From: Eric Biggers <ebiggers@kernel.org>
To: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Cc: Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: [PATCH wireless-next 0/6] Consolidate Michael MIC code into mac80211
Date: Mon, 6 Apr 2026 09:02:22 -0700 [thread overview]
Message-ID: <20260406160222.GA2971@sol> (raw)
In-Reply-To: <01c3a67a-abd2-4eb3-b6dd-f87a4b33065b@oss.qualcomm.com>
On Mon, Apr 06, 2026 at 08:59:43AM -0700, Jeff Johnson wrote:
> On 4/4/2026 10:27 PM, Eric Biggers wrote:
> > Michael MIC is an inherently weak algorithm that is specific to WPA
> > TKIP, which itself was an interim security solution to replace the
> > broken WEP standard.
> >
> > Currently, the primary implementation of Michael MIC in the kernel is
> > the one in the mac80211 module. But there's also a duplicate
> > implementation in crypto/michael_mic.c which is exposed via the
> > crypto_shash API. It's used only by a few wireless drivers.
> >
> > Seeing as Michael MIC is specific to WPA TKIP and should never be used
> > elsewhere, this series migrates those few drivers to the mac80211
> > implementation of Michael MIC, then removes the crypto implementation of
> > Michael MIC. This consolidates duplicate code and prevents other kernel
> > subsystems from accidentally using this insecure algorithm.
> >
> > This series is targeting wireless-next.
> >
> > Eric Biggers (6):
> > wifi: mac80211: Export michael_mic()
> > wifi: ath11k: Use michael_mic() from mac80211
> > wifi: ath12k: Use michael_mic() from mac80211
> > wifi: ipw2x00: Depend on MAC80211
> > wifi: ipw2x00: Use michael_mic() from mac80211
> > crypto: Remove michael_mic from crypto_shash API
> >
> > arch/arm/configs/omap2plus_defconfig | 1 -
> > arch/arm/configs/spitz_defconfig | 1 -
> > arch/arm64/configs/defconfig | 1 -
> > arch/m68k/configs/amiga_defconfig | 1 -
> > arch/m68k/configs/apollo_defconfig | 1 -
> > arch/m68k/configs/atari_defconfig | 1 -
> > arch/m68k/configs/bvme6000_defconfig | 1 -
> > arch/m68k/configs/hp300_defconfig | 1 -
> > arch/m68k/configs/mac_defconfig | 1 -
> > arch/m68k/configs/multi_defconfig | 1 -
> > arch/m68k/configs/mvme147_defconfig | 1 -
> > arch/m68k/configs/mvme16x_defconfig | 1 -
> > arch/m68k/configs/q40_defconfig | 1 -
> > arch/m68k/configs/sun3_defconfig | 1 -
> > arch/m68k/configs/sun3x_defconfig | 1 -
> > arch/mips/configs/bigsur_defconfig | 1 -
> > arch/mips/configs/decstation_64_defconfig | 1 -
> > arch/mips/configs/decstation_defconfig | 1 -
> > arch/mips/configs/decstation_r4k_defconfig | 1 -
> > arch/mips/configs/gpr_defconfig | 1 -
> > arch/mips/configs/ip32_defconfig | 1 -
> > arch/mips/configs/lemote2f_defconfig | 1 -
> > arch/mips/configs/malta_qemu_32r6_defconfig | 1 -
> > arch/mips/configs/maltaaprp_defconfig | 1 -
> > arch/mips/configs/maltasmvp_defconfig | 1 -
> > arch/mips/configs/maltasmvp_eva_defconfig | 1 -
> > arch/mips/configs/maltaup_defconfig | 1 -
> > arch/mips/configs/mtx1_defconfig | 1 -
> > arch/mips/configs/rm200_defconfig | 1 -
> > arch/mips/configs/sb1250_swarm_defconfig | 1 -
> > arch/parisc/configs/generic-32bit_defconfig | 1 -
> > arch/parisc/configs/generic-64bit_defconfig | 1 -
> > arch/powerpc/configs/g5_defconfig | 1 -
> > arch/powerpc/configs/linkstation_defconfig | 1 -
> > arch/powerpc/configs/mvme5100_defconfig | 1 -
> > arch/powerpc/configs/powernv_defconfig | 1 -
> > arch/powerpc/configs/ppc64_defconfig | 1 -
> > arch/powerpc/configs/ppc64e_defconfig | 1 -
> > arch/powerpc/configs/ppc6xx_defconfig | 1 -
> > arch/powerpc/configs/ps3_defconfig | 1 -
> > arch/s390/configs/debug_defconfig | 1 -
> > arch/s390/configs/defconfig | 1 -
> > arch/sh/configs/sh2007_defconfig | 1 -
> > arch/sh/configs/titan_defconfig | 1 -
> > arch/sh/configs/ul2_defconfig | 1 -
> > arch/sparc/configs/sparc32_defconfig | 1 -
> > arch/sparc/configs/sparc64_defconfig | 1 -
> > crypto/Kconfig | 12 --
> > crypto/Makefile | 1 -
> > crypto/michael_mic.c | 176 ------------------
> > crypto/tcrypt.c | 4 -
> > crypto/testmgr.c | 6 -
> > crypto/testmgr.h | 50 -----
> > drivers/net/wireless/ath/ath11k/Kconfig | 1 -
> > drivers/net/wireless/ath/ath11k/dp.c | 2 -
> > drivers/net/wireless/ath/ath11k/dp_rx.c | 60 +-----
> > drivers/net/wireless/ath/ath11k/peer.h | 1 -
> > drivers/net/wireless/ath/ath12k/Kconfig | 1 -
> > drivers/net/wireless/ath/ath12k/dp.c | 2 -
> > drivers/net/wireless/ath/ath12k/dp_peer.h | 1 -
> > drivers/net/wireless/ath/ath12k/dp_rx.c | 55 +-----
> > drivers/net/wireless/ath/ath12k/dp_rx.h | 4 -
> > drivers/net/wireless/ath/ath12k/wifi7/dp_rx.c | 7 +-
> > drivers/net/wireless/intel/ipw2x00/Kconfig | 7 +-
> > .../intel/ipw2x00/libipw_crypto_tkip.c | 120 +-----------
> > include/linux/ieee80211.h | 5 +
> > net/mac80211/michael.c | 5 +-
> > net/mac80211/michael.h | 22 ---
> > net/mac80211/wpa.c | 1 -
> > 69 files changed, 32 insertions(+), 558 deletions(-)
> > delete mode 100644 crypto/michael_mic.c
> > delete mode 100644 net/mac80211/michael.h
> >
> >
> > base-commit: dbd94b9831bc52a1efb7ff3de841ffc3457428ce
>
> Note this series does not bisect cleanly since the introduction of the export
> in 1/6 causes build failures:
>
> ../drivers/net/wireless/intel/ipw2x00/libipw_crypto_tkip.c:467:12: error: conflicting types for 'michael_mic'; have 'int(struct crypto_shash *, u8 *, u8 *, u8 *, size_t, u8 *)' {aka 'int(struct crypto_shash *, unsigned char *, unsigned char *, unsigned char *, long unsigned int, unsigned char *)'}
> 467 | static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
> | ^~~~~~~~~~~
> In file included from ../drivers/net/wireless/intel/ipw2x00/libipw_crypto_tkip.c:25:
> ../include/linux/ieee80211.h:1926:6: note: previous declaration of 'michael_mic' with type 'void(const u8 *, struct ieee80211_hdr *, const u8 *, size_t, u8 *)' {aka 'void(const unsigned char *, struct ieee80211_hdr *, const unsigned char *, long unsigned int, unsigned char *)'}
> 1926 | void michael_mic(const u8 *key, struct ieee80211_hdr *hdr,
Thanks! I'll add a preparatory patch that temporarily renames the
michael_mic() in libipw_crypto_tkip.c.
- Eric
next prev parent reply other threads:[~2026-04-06 16:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-05 5:27 [PATCH wireless-next 0/6] Consolidate Michael MIC code into mac80211 Eric Biggers
2026-04-05 5:27 ` [PATCH wireless-next 1/6] wifi: mac80211: Export michael_mic() Eric Biggers
2026-04-05 5:27 ` [PATCH wireless-next 2/6] wifi: ath11k: Use michael_mic() from mac80211 Eric Biggers
2026-04-05 5:27 ` [PATCH wireless-next 3/6] wifi: ath12k: " Eric Biggers
2026-04-05 5:27 ` [PATCH wireless-next 4/6] wifi: ipw2x00: Depend on MAC80211 Eric Biggers
2026-04-05 22:41 ` Jeff Johnson
2026-04-06 16:06 ` Eric Biggers
2026-04-05 5:27 ` [PATCH wireless-next 5/6] wifi: ipw2x00: Use michael_mic() from mac80211 Eric Biggers
2026-04-05 5:27 ` [PATCH wireless-next 6/6] crypto: Remove michael_mic from crypto_shash API Eric Biggers
2026-04-07 7:53 ` Geert Uytterhoeven
2026-04-06 15:59 ` [PATCH wireless-next 0/6] Consolidate Michael MIC code into mac80211 Jeff Johnson
2026-04-06 16:02 ` Eric Biggers [this message]
2026-04-07 6:00 ` Johannes Berg
2026-04-07 6:15 ` Eric Biggers
2026-04-07 6:22 ` Johannes Berg
2026-04-07 6:24 ` Christoph Hellwig
2026-04-07 6:28 ` Johannes Berg
2026-04-07 6:33 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260406160222.GA2971@sol \
--to=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jeff.johnson@oss.qualcomm.com \
--cc=johannes@sipsolutions.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox