test
> - use kzfree() or memzero_explicit() to clear the arc4 ctx where appropriate
> - clean up the function naming of the crypto arc4 driver when removing the
> cipher part
> - remove .h declaration of a function that is being removed
> - revert a prior CIFS change that moved a variable from the stack to the heap,
> which is no longer necessary
> - remove arc4 softdep from the cifs code
>
> Changes since v2:
> - drop the crypto_ prefix from the arc4 library functions and types
> - rename the source file to arc4.c but keep the lib prefix for the actual
> module to prevent a clash with the crypto API driver
> - preserve the existing behavior wrt the fips_enabled flag, which prevents
> any use of ARC4 (note that the fips_enabled flag evaluates to 'false' at
> compile time for kernels that lack the feature, so with these patches, we
> get rid of most of the runtime logic regarding FIPS for builds that don't
> have it enabled)
>
> [0]
> https://lore.kernel.org/linux-crypto/[email protected]/
>
> Cc: Herbert Xu <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Eric Biggers <[email protected]>
> Cc: Johannes Berg <[email protected]>
>
> Ard Biesheuvel (7):
> crypto: arc4 - refactor arc4 core code into separate library
> net/mac80211: move WEP handling to ARC4 library interface
> net/lib80211: move WEP handling to ARC4 library code
> net/lib80211: move TKIP handling to ARC4 library code
> crypto: arc4 - remove cipher implementation
> ppp: mppe: switch to RC4 library interface
> fs: cifs: switch to RC4 library interface
>
> MAINTAINERS | 1 +
> crypto/Kconfig | 4 +
> crypto/arc4.c | 124 +++-----------------
> crypto/testmgr.c | 1 +
> drivers/net/ppp/Kconfig | 3 +-
> drivers/net/ppp/ppp_mppe.c | 97 +++------------
> fs/cifs/Kconfig | 2 +-
> fs/cifs/cifsencrypt.c | 62 +++-------
> fs/cifs/cifsfs.c | 1 -
> include/crypto/arc4.h | 10 ++
> lib/Makefile | 2 +-
> lib/crypto/Makefile | 4 +
> lib/crypto/arc4.c | 74 ++++++++++++
> net/mac80211/Kconfig | 2 +-
> net/mac80211/cfg.c | 4 +-
> net/mac80211/ieee80211_i.h | 4 +-
> net/mac80211/key.h | 1 +
> net/mac80211/main.c | 6 +-
> net/mac80211/mlme.c | 3 +-
> net/mac80211/tkip.c | 8 +-
> net/mac80211/tkip.h | 4 +-
> net/mac80211/wep.c | 49 ++------
> net/mac80211/wep.h | 5 +-
> net/mac80211/wpa.c | 4 +-
> net/wireless/Kconfig | 2 +
> net/wireless/lib80211_crypt_tkip.c | 48 +++-----
> net/wireless/lib80211_crypt_wep.c | 51 ++------
> 27 files changed, 205 insertions(+), 371 deletions(-)
> create mode 100644 lib/crypto/Makefile
> create mode 100644 lib/crypto/arc4.c
For the series:
Reviewed-by: Eric Biggers <[email protected]>
- Eric