From: Eric Biggers <ebiggers@kernel.org>
To: Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH wireless-next v2 0/6] Consolidate Michael MIC code into cfg80211
Date: Tue, 7 Apr 2026 20:06:45 -0700 [thread overview]
Message-ID: <20260408030651.80336-1-ebiggers@kernel.org> (raw)
Michael MIC is an inherently weak algorithm that is specific to WPA
TKIP, which itself was an interim security solution to replace the
broken WEP standard.
Currently, the primary implementation of Michael MIC in the kernel is
the one in the mac80211 module. But there's also a duplicate
implementation in crypto/michael_mic.c which is exposed via the
crypto_shash API. It's used only by a few wireless drivers.
Seeing as Michael MIC is specific to WPA TKIP and should never be used
elsewhere, this series removes the crypto subsystem's implementation of
Michael MIC, leaving just the wireless subsystem's implementation. To
do that, it moves the latter implementation from mac80211 to cfg80211,
then converts the above-mentioned drivers to use it.
This consolidates duplicate code and prevents other kernel subsystems
from accidentally using this insecure algorithm.
Changed in v2:
- Added preparatory patch to fix a bisection hazard.
- Moved michael_mic() to cfg80211 so that ipw2x00 doesn't have to
start depending on mac80211.
- Adjusted the 'fips_enabled' error messages, and updated the commit
messages to clarify that ath11k and ath12k don't actually work at
all in FIPS mode but that these patches don't aim to fix that.
Eric Biggers (6):
wifi: ipw2x00: Rename michael_mic() to libipw_michael_mic()
wifi: mac80211, cfg80211: Export michael_mic() and move it to cfg80211
wifi: ath11k: Use michael_mic() from cfg80211
wifi: ath12k: Use michael_mic() from cfg80211
wifi: ipw2x00: Use michael_mic() from cfg80211
crypto: Remove michael_mic from crypto_shash API
arch/arm/configs/omap2plus_defconfig | 1 -
arch/arm/configs/spitz_defconfig | 1 -
arch/arm64/configs/defconfig | 1 -
arch/m68k/configs/amiga_defconfig | 1 -
arch/m68k/configs/apollo_defconfig | 1 -
arch/m68k/configs/atari_defconfig | 1 -
arch/m68k/configs/bvme6000_defconfig | 1 -
arch/m68k/configs/hp300_defconfig | 1 -
arch/m68k/configs/mac_defconfig | 1 -
arch/m68k/configs/multi_defconfig | 1 -
arch/m68k/configs/mvme147_defconfig | 1 -
arch/m68k/configs/mvme16x_defconfig | 1 -
arch/m68k/configs/q40_defconfig | 1 -
arch/m68k/configs/sun3_defconfig | 1 -
arch/m68k/configs/sun3x_defconfig | 1 -
arch/mips/configs/bigsur_defconfig | 1 -
arch/mips/configs/decstation_64_defconfig | 1 -
arch/mips/configs/decstation_defconfig | 1 -
arch/mips/configs/decstation_r4k_defconfig | 1 -
arch/mips/configs/gpr_defconfig | 1 -
arch/mips/configs/ip32_defconfig | 1 -
arch/mips/configs/lemote2f_defconfig | 1 -
arch/mips/configs/malta_qemu_32r6_defconfig | 1 -
arch/mips/configs/maltaaprp_defconfig | 1 -
arch/mips/configs/maltasmvp_defconfig | 1 -
arch/mips/configs/maltasmvp_eva_defconfig | 1 -
arch/mips/configs/maltaup_defconfig | 1 -
arch/mips/configs/mtx1_defconfig | 1 -
arch/mips/configs/rm200_defconfig | 1 -
arch/mips/configs/sb1250_swarm_defconfig | 1 -
arch/parisc/configs/generic-32bit_defconfig | 1 -
arch/parisc/configs/generic-64bit_defconfig | 1 -
arch/powerpc/configs/g5_defconfig | 1 -
arch/powerpc/configs/linkstation_defconfig | 1 -
arch/powerpc/configs/mvme5100_defconfig | 1 -
arch/powerpc/configs/powernv_defconfig | 1 -
arch/powerpc/configs/ppc64_defconfig | 1 -
arch/powerpc/configs/ppc64e_defconfig | 1 -
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/powerpc/configs/ps3_defconfig | 1 -
arch/s390/configs/debug_defconfig | 1 -
arch/s390/configs/defconfig | 1 -
arch/sh/configs/sh2007_defconfig | 1 -
arch/sh/configs/titan_defconfig | 1 -
arch/sh/configs/ul2_defconfig | 1 -
arch/sparc/configs/sparc32_defconfig | 1 -
arch/sparc/configs/sparc64_defconfig | 1 -
crypto/Kconfig | 12 --
crypto/Makefile | 1 -
crypto/michael_mic.c | 176 ------------------
crypto/tcrypt.c | 4 -
crypto/testmgr.c | 6 -
crypto/testmgr.h | 50 -----
drivers/net/wireless/ath/ath11k/Kconfig | 1 -
drivers/net/wireless/ath/ath11k/dp.c | 2 -
drivers/net/wireless/ath/ath11k/dp_rx.c | 60 +-----
drivers/net/wireless/ath/ath11k/peer.h | 1 -
drivers/net/wireless/ath/ath12k/Kconfig | 1 -
drivers/net/wireless/ath/ath12k/dp.c | 2 -
drivers/net/wireless/ath/ath12k/dp_peer.h | 1 -
drivers/net/wireless/ath/ath12k/dp_rx.c | 55 +-----
drivers/net/wireless/ath/ath12k/dp_rx.h | 4 -
drivers/net/wireless/ath/ath12k/wifi7/dp_rx.c | 7 +-
drivers/net/wireless/intel/ipw2x00/Kconfig | 1 -
.../intel/ipw2x00/libipw_crypto_tkip.c | 120 +-----------
include/linux/ieee80211.h | 5 +
net/mac80211/Makefile | 1 -
net/mac80211/michael.h | 22 ---
net/mac80211/wpa.c | 1 -
net/wireless/Makefile | 2 +-
.../michael.c => wireless/michael-mic.c} | 5 +-
71 files changed, 30 insertions(+), 557 deletions(-)
delete mode 100644 crypto/michael_mic.c
delete mode 100644 net/mac80211/michael.h
rename net/{mac80211/michael.c => wireless/michael-mic.c} (96%)
base-commit: aa5e9884a2d63aa20fc3396d369382c1ecd16109
--
2.53.0
next reply other threads:[~2026-04-08 3:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-08 3:06 Eric Biggers [this message]
2026-04-08 3:06 ` [PATCH wireless-next v2 1/6] wifi: ipw2x00: Rename michael_mic() to libipw_michael_mic() Eric Biggers
2026-04-08 3:06 ` [PATCH wireless-next v2 2/6] wifi: mac80211, cfg80211: Export michael_mic() and move it to cfg80211 Eric Biggers
2026-04-08 3:06 ` [PATCH wireless-next v2 3/6] wifi: ath11k: Use michael_mic() from cfg80211 Eric Biggers
2026-04-08 3:06 ` [PATCH wireless-next v2 4/6] wifi: ath12k: " Eric Biggers
2026-04-08 3:06 ` [PATCH wireless-next v2 5/6] wifi: ipw2x00: " Eric Biggers
2026-04-08 3:06 ` [PATCH wireless-next v2 6/6] crypto: Remove michael_mic from crypto_shash API Eric Biggers
2026-04-08 8:09 ` Herbert Xu
2026-04-08 6:32 ` [PATCH wireless-next v2 0/6] Consolidate Michael MIC code into cfg80211 Johannes Berg
2026-04-08 7:13 ` Eric Biggers
2026-04-08 7:28 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260408030651.80336-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=johannes@sipsolutions.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox