From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 26/33] macsec: Use AES-GCM library instead of crypto_aead
Date: Mon, 6 Jul 2026 22:34:56 -0700 [thread overview]
Message-ID: <20260707053503.209874-27-ebiggers@kernel.org> (raw)
In-Reply-To: <20260707053503.209874-1-ebiggers@kernel.org>
Now that there's a library API for AES-GCM, use it instead of a
"gcm(aes)" crypto_aead. This significantly simplifies the code.
Notably, per-skb dynamic memory allocations and conversions to
scatterlists are eliminated. We now just iterate through the skb's data
and process it directly.
Asynchronous en/decryption operations are no longer supported, as that
execution model has been found to not be beneficial.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
drivers/net/Kconfig | 4 +-
drivers/net/macsec.c | 327 ++++++++++++++-----------------------------
include/net/macsec.h | 5 +-
3 files changed, 106 insertions(+), 230 deletions(-)
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index ff79c466712d..e7322d5a1164 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -317,9 +317,7 @@ config AMT
config MACSEC
tristate "IEEE 802.1AE MAC-level encryption (MACsec)"
- select CRYPTO
- select CRYPTO_AES
- select CRYPTO_GCM
+ select CRYPTO_LIB_AES_GCM
select GRO_CELLS
help
MACsec is an encryption standard for Ethernet.
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index fb009120a924..ce32dae77a60 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -9,7 +9,7 @@
#include <linux/skbuff.h>
#include <linux/socket.h>
#include <linux/module.h>
-#include <crypto/aead.h>
+#include <crypto/aes-gcm.h>
#include <linux/etherdevice.h>
#include <linux/netdevice.h>
#include <linux/rtnetlink.h>
@@ -134,7 +134,6 @@ static struct macsec_rxh_data *macsec_data_rtnl(const struct net_device *dev)
}
struct macsec_cb {
- struct aead_request *req;
union {
struct macsec_tx_sa *tx_sa;
struct macsec_rx_sa *rx_sa;
@@ -181,9 +180,8 @@ static void free_rxsa_work(struct work_struct *work)
struct macsec_rx_sa *sa =
container_of(to_rcu_work(work), struct macsec_rx_sa, destroy_work);
- crypto_free_aead(sa->key.tfm);
free_percpu(sa->stats);
- kfree(sa);
+ kfree_sensitive(sa);
}
static void macsec_rxsa_put(struct macsec_rx_sa *sa)
@@ -210,9 +208,8 @@ static void free_txsa_work(struct work_struct *work)
struct macsec_tx_sa *sa =
container_of(to_rcu_work(work), struct macsec_tx_sa, destroy_work);
- crypto_free_aead(sa->key.tfm);
free_percpu(sa->stats);
- kfree(sa);
+ kfree_sensitive(sa);
}
static void macsec_txsa_put(struct macsec_tx_sa *sa)
@@ -541,70 +538,72 @@ static void count_tx(struct net_device *dev, int ret, int len)
dev_sw_netstats_tx_add(dev, 1, len);
}
-static void macsec_encrypt_done(void *data, int err)
+static void macsec_crypt_chunk(struct aes_gcm_ctx *ctx, u8 *data, size_t avail,
+ size_t *assoc_len, size_t *crypt_len,
+ bool encrypt)
{
- struct sk_buff *skb = data;
- struct net_device *dev = skb->dev;
- struct macsec_dev *macsec = macsec_priv(dev);
- struct macsec_tx_sa *sa = macsec_skb_cb(skb)->tx_sa;
- int len, ret;
+ size_t n;
- aead_request_free(macsec_skb_cb(skb)->req);
-
- rcu_read_lock_bh();
- macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa);
- /* packet is encrypted/protected so tx_bytes must be calculated */
- len = macsec_msdu_len(skb) + 2 * ETH_ALEN;
- macsec_encrypt_finish(skb, dev);
- ret = dev_queue_xmit(skb);
- count_tx(dev, ret, len);
- rcu_read_unlock_bh();
+ if (*assoc_len && avail) {
+ /* Associated data */
+ n = min(avail, *assoc_len);
+ aes_gcm_auth_update(ctx, data, n);
+ data += n;
+ avail -= n;
+ *assoc_len -= n;
+ }
- macsec_txsa_put(sa);
- dev_put(dev);
+ if (*crypt_len && avail) {
+ /* En/decrypted data */
+ n = min(avail, *crypt_len);
+ if (encrypt)
+ aes_gcm_encrypt_update(ctx, data, data, n);
+ else
+ aes_gcm_decrypt_update(ctx, data, data, n);
+ *crypt_len -= n;
+ }
}
-static struct aead_request *macsec_alloc_req(struct crypto_aead *tfm,
- unsigned char **iv,
- struct scatterlist **sg,
- int num_frags)
+/**
+ * macsec_crypt_skb() - Encrypt or decrypt an skb in-place using AES-GCM
+ * @ctx: An AES-GCM context
+ * @skb: The socket buffer to process
+ * @assoc_len: Length of associated data
+ * @crypt_len: Length of payload data to encrypt or decrypt
+ * @encrypt: True for encryption, false for decryption
+ *
+ * Updates the given AES-GCM context with @assoc_len bytes of associated data
+ * from the skb, then encrypts or decrypts @crypt_len bytes in-place. Context
+ * initialization and finalization are handled by the caller.
+ *
+ * The data (both associated and en/decrypted) is taken from the linear head and
+ * frag_list. It is assumed that the @skb was processed by skb_cow_data(),
+ * meaning it has no page fragments (nr_frags == 0) and is writable.
+ */
+static void macsec_crypt_skb(struct aes_gcm_ctx *ctx, struct sk_buff *skb,
+ size_t assoc_len, size_t crypt_len, bool encrypt)
{
- size_t size, iv_offset, sg_offset;
- struct aead_request *req;
- void *tmp;
+ struct sk_buff *frag_iter;
- size = sizeof(struct aead_request) + crypto_aead_reqsize(tfm);
- iv_offset = size;
- size += GCM_AES_IV_LEN;
-
- size = ALIGN(size, __alignof__(struct scatterlist));
- sg_offset = size;
- size += sizeof(struct scatterlist) * num_frags;
-
- tmp = kmalloc(size, GFP_ATOMIC);
- if (!tmp)
- return NULL;
-
- *iv = (unsigned char *)(tmp + iv_offset);
- *sg = (struct scatterlist *)(tmp + sg_offset);
- req = tmp;
-
- aead_request_set_tfm(req, tfm);
-
- return req;
+ WARN_ON_ONCE(skb_shinfo(skb)->nr_frags);
+ macsec_crypt_chunk(ctx, skb->data, skb_headlen(skb), &assoc_len,
+ &crypt_len, encrypt);
+ skb_walk_frags(skb, frag_iter)
+ macsec_crypt_chunk(ctx, frag_iter->data, frag_iter->len,
+ &assoc_len, &crypt_len, encrypt);
}
static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
struct net_device *dev)
{
int ret;
- struct scatterlist *sg;
struct sk_buff *trailer;
- unsigned char *iv;
+ u8 iv[GCM_AES_IV_LEN];
struct ethhdr *eth;
struct macsec_eth_header *hh;
- size_t unprotected_len;
- struct aead_request *req;
+ size_t unprotected_len, assoc_len, crypt_len;
+ struct aes_gcm_ctx ctx;
+ u8 icv[MACSEC_DEFAULT_ICV_LEN];
struct macsec_secy *secy;
struct macsec_tx_sc *tx_sc;
struct macsec_tx_sa *tx_sa;
@@ -681,56 +680,32 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
return ERR_PTR(ret);
}
- req = macsec_alloc_req(tx_sa->key.tfm, &iv, &sg, ret);
- if (!req) {
- macsec_txsa_put(tx_sa);
- kfree_skb(skb);
- return ERR_PTR(-ENOMEM);
- }
-
if (secy->xpn)
macsec_fill_iv_xpn(iv, tx_sa->ssci, pn.full64, tx_sa->key.salt);
else
macsec_fill_iv(iv, secy->sci, pn.lower);
- sg_init_table(sg, ret);
- ret = skb_to_sgvec(skb, sg, 0, skb->len);
- if (unlikely(ret < 0)) {
- aead_request_free(req);
- macsec_txsa_put(tx_sa);
- kfree_skb(skb);
- return ERR_PTR(ret);
- }
-
if (tx_sc->encrypt) {
- int len = skb->len - macsec_hdr_len(sci_present) -
- secy->icv_len;
- aead_request_set_crypt(req, sg, sg, len, iv);
- aead_request_set_ad(req, macsec_hdr_len(sci_present));
+ assoc_len = macsec_hdr_len(sci_present);
+ crypt_len = skb->len - assoc_len - secy->icv_len;
} else {
- aead_request_set_crypt(req, sg, sg, 0, iv);
- aead_request_set_ad(req, skb->len - secy->icv_len);
+ assoc_len = skb->len - secy->icv_len;
+ crypt_len = 0;
}
- macsec_skb_cb(skb)->req = req;
- macsec_skb_cb(skb)->tx_sa = tx_sa;
- macsec_skb_cb(skb)->has_sci = sci_present;
- aead_request_set_callback(req, 0, macsec_encrypt_done, skb);
+ aes_gcm_init(&ctx, iv, &tx_sa->key.gcm_key);
+ macsec_crypt_skb(&ctx, skb, assoc_len, crypt_len, true);
+ aes_gcm_encrypt_final(&ctx, icv);
- dev_hold(skb->dev);
- ret = crypto_aead_encrypt(req);
- if (ret == -EINPROGRESS) {
- return ERR_PTR(ret);
- } else if (ret != 0) {
- dev_put(skb->dev);
- kfree_skb(skb);
- aead_request_free(req);
+ ret = skb_store_bits(skb, skb->len - secy->icv_len, icv, secy->icv_len);
+ if (unlikely(ret < 0)) {
macsec_txsa_put(tx_sa);
- return ERR_PTR(-EINVAL);
+ kfree_skb(skb);
+ return ERR_PTR(ret);
}
- dev_put(skb->dev);
- aead_request_free(req);
+ macsec_skb_cb(skb)->tx_sa = tx_sa;
+ macsec_skb_cb(skb)->has_sci = sci_present;
macsec_txsa_put(tx_sa);
return skb;
@@ -844,45 +819,6 @@ static void count_rx(struct net_device *dev, int len)
dev_sw_netstats_rx_add(dev, len);
}
-static void macsec_decrypt_done(void *data, int err)
-{
- struct sk_buff *skb = data;
- struct net_device *dev = skb->dev;
- struct macsec_dev *macsec = macsec_priv(dev);
- struct macsec_rx_sa *rx_sa = macsec_skb_cb(skb)->rx_sa;
- struct macsec_rx_sc *rx_sc = rx_sa->sc;
- int len;
- u32 pn;
-
- aead_request_free(macsec_skb_cb(skb)->req);
-
- if (!err)
- macsec_skb_cb(skb)->valid = true;
-
- rcu_read_lock_bh();
- pn = ntohl(macsec_ethhdr(skb)->packet_number);
- if (!macsec_post_decrypt(skb, &macsec->secy, pn)) {
- rcu_read_unlock_bh();
- kfree_skb(skb);
- goto out;
- }
-
- macsec_finalize_skb(skb, macsec->secy.icv_len,
- macsec_extra_len(macsec_skb_cb(skb)->has_sci));
- len = skb->len;
- macsec_reset_skb(skb, macsec->secy.netdev);
-
- if (gro_cells_receive(&macsec->gro_cells, skb) == NET_RX_SUCCESS)
- count_rx(dev, len);
-
- rcu_read_unlock_bh();
-
-out:
- macsec_rxsa_put(rx_sa);
- macsec_rxsc_put(rx_sc);
- dev_put(dev);
-}
-
static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
struct net_device *dev,
struct macsec_rx_sa *rx_sa,
@@ -890,12 +826,13 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
struct macsec_secy *secy)
{
int ret;
- struct scatterlist *sg;
struct sk_buff *trailer;
- unsigned char *iv;
- struct aead_request *req;
+ u8 iv[GCM_AES_IV_LEN];
+ size_t assoc_len, crypt_len;
+ struct aes_gcm_ctx ctx;
struct macsec_eth_header *hdr;
u32 hdr_pn;
+ u8 icv[MACSEC_DEFAULT_ICV_LEN];
u16 icv_len = secy->icv_len;
macsec_skb_cb(skb)->valid = false;
@@ -908,11 +845,6 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
kfree_skb(skb);
return ERR_PTR(ret);
}
- req = macsec_alloc_req(rx_sa->key.tfm, &iv, &sg, ret);
- if (!req) {
- kfree_skb(skb);
- return ERR_PTR(-ENOMEM);
- }
hdr = (struct macsec_eth_header *)skb->data;
hdr_pn = ntohl(hdr->packet_number);
@@ -931,55 +863,33 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
macsec_fill_iv(iv, sci, hdr_pn);
}
- sg_init_table(sg, ret);
- ret = skb_to_sgvec(skb, sg, 0, skb->len);
- if (unlikely(ret < 0)) {
- aead_request_free(req);
- kfree_skb(skb);
- return ERR_PTR(ret);
- }
-
if (hdr->tci_an & MACSEC_TCI_E) {
/* confidentiality: ethernet + macsec header
* authenticated, encrypted payload
*/
- int len = skb->len - macsec_hdr_len(macsec_skb_cb(skb)->has_sci);
-
- aead_request_set_crypt(req, sg, sg, len, iv);
- aead_request_set_ad(req, macsec_hdr_len(macsec_skb_cb(skb)->has_sci));
- skb = skb_unshare(skb, GFP_ATOMIC);
- if (!skb) {
- aead_request_free(req);
- return ERR_PTR(-ENOMEM);
- }
+ assoc_len = macsec_hdr_len(macsec_skb_cb(skb)->has_sci);
+ crypt_len = skb->len - assoc_len - icv_len;
} else {
/* integrity only: all headers + data authenticated */
- aead_request_set_crypt(req, sg, sg, icv_len, iv);
- aead_request_set_ad(req, skb->len - icv_len);
+ assoc_len = skb->len - icv_len;
+ crypt_len = 0;
}
- macsec_skb_cb(skb)->req = req;
- skb->dev = dev;
- aead_request_set_callback(req, 0, macsec_decrypt_done, skb);
+ aes_gcm_init(&ctx, iv, &rx_sa->key.gcm_key);
+ macsec_crypt_skb(&ctx, skb, assoc_len, crypt_len, false);
- dev_hold(dev);
- ret = crypto_aead_decrypt(req);
- if (ret == -EINPROGRESS) {
+ ret = skb_copy_bits(skb, skb->len - icv_len, icv, icv_len);
+ if (unlikely(ret < 0)) {
+ memzero_explicit(&ctx, sizeof(ctx));
+ kfree_skb(skb);
return ERR_PTR(ret);
- } else if (ret != 0) {
- /* decryption/authentication failed
- * 10.6 if validateFrames is disabled, deliver anyway
- */
- if (ret != -EBADMSG) {
- kfree_skb(skb);
- skb = ERR_PTR(ret);
- }
- } else {
- macsec_skb_cb(skb)->valid = true;
}
- dev_put(dev);
- aead_request_free(req);
+ if (aes_gcm_decrypt_final(&ctx, icv) == 0)
+ macsec_skb_cb(skb)->valid = true;
+ /* else, decryption/authentication failed
+ * 10.6 if validateFrames is disabled, deliver anyway
+ */
return skb;
}
@@ -1276,11 +1186,8 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
skb = macsec_decrypt(skb, dev, rx_sa, sci, secy);
if (IS_ERR(skb)) {
- /* the decrypt callback needs the reference */
- if (PTR_ERR(skb) != -EINPROGRESS) {
- macsec_rxsa_put(rx_sa);
- macsec_rxsc_put(rx_sc);
- }
+ macsec_rxsa_put(rx_sa);
+ macsec_rxsc_put(rx_sc);
rcu_read_unlock();
*pskb = NULL;
return RX_HANDLER_CONSUMED;
@@ -1370,41 +1277,19 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
return RX_HANDLER_PASS;
}
-static struct crypto_aead *macsec_alloc_tfm(char *key, int key_len, int icv_len)
-{
- struct crypto_aead *tfm;
- int ret;
-
- tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
-
- if (IS_ERR(tfm))
- return tfm;
-
- ret = crypto_aead_setkey(tfm, key, key_len);
- if (ret < 0)
- goto fail;
-
- ret = crypto_aead_setauthsize(tfm, icv_len);
- if (ret < 0)
- goto fail;
-
- return tfm;
-fail:
- crypto_free_aead(tfm);
- return ERR_PTR(ret);
-}
-
static int init_rx_sa(struct macsec_rx_sa *rx_sa, char *sak, int key_len,
int icv_len)
{
+ int err;
+
rx_sa->stats = alloc_percpu(struct macsec_rx_sa_stats);
if (!rx_sa->stats)
return -ENOMEM;
- rx_sa->key.tfm = macsec_alloc_tfm(sak, key_len, icv_len);
- if (IS_ERR(rx_sa->key.tfm)) {
+ err = aes_gcm_preparekey(&rx_sa->key.gcm_key, sak, key_len, icv_len);
+ if (err) {
free_percpu(rx_sa->stats);
- return PTR_ERR(rx_sa->key.tfm);
+ return err;
}
rx_sa->ssci = MACSEC_UNDEF_SSCI;
@@ -1498,14 +1383,16 @@ static struct macsec_rx_sc *create_rx_sc(struct net_device *dev, sci_t sci,
static int init_tx_sa(struct macsec_tx_sa *tx_sa, char *sak, int key_len,
int icv_len)
{
+ int err;
+
tx_sa->stats = alloc_percpu(struct macsec_tx_sa_stats);
if (!tx_sa->stats)
return -ENOMEM;
- tx_sa->key.tfm = macsec_alloc_tfm(sak, key_len, icv_len);
- if (IS_ERR(tx_sa->key.tfm)) {
+ err = aes_gcm_preparekey(&tx_sa->key.gcm_key, sak, key_len, icv_len);
+ if (err) {
free_percpu(tx_sa->stats);
- return PTR_ERR(tx_sa->key.tfm);
+ return err;
}
tx_sa->ssci = MACSEC_UNDEF_SSCI;
@@ -1813,7 +1700,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
err = init_rx_sa(rx_sa, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
secy->key_len, secy->icv_len);
if (err < 0) {
- kfree(rx_sa);
+ kfree_sensitive(rx_sa);
rtnl_unlock();
return err;
}
@@ -2021,7 +1908,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
err = init_tx_sa(tx_sa, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
secy->key_len, secy->icv_len);
if (err < 0) {
- kfree(tx_sa);
+ kfree_sensitive(tx_sa);
rtnl_unlock();
return err;
}
@@ -3508,8 +3395,7 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
len = skb->len;
skb = macsec_encrypt(skb, dev);
if (IS_ERR(skb)) {
- if (PTR_ERR(skb) != -EINPROGRESS)
- DEV_STATS_INC(dev, tx_dropped);
+ DEV_STATS_INC(dev, tx_dropped);
return NETDEV_TX_OK;
}
@@ -4316,17 +4202,8 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[],
if (data[IFLA_MACSEC_ICV_LEN]) {
icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]);
- if (icv_len != MACSEC_DEFAULT_ICV_LEN) {
- char dummy_key[DEFAULT_SAK_LEN] = { 0 };
- struct crypto_aead *dummy_tfm;
-
- dummy_tfm = macsec_alloc_tfm(dummy_key,
- DEFAULT_SAK_LEN,
- icv_len);
- if (IS_ERR(dummy_tfm))
- return PTR_ERR(dummy_tfm);
- crypto_free_aead(dummy_tfm);
- }
+ if (crypto_gcm_check_authsize(icv_len) != 0)
+ return -EINVAL;
}
es = nla_get_u8_default(data[IFLA_MACSEC_ES], false);
diff --git a/include/net/macsec.h b/include/net/macsec.h
index d962093ee923..a315a33b3ac3 100644
--- a/include/net/macsec.h
+++ b/include/net/macsec.h
@@ -7,6 +7,7 @@
#ifndef _NET_MACSEC_H_
#define _NET_MACSEC_H_
+#include <crypto/aes-gcm.h>
#include <linux/u64_stats_sync.h>
#include <linux/if_vlan.h>
#include <linux/workqueue.h>
@@ -63,12 +64,12 @@ typedef union pn {
/**
* struct macsec_key - SA key
* @id: user-provided key identifier
- * @tfm: crypto struct, key storage
+ * @gcm_key: the AES-GCM key
* @salt: salt used to generate IV in XPN cipher suites
*/
struct macsec_key {
u8 id[MACSEC_KEYID_LEN];
- struct crypto_aead *tfm;
+ struct aes_gcm_key gcm_key;
salt_t salt;
};
--
2.54.0
next prev parent reply other threads:[~2026-07-07 5:37 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-07 5:34 [PATCH 00/33] Library APIs for AES encryption modes Eric Biggers
2026-07-07 5:34 ` [PATCH 01/33] crypto: xts - Split out __xts_verify_key() helper Eric Biggers
2026-07-07 13:20 ` Thomas Huth
2026-07-07 5:34 ` [PATCH 02/33] lib/crypto: aes: Add ECB support Eric Biggers
2026-07-07 13:59 ` Thomas Huth
2026-07-07 19:22 ` Eric Biggers
2026-07-08 5:29 ` Thomas Huth
2026-07-07 5:34 ` [PATCH 03/33] lib/crypto: aes: Add CBC and CBC-CTS support Eric Biggers
2026-07-07 5:34 ` [PATCH 04/33] lib/crypto: aes: Add CTR and XCTR support Eric Biggers
2026-07-07 5:34 ` [PATCH 05/33] lib/crypto: aes: Add XTS support Eric Biggers
2026-07-07 5:34 ` [PATCH 06/33] lib/crypto: aes: Add GCM support Eric Biggers
2026-07-07 5:34 ` [PATCH 07/33] lib/crypto: aes: Add CCM support Eric Biggers
2026-07-07 5:34 ` [PATCH 08/33] crypto: aes - Add ECB support using library Eric Biggers
2026-07-07 5:34 ` [PATCH 09/33] crypto: aes - Add CBC and CBC-CTS " Eric Biggers
2026-07-07 5:34 ` [PATCH 10/33] crypto: aes - Add CTR and XCTR " Eric Biggers
2026-07-07 5:34 ` [PATCH 11/33] crypto: aes - Add XTS " Eric Biggers
2026-07-07 5:34 ` [PATCH 12/33] crypto: aes - Add GCM " Eric Biggers
2026-07-07 5:34 ` [PATCH 13/33] crypto: aes - Add CCM " Eric Biggers
2026-07-07 5:34 ` [PATCH 14/33] x86/sev: Use new AES-GCM library Eric Biggers
2026-07-07 5:34 ` [PATCH 15/33] lib/crypto: aesgcm: Remove old " Eric Biggers
2026-07-07 5:34 ` [PATCH 16/33] crypto: aes - Remove AES-CBC-MAC support Eric Biggers
2026-07-07 5:34 ` [PATCH 17/33] lib/crypto: aes: Remove aes_cbcmac_* functions Eric Biggers
2026-07-07 5:34 ` [PATCH 18/33] fscrypt: Use aes_ecb_encrypt() for v1 key derivation Eric Biggers
2026-07-07 5:34 ` [PATCH 19/33] KEYS: encrypted: Use AES-CBC library instead of crypto_skcipher Eric Biggers
2026-07-07 5:34 ` [PATCH 20/33] KEYS: trusted: dcp: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07 5:34 ` [PATCH 21/33] libceph: Use AES-CBC library in ceph_aes_crypt() Eric Biggers
2026-07-07 5:34 ` [PATCH 22/33] libceph: Reimplement messenger v2 encryption using AES-GCM library Eric Biggers
2026-07-07 5:34 ` [PATCH 23/33] wifi: mac80211: Use AES-CTR library in fils_aead.c Eric Biggers
2026-07-07 5:34 ` [PATCH 24/33] wifi: mac80211: Use AES-GCM library for GMAC suite Eric Biggers
2026-07-07 5:34 ` [PATCH 25/33] wifi: mac80211: Use crypto libraries for GCMP and CCMP suites Eric Biggers
2026-07-07 5:34 ` Eric Biggers [this message]
2026-07-07 5:34 ` [PATCH 27/33] wifi: ipw2x00: Use AES-CCM library Eric Biggers
2026-07-07 5:34 ` [PATCH 28/33] mac802154: Use AES-CCM and AES-CTR libraries Eric Biggers
2026-07-07 5:34 ` [PATCH 29/33] bpf: crypto: Use AES-CBC and AES-ECB libraries Eric Biggers
2026-07-07 15:01 ` Vadim Fedorenko
2026-07-07 18:20 ` Eric Biggers
2026-07-07 22:50 ` Vadim Fedorenko
2026-07-07 23:16 ` Eric Biggers
2026-07-08 11:47 ` Vadim Fedorenko
2026-07-07 5:35 ` [PATCH 30/33] bpf: crypto: Add AES-GCM support Eric Biggers
2026-07-07 15:02 ` Vadim Fedorenko
2026-07-07 5:35 ` [PATCH 31/33] smb: client: Use AES-GCM and AES-CCM libraries Eric Biggers
2026-07-07 5:35 ` [PATCH 32/33] ksmbd: " Eric Biggers
2026-07-07 10:51 ` Namjae Jeon
2026-07-07 5:35 ` [PATCH 33/33] net: tipc: Use AES-GCM library instead of crypto_aead Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260707053503.209874-27-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox