[This series applies to v7.1-rc1 and is intended to be taken via
net-next.  Patches 4-5 could be left for later if desired.]

The FCrypt "block cipher" and the PCBC mode of operation are obsolete
and insecure.  Since their only user is net/rxrpc/, they belong there,
not in the crypto API.

Therefore, this series removes these algorithms from the crypto API and
replaces them with local implementations in net/rxrpc/.

The local implementations are simpler too, as they avoid the crypto API
boilerplate.

I don't know how to test all the code in net/rxrpc/, but everything
should still work.  I added a KUnit test for the crypto functions.

Eric Biggers (5):
  net/rxrpc: Add local FCrypt-PCBC implementation
  net/rxrpc: Use local FCrypt-PCBC implementation
  net/rxrpc: Reimplement DES-PCBC using DES library
  crypto: fcrypt - Remove support for FCrypt block cipher
  crypto: pcbc - Remove support for PCBC mode

 arch/arm/configs/am200epdkit_defconfig        |   1 -
 arch/arm/configs/dove_defconfig               |   1 -
 arch/arm/configs/multi_v5_defconfig           |   1 -
 arch/arm/configs/mv78xx0_defconfig            |   1 -
 arch/arm/configs/mvebu_v5_defconfig           |   1 -
 arch/arm/configs/omap1_defconfig              |   1 -
 arch/arm/configs/orion5x_defconfig            |   1 -
 arch/arm/configs/pxa_defconfig                |   2 -
 arch/arm/configs/wpcm450_defconfig            |   1 -
 arch/m68k/configs/amiga_defconfig             |   2 -
 arch/m68k/configs/apollo_defconfig            |   2 -
 arch/m68k/configs/atari_defconfig             |   2 -
 arch/m68k/configs/bvme6000_defconfig          |   2 -
 arch/m68k/configs/hp300_defconfig             |   2 -
 arch/m68k/configs/mac_defconfig               |   2 -
 arch/m68k/configs/multi_defconfig             |   2 -
 arch/m68k/configs/mvme147_defconfig           |   2 -
 arch/m68k/configs/mvme16x_defconfig           |   2 -
 arch/m68k/configs/q40_defconfig               |   2 -
 arch/m68k/configs/sun3_defconfig              |   2 -
 arch/m68k/configs/sun3x_defconfig             |   2 -
 arch/mips/configs/bigsur_defconfig            |   2 -
 arch/mips/configs/decstation_64_defconfig     |   2 -
 arch/mips/configs/decstation_defconfig        |   2 -
 arch/mips/configs/decstation_r4k_defconfig    |   2 -
 arch/mips/configs/fuloong2e_defconfig         |   1 -
 arch/mips/configs/gpr_defconfig               |   1 -
 arch/mips/configs/ip22_defconfig              |   2 -
 arch/mips/configs/ip27_defconfig              |   2 -
 arch/mips/configs/ip30_defconfig              |   2 -
 arch/mips/configs/ip32_defconfig              |   2 -
 arch/mips/configs/lemote2f_defconfig          |   2 -
 arch/mips/configs/malta_defconfig             |   2 -
 arch/mips/configs/malta_kvm_defconfig         |   2 -
 arch/mips/configs/malta_qemu_32r6_defconfig   |   1 -
 arch/mips/configs/maltaaprp_defconfig         |   1 -
 arch/mips/configs/maltasmvp_defconfig         |   1 -
 arch/mips/configs/maltasmvp_eva_defconfig     |   1 -
 arch/mips/configs/maltaup_defconfig           |   1 -
 arch/mips/configs/maltaup_xpa_defconfig       |   2 -
 arch/mips/configs/mtx1_defconfig              |   1 -
 arch/mips/configs/rm200_defconfig             |   2 -
 arch/mips/configs/sb1250_swarm_defconfig      |   2 -
 arch/parisc/configs/generic-64bit_defconfig   |   2 -
 arch/powerpc/configs/44x/akebono_defconfig    |   1 -
 arch/powerpc/configs/44x/bamboo_defconfig     |   1 -
 arch/powerpc/configs/44x/currituck_defconfig  |   1 -
 arch/powerpc/configs/44x/ebony_defconfig      |   1 -
 arch/powerpc/configs/44x/eiger_defconfig      |   1 -
 arch/powerpc/configs/44x/fsp2_defconfig       |   1 -
 arch/powerpc/configs/44x/icon_defconfig       |   1 -
 arch/powerpc/configs/44x/iss476-smp_defconfig |   1 -
 arch/powerpc/configs/44x/katmai_defconfig     |   1 -
 arch/powerpc/configs/44x/rainier_defconfig    |   1 -
 arch/powerpc/configs/44x/redwood_defconfig    |   1 -
 arch/powerpc/configs/44x/sequoia_defconfig    |   1 -
 arch/powerpc/configs/44x/taishan_defconfig    |   1 -
 arch/powerpc/configs/52xx/cm5200_defconfig    |   1 -
 arch/powerpc/configs/52xx/motionpro_defconfig |   1 -
 arch/powerpc/configs/52xx/tqm5200_defconfig   |   1 -
 arch/powerpc/configs/83xx/asp8347_defconfig   |   1 -
 .../configs/83xx/mpc8313_rdb_defconfig        |   1 -
 .../configs/83xx/mpc8315_rdb_defconfig        |   1 -
 .../configs/83xx/mpc832x_rdb_defconfig        |   1 -
 .../configs/83xx/mpc834x_itx_defconfig        |   1 -
 .../configs/83xx/mpc834x_itxgp_defconfig      |   1 -
 .../configs/83xx/mpc837x_rdb_defconfig        |   1 -
 arch/powerpc/configs/amigaone_defconfig       |   1 -
 arch/powerpc/configs/cell_defconfig           |   1 -
 arch/powerpc/configs/chrp32_defconfig         |   1 -
 arch/powerpc/configs/ep8248e_defconfig        |   1 -
 arch/powerpc/configs/fsl-emb-nonhw.config     |   1 -
 arch/powerpc/configs/g5_defconfig             |   1 -
 arch/powerpc/configs/linkstation_defconfig    |   1 -
 arch/powerpc/configs/mgcoge_defconfig         |   1 -
 arch/powerpc/configs/mpc83xx_defconfig        |   1 -
 arch/powerpc/configs/mvme5100_defconfig       |   1 -
 arch/powerpc/configs/pmac32_defconfig         |   1 -
 arch/powerpc/configs/powernv_defconfig        |   1 -
 arch/powerpc/configs/ppc44x_defconfig         |   1 -
 arch/powerpc/configs/ppc64_defconfig          |   1 -
 arch/powerpc/configs/ppc64e_defconfig         |   1 -
 arch/powerpc/configs/ppc6xx_defconfig         |   2 -
 arch/powerpc/configs/ps3_defconfig            |   1 -
 arch/s390/configs/debug_defconfig             |   2 -
 arch/s390/configs/defconfig                   |   2 -
 arch/sh/configs/hp6xx_defconfig               |   1 -
 arch/sh/configs/r7780mp_defconfig             |   1 -
 arch/sh/configs/r7785rp_defconfig             |   1 -
 arch/sh/configs/se7712_defconfig              |   1 -
 arch/sh/configs/sh2007_defconfig              |   2 -
 arch/sparc/configs/sparc32_defconfig          |   1 -
 arch/sparc/configs/sparc64_defconfig          |   2 -
 crypto/Kconfig                                |  18 -
 crypto/Makefile                               |   2 -
 crypto/pcbc.c                                 | 195 -------
 crypto/tcrypt.c                               |   4 -
 crypto/testmgr.c                              |  15 -
 crypto/testmgr.h                              |  45 --
 net/rxrpc/.kunitconfig                        |   6 +
 net/rxrpc/Kconfig                             |  13 +-
 net/rxrpc/Makefile                            |   3 +-
 net/rxrpc/ar-internal.h                       |  21 +-
 {crypto => net/rxrpc}/fcrypt.c                | 329 +++++-------
 net/rxrpc/key.c                               |   1 -
 net/rxrpc/rxkad.c                             | 479 +++++-------------
 net/rxrpc/server_key.c                        |   1 -
 net/rxrpc/tests/Makefile                      |   3 +
 net/rxrpc/tests/rxrpc_kunit.c                 | 140 +++++
 109 files changed, 445 insertions(+), 956 deletions(-)
 delete mode 100644 crypto/pcbc.c
 create mode 100644 net/rxrpc/.kunitconfig
 rename {crypto => net/rxrpc}/fcrypt.c (65%)
 create mode 100644 net/rxrpc/tests/Makefile
 create mode 100644 net/rxrpc/tests/rxrpc_kunit.c


base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
-- 
2.54.0

On Mon, Apr 27, 2026 at 11:47 PM Eric Biggers <ebiggers@kernel.org> wrote:
>
> [This series applies to v7.1-rc1 and is intended to be taken via
> net-next.  Patches 4-5 could be left for later if desired.]
>
> The FCrypt "block cipher" and the PCBC mode of operation are obsolete
> and insecure.  Since their only user is net/rxrpc/, they belong there,
> not in the crypto API.
>
> Therefore, this series removes these algorithms from the crypto API and
> replaces them with local implementations in net/rxrpc/.
>
> The local implementations are simpler too, as they avoid the crypto API
> boilerplate.
>
> I don't know how to test all the code in net/rxrpc/, but everything
> should still work.  I added a KUnit test for the crypto functions.

Giving this is a spin with afs, I get this oops during xfstests generic/011:

[   22.838773] kernel BUG at net/core/skbuff.c:2295!
[   22.843470] Oops: invalid opcode: 0000 [#1] SMP NOPTI
[   22.850243] CPU: 4 UID: 0 PID: 5869 Comm: fsstress Not tainted
7.1.0-rc1.kafs+ #89 PREEMPT(full)
[   22.853205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.17.0-10.fc44 06/10/2025
[   22.855185] RIP: 0010:pskb_expand_head+0x2d2/0x380
...
[   22.867340] Call Trace:
[   22.867617]  <TASK>
[   22.869409]  __pskb_pull_tail+0x67/0x510
[   22.870719]  rxkad_verify_packet+0x297/0x3b0 [rxrpc]
[   22.872550]  rxrpc_recvmsg_data+0x150/0x760 [rxrpc]
[   22.875923]  rxrpc_kernel_recv_data+0x75/0x230 [rxrpc]
[   22.878500]  afs_extract_data+0x65/0x250 [kafs]
[   22.880238]  yfs_deliver_fs_fetch_data64+0x209/0x2f0 [kafs]
[   22.882017]  afs_deliver_to_call+0x60/0x5a0 [kafs]
[   22.882346]  afs_wait_for_call_to_complete+0x133/0x1f0 [kafs]
[   22.883019]  ? __pfx_default_wake_function+0x10/0x10
[   22.883445]  ? afs_wait_for_operation+0x2c/0x1c0 [kafs]
[   22.883878]  afs_wait_for_operation+0x9f/0x1c0 [kafs]
[   22.884342]  afs_do_sync_operation+0x1a/0x30 [kafs]
[   22.884632]  netfs_unbuffered_read_iter_locked+0x30f/0x6c0 [netfs]
[   22.884980]  netfs_unbuffered_read_iter+0x56/0x80 [netfs]
[   22.885266]  vfs_read+0x2e1/0x410

From the stack this looks like a direct IO read, where the skb passed
to skb_linearize() trips on BUG_ON(skb_shared(skb)) in
pskb_expand_head.

Marc

Eric Biggers <ebiggers@kernel.org> wrote:

> [This series applies to v7.1-rc1 and is intended to be taken via
> net-next.  Patches 4-5 could be left for later if desired.]
> 
> The FCrypt "block cipher" and the PCBC mode of operation are obsolete
> and insecure.  Since their only user is net/rxrpc/, they belong there,
> not in the crypto API.
> 
> Therefore, this series removes these algorithms from the crypto API and
> replaces them with local implementations in net/rxrpc/.
> 
> The local implementations are simpler too, as they avoid the crypto API
> boilerplate.
> 
> I don't know how to test all the code in net/rxrpc/, but everything
> should still work.  I added a KUnit test for the crypto functions.

It seems to work, so apart from the two points I noted, you can add:

	Acked-by: David Howells <dhowells@redhat.com>

It looks like it might be slightly faster, but I think the overhead reduction
is not that visible with all the other things the filesystem and protocol do
plus I/O overhead.  RxGK is a lot faster and more secure, so we should be
moving that way anyway.

David