mac80211: update to wireless-testing 2017-10-06

Rework the code to get rid of some extra kernel module dependencies
introduced in the last update.

Signed-off-by: Felix Fietkau <nbd@nbd.name>

package/kernel/mac80211/Makefile

@@ -10,14 +10,13 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=4.14-rc2
+PKG_VERSION:=2017-10-06
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v$(PKG_VERSION)/
-PKG_BACKPORT_VERSION:=-1
-PKG_HASH:=8d1b62e0ea6cc2ffa7e6ae666da201360256e9b74ae651a31842d33625367524
+PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources
+PKG_HASH:=194786b7635f36b9ce280fd2319f6a4feeff209175e330ddbcbe789a3b4540a5
 
-PKG_SOURCE:=backports-$(PKG_VERSION)$(PKG_BACKPORT_VERSION).tar.xz
-PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)$(PKG_BACKPORT_VERSION)
+PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
+PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
 PKG_BUILD_PARALLEL:=1
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
@@ -102,7 +101,7 @@ define KernelPackage/mac80211
   $(call KernelPackage/mac80211/Default)
   TITLE:=Linux 802.11 Wireless Networking Stack
   # +kmod-crypto-cmac is a runtime only dependency of net/mac80211/aes_cmac.c
-  DEPENDS+= +kmod-cfg80211 +kmod-crypto-hash +kmod-crypto-cmac +hostapd-common
+  DEPENDS+= +kmod-cfg80211 +hostapd-common
   KCONFIG:=\
 	CONFIG_AVERAGE=y
   FILES:= $(PKG_BUILD_DIR)/net/mac80211/mac80211.ko

package/kernel/mac80211/patches/002-change_allconfig.patch

@@ -1,6 +1,6 @@
 --- a/kconf/conf.c
 +++ b/kconf/conf.c
-@@ -593,40 +593,12 @@ int main(int ac, char **av)
+@@ -594,40 +594,12 @@ int main(int ac, char **av)
  	case oldconfig:
  	case listnewconfig:
  	case olddefconfig:
@@ -44,7 +44,7 @@
  		break;
 --- a/kconf/confdata.c
 +++ b/kconf/confdata.c
-@@ -1169,6 +1169,8 @@ bool conf_set_all_new_symbols(enum conf_
+@@ -1170,6 +1170,8 @@ bool conf_set_all_new_symbols(enum conf_
  	}
  	bool has_changed = false;
  
@@ -53,7 +53,7 @@
  	for_all_symbols(i, sym) {
  		if (sym_has_value(sym) || (sym->flags & SYMBOL_VALID))
  			continue;
-@@ -1212,8 +1214,6 @@ bool conf_set_all_new_symbols(enum conf_
+@@ -1213,8 +1215,6 @@ bool conf_set_all_new_symbols(enum conf_
  
  	}
  

package/kernel/mac80211/patches/006-header-fix-compile-error-on-PowerPC-PPC_85xx.patch

@@ -1,81 +0,0 @@
-From f192535ab136905d87bc75a4e848b66f0aef315e Mon Sep 17 00:00:00 2001
-From: Hauke Mehrtens <hauke@hauke-m.de>
-Date: Sun, 1 Oct 2017 16:05:24 +0200
-Subject: header: fix compile error on PowerPC (PPC_85xx)
-
-Including linux/interrupt.h in linux/hrtimer.h causes this error message
-on PowerPC builds on x86, ARM and MIPS it works:
-
-  CC [M]  /backports-4.14-rc2-1/compat/main.o
-In file included from /backports-4.14-rc2-1/backport-include/linux/printk.h:5:0,
-                 from ./include/linux/kernel.h:13,
-                 from /backports-4.14-rc2-1/backport-include/linux/kernel.h:3,
-                 from ./include/linux/list.h:8,
-                 from /backports-4.14-rc2-1/backport-include/linux/list.h:3,
-                 from ./include/linux/module.h:9,
-                 from /backports-4.14-rc2-1/backport-include/linux/module.h:3,
-                 from /backports-4.14-rc2-1/compat/main.c:1:
-./include/linux/ratelimit.h: In function 'ratelimit_state_exit':
-./include/linux/ratelimit.h:62:11: error: dereferencing pointer to incomplete type 'struct task_struct'
-    current->comm, rs->missed);
-           ^
-./include/linux/printk.h:279:37: note: in definition of macro 'pr_warning'
-  printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
-                                     ^
-./include/linux/ratelimit.h:61:3: note: in expansion of macro 'pr_warn'
-   pr_warn("%s: %d output lines suppressed due to ratelimiting\n",
-   ^
-
-The backport of the hrtimer_start() functions needs the
-linux/interrupt.h because some parts are defined there. Fix this by
-moving the hrtimer_start() backport to the linux/interrupt.h backport
-header file.
-
-Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
----
- backport-include/linux/hrtimer.h   | 17 -----------------
- backport-include/linux/interrupt.h | 17 ++++++++++++++++-
- 2 files changed, 16 insertions(+), 18 deletions(-)
- delete mode 100644 backport-include/linux/hrtimer.h
-
---- a/backport-include/linux/hrtimer.h
-+++ /dev/null
-@@ -1,17 +0,0 @@
--#ifndef _BP_HRTIMER_H
--#define _BP_HRTIMER_H
--#include <linux/version.h>
--#include_next <linux/hrtimer.h>
--#include <linux/interrupt.h>
--
--#if LINUX_VERSION_IS_LESS(4,10,0)
--static inline void backport_hrtimer_start(struct hrtimer *timer, s64 time,
--					  const enum hrtimer_mode mode)
--{
--	ktime_t _time = { .tv64 = time };
--	hrtimer_start(timer, _time, mode);
--}
--#define hrtimer_start LINUX_BACKPORT(hrtimer_start)
--#endif
--
--#endif /* _BP_HRTIMER_H */
---- a/backport-include/linux/interrupt.h
-+++ b/backport-include/linux/interrupt.h
-@@ -1,2 +1,17 @@
--#include <linux/hrtimer.h>
-+#ifndef _BP_LINUX_INTERRUPT_H
-+#define _BP_LINUX_INTERRUPT_H
-+#include <linux/version.h>
- #include_next <linux/interrupt.h>
-+#include <linux/ktime.h>
-+
-+#if LINUX_VERSION_IS_LESS(4,10,0)
-+static inline void backport_hrtimer_start(struct hrtimer *timer, s64 time,
-+					  const enum hrtimer_mode mode)
-+{
-+	ktime_t _time = { .tv64 = time };
-+	hrtimer_start(timer, _time, mode);
-+}
-+#define hrtimer_start LINUX_BACKPORT(hrtimer_start)
-+#endif
-+
-+#endif /* _BP_LINUX_INTERRUPT_H */

package/kernel/mac80211/patches/100-remove-cryptoapi-dependencies.patch

@@ -43,122 +43,118 @@
 -	struct aead_request *aead_req;
 -	int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
 -	u8 *__aad;
--
++	int i;
+ 
 -	aead_req = kzalloc(reqsize + CCM_AAD_LEN, GFP_ATOMIC);
 -	if (!aead_req)
 -		return -ENOMEM;
--
--	__aad = (u8 *)aead_req + reqsize;
--	memcpy(__aad, aad, CCM_AAD_LEN);
--
--	sg_init_table(sg, 3);
--	sg_set_buf(&sg[0], &__aad[2], be16_to_cpup((__be16 *)__aad));
--	sg_set_buf(&sg[1], data, data_len);
--	sg_set_buf(&sg[2], mic, mic_len);
--
--	aead_request_set_tfm(aead_req, tfm);
--	aead_request_set_crypt(aead_req, sg, sg, data_len, b_0);
--	aead_request_set_ad(aead_req, sg[0].length);
-+	int i;
- 
--	crypto_aead_encrypt(aead_req);
--	kzfree(aead_req);
 +	crypto_cipher_encrypt_one(tfm, b, b_0);
  
--	return 0;
+-	__aad = (u8 *)aead_req + reqsize;
+-	memcpy(__aad, aad, CCM_AAD_LEN);
 +	/* Extra Authenticate-only data (always two AES blocks) */
 +	for (i = 0; i < AES_BLOCK_SIZE; i++)
 +		aad[i] ^= b[i];
 +	crypto_cipher_encrypt_one(tfm, b, aad);
-+
+ 
+-	sg_init_table(sg, 3);
+-	sg_set_buf(&sg[0], &__aad[2], be16_to_cpup((__be16 *)__aad));
+-	sg_set_buf(&sg[1], data, data_len);
+-	sg_set_buf(&sg[2], mic, mic_len);
 +	aad += AES_BLOCK_SIZE;
-+
+ 
+-	aead_request_set_tfm(aead_req, tfm);
+-	aead_request_set_crypt(aead_req, sg, sg, data_len, b_0);
+-	aead_request_set_ad(aead_req, sg[0].length);
 +	for (i = 0; i < AES_BLOCK_SIZE; i++)
 +		aad[i] ^= b[i];
 +	crypto_cipher_encrypt_one(tfm, a, aad);
-+
+ 
+-	crypto_aead_encrypt(aead_req);
+-	kzfree(aead_req);
 +	/* Mask out bits from auth-only-b_0 */
 +	b_0[0] &= 0x07;
-+
+ 
+-	return 0;
 +	/* S_0 is used to encrypt T (= MIC) */
 +	b_0[14] = 0;
 +	b_0[15] = 0;
 +	crypto_cipher_encrypt_one(tfm, s_0, b_0);
-+}
-+
+ }
+ 
+-int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
+-			      u8 *data, size_t data_len, u8 *mic,
+-			      size_t mic_len)
 +
 +void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
 +			       u8 *data, size_t data_len, u8 *mic,
 +			       size_t mic_len)
-+{
-+	int i, j, last_len, num_blocks;
-+	u8 b[AES_BLOCK_SIZE];
-+	u8 s_0[AES_BLOCK_SIZE];
-+	u8 e[AES_BLOCK_SIZE];
-+	u8 *pos, *cpos;
-+
-+	num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
-+	last_len = data_len % AES_BLOCK_SIZE;
-+	aes_ccm_prepare(tfm, b_0, aad, s_0, b, b);
-+
-+	/* Process payload blocks */
-+	pos = data;
-+	cpos = data;
-+	for (j = 1; j <= num_blocks; j++) {
-+		int blen = (j == num_blocks && last_len) ?
-+			last_len : AES_BLOCK_SIZE;
-+
-+		/* Authentication followed by encryption */
-+		for (i = 0; i < blen; i++)
-+			b[i] ^= pos[i];
-+		crypto_cipher_encrypt_one(tfm, b, b);
-+
-+		b_0[14] = (j >> 8) & 0xff;
-+		b_0[15] = j & 0xff;
-+		crypto_cipher_encrypt_one(tfm, e, b_0);
-+		for (i = 0; i < blen; i++)
-+			*cpos++ = *pos++ ^ e[i];
-+	}
-+
-+	for (i = 0; i < mic_len; i++)
-+		mic[i] = b[i] ^ s_0[i];
- }
- 
--int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
-+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
- 			      u8 *data, size_t data_len, u8 *mic,
- 			      size_t mic_len)
  {
 -	struct scatterlist sg[3];
 -	struct aead_request *aead_req;
 -	int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
 -	u8 *__aad;
 -	int err;
--
++	int i, j, last_len, num_blocks;
++	u8 b[AES_BLOCK_SIZE];
++	u8 s_0[AES_BLOCK_SIZE];
++	u8 e[AES_BLOCK_SIZE];
++	u8 *pos, *cpos;
+ 
 -	if (data_len == 0)
 -		return -EINVAL;
--
++	num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
++	last_len = data_len % AES_BLOCK_SIZE;
++	aes_ccm_prepare(tfm, b_0, aad, s_0, b, b);
+ 
 -	aead_req = kzalloc(reqsize + CCM_AAD_LEN, GFP_ATOMIC);
 -	if (!aead_req)
 -		return -ENOMEM;
--
++	/* Process payload blocks */
++	pos = data;
++	cpos = data;
++	for (j = 1; j <= num_blocks; j++) {
++		int blen = (j == num_blocks && last_len) ?
++			last_len : AES_BLOCK_SIZE;
+ 
 -	__aad = (u8 *)aead_req + reqsize;
 -	memcpy(__aad, aad, CCM_AAD_LEN);
--
++		/* Authentication followed by encryption */
++		for (i = 0; i < blen; i++)
++			b[i] ^= pos[i];
++		crypto_cipher_encrypt_one(tfm, b, b);
+ 
 -	sg_init_table(sg, 3);
 -	sg_set_buf(&sg[0], &__aad[2], be16_to_cpup((__be16 *)__aad));
 -	sg_set_buf(&sg[1], data, data_len);
 -	sg_set_buf(&sg[2], mic, mic_len);
--
++		b_0[14] = (j >> 8) & 0xff;
++		b_0[15] = j & 0xff;
++		crypto_cipher_encrypt_one(tfm, e, b_0);
++		for (i = 0; i < blen; i++)
++			*cpos++ = *pos++ ^ e[i];
++	}
+ 
 -	aead_request_set_tfm(aead_req, tfm);
 -	aead_request_set_crypt(aead_req, sg, sg, data_len + mic_len, b_0);
 -	aead_request_set_ad(aead_req, sg[0].length);
++	for (i = 0; i < mic_len; i++)
++		mic[i] = b[i] ^ s_0[i];
++}
+ 
+-	err = crypto_aead_decrypt(aead_req);
+-	kzfree(aead_req);
++int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
++			      u8 *data, size_t data_len, u8 *mic,
++			      size_t mic_len)
++{
 +	int i, j, last_len, num_blocks;
 +	u8 *pos, *cpos;
 +	u8 a[AES_BLOCK_SIZE];
 +	u8 b[AES_BLOCK_SIZE];
 +	u8 s_0[AES_BLOCK_SIZE];
-+
+ 
+-	return err;
 +	num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
 +	last_len = data_len % AES_BLOCK_SIZE;
 +	aes_ccm_prepare(tfm, b_0, aad, s_0, a, b);
@@ -185,11 +181,7 @@
 +		if ((mic[i] ^ s_0[i]) != a[i])
 +			return -1;
 +	}
- 
--	err = crypto_aead_decrypt(aead_req);
--	kzfree(aead_req);
--
--	return err;
++
 +	return 0;
  }
  
@@ -202,12 +194,12 @@
  {
 -	struct crypto_aead *tfm;
 -	int err;
-+	struct crypto_cipher *tfm;
- 
+-
 -	tfm = crypto_alloc_aead("ccm(aes)", 0, CRYPTO_ALG_ASYNC);
 -	if (IS_ERR(tfm))
 -		return tfm;
--
++	struct crypto_cipher *tfm;
+ 
 -	err = crypto_aead_setkey(tfm, key, key_len);
 -	if (err)
 -		goto free_aead;

package/kernel/mac80211/patches/130-disable-fils.patch

@@ -0,0 +1,32 @@
+Disable FILS support, since it pulls in crypto hash support
+
+--- a/net/mac80211/fils_aead.h
++++ b/net/mac80211/fils_aead.h
+@@ -10,7 +10,7 @@
+ #ifndef FILS_AEAD_H
+ #define FILS_AEAD_H
+ 
+-#if LINUX_VERSION_IS_GEQ(4,3,0)
++#if 0 /* LINUX_VERSION_IS_GEQ(4,3,0) */
+ int fils_encrypt_assoc_req(struct sk_buff *skb,
+ 			   struct ieee80211_mgd_assoc_data *assoc_data);
+ int fils_decrypt_assoc_resp(struct ieee80211_sub_if_data *sdata,
+--- a/net/mac80211/fils_aead.c
++++ b/net/mac80211/fils_aead.c
+@@ -1,4 +1,4 @@
+-#if LINUX_VERSION_IS_GEQ(4,3,0)
++#if 0 /* LINUX_VERSION_IS_GEQ(4,3,0) */
+ /*
+  * FILS AEAD for (Re)Association Request/Response frames
+  * Copyright 2016, Qualcomm Atheros, Inc.
+--- a/net/mac80211/main.c
++++ b/net/mac80211/main.c
+@@ -550,7 +550,7 @@ struct ieee80211_hw *ieee80211_alloc_hw_
+ 			   NL80211_FEATURE_MAC_ON_CREATE |
+ 			   NL80211_FEATURE_USERSPACE_MPM |
+ 			   NL80211_FEATURE_FULL_AP_CLIENT_STATE;
+-#if LINUX_VERSION_IS_GEQ(4,3,0)
++#if 0 /* LINUX_VERSION_IS_GEQ(4,3,0) */
+ 	wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_FILS_STA);
+ #endif
+ 

package/kernel/mac80211/patches/131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch

@@ -0,0 +1,198 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Sat, 7 Oct 2017 09:37:28 +0200
+Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
+ driver"
+
+This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
+Reduces mac80211 dependencies for LEDE
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/aes_cmac.c
++++ b/net/mac80211/aes_cmac.c
+@@ -22,50 +22,126 @@
+ #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
+ #define AAD_LEN 20
+ 
+-static const u8 zero[CMAC_TLEN_256];
+ 
+-void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
+-			const u8 *data, size_t data_len, u8 *mic)
++void gf_mulx(u8 *pad)
+ {
+-	SHASH_DESC_ON_STACK(desc, tfm);
+-	u8 out[AES_BLOCK_SIZE];
++	int i, carry;
+ 
+-	desc->tfm = tfm;
++	carry = pad[0] & 0x80;
++	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
++		pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
++	pad[AES_BLOCK_SIZE - 1] <<= 1;
++	if (carry)
++		pad[AES_BLOCK_SIZE - 1] ^= 0x87;
++}
+ 
+-	crypto_shash_init(desc);
+-	crypto_shash_update(desc, aad, AAD_LEN);
+-	crypto_shash_update(desc, data, data_len - CMAC_TLEN);
+-	crypto_shash_finup(desc, zero, CMAC_TLEN, out);
++void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
++		     const u8 *addr[], const size_t *len, u8 *mac,
++		     size_t mac_len)
++{
++	u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
++	const u8 *pos, *end;
++	size_t i, e, left, total_len;
+ 
+-	memcpy(mic, out, CMAC_TLEN);
++	memset(cbc, 0, AES_BLOCK_SIZE);
++
++	total_len = 0;
++	for (e = 0; e < num_elem; e++)
++		total_len += len[e];
++	left = total_len;
++
++	e = 0;
++	pos = addr[0];
++	end = pos + len[0];
++
++	while (left >= AES_BLOCK_SIZE) {
++		for (i = 0; i < AES_BLOCK_SIZE; i++) {
++			cbc[i] ^= *pos++;
++			if (pos >= end) {
++				e++;
++				pos = addr[e];
++				end = pos + len[e];
++			}
++		}
++		if (left > AES_BLOCK_SIZE)
++			crypto_cipher_encrypt_one(tfm, cbc, cbc);
++		left -= AES_BLOCK_SIZE;
++	}
++
++	memset(pad, 0, AES_BLOCK_SIZE);
++	crypto_cipher_encrypt_one(tfm, pad, pad);
++	gf_mulx(pad);
++
++	if (left || total_len == 0) {
++		for (i = 0; i < left; i++) {
++			cbc[i] ^= *pos++;
++			if (pos >= end) {
++				e++;
++				pos = addr[e];
++				end = pos + len[e];
++			}
++		}
++		cbc[left] ^= 0x80;
++		gf_mulx(pad);
++	}
++
++	for (i = 0; i < AES_BLOCK_SIZE; i++)
++		pad[i] ^= cbc[i];
++	crypto_cipher_encrypt_one(tfm, pad, pad);
++	memcpy(mac, pad, mac_len);
+ }
+ 
+-void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
++
++void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
++			const u8 *data, size_t data_len, u8 *mic)
++{
++	const u8 *addr[3];
++	size_t len[3];
++	u8 zero[CMAC_TLEN];
++
++	memset(zero, 0, CMAC_TLEN);
++	addr[0] = aad;
++	len[0] = AAD_LEN;
++	addr[1] = data;
++	len[1] = data_len - CMAC_TLEN;
++	addr[2] = zero;
++	len[2] = CMAC_TLEN;
++
++	aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
++}
++
++void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
+ 			    const u8 *data, size_t data_len, u8 *mic)
+ {
+-	SHASH_DESC_ON_STACK(desc, tfm);
++	const u8 *addr[3];
++	size_t len[3];
++	u8 zero[CMAC_TLEN_256];
+ 
+-	desc->tfm = tfm;
++	memset(zero, 0, CMAC_TLEN_256);
++	addr[0] = aad;
++	len[0] = AAD_LEN;
++	addr[1] = data;
++	len[1] = data_len - CMAC_TLEN_256;
++	addr[2] = zero;
++	len[2] = CMAC_TLEN_256;
+ 
+-	crypto_shash_init(desc);
+-	crypto_shash_update(desc, aad, AAD_LEN);
+-	crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
+-	crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
++	aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
+ }
+ 
+-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
+-						  size_t key_len)
++struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
++						   size_t key_len)
+ {
+-	struct crypto_shash *tfm;
++	struct crypto_cipher *tfm;
+ 
+-	tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
++	tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
+ 	if (!IS_ERR(tfm))
+-		crypto_shash_setkey(tfm, key, key_len);
++		crypto_cipher_setkey(tfm, key, key_len);
+ 
+ 	return tfm;
+ }
+ 
+-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
++
++void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
+ {
+-	crypto_free_shash(tfm);
++	crypto_free_cipher(tfm);
+ }
+--- a/net/mac80211/aes_cmac.h
++++ b/net/mac80211/aes_cmac.h
+@@ -10,14 +10,13 @@
+ #define AES_CMAC_H
+ 
+ #include <linux/crypto.h>
+-#include <crypto/hash.h>
+ 
+-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
+-						  size_t key_len);
+-void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
++struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
++						   size_t key_len);
++void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
+ 			const u8 *data, size_t data_len, u8 *mic);
+-void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
++void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
+ 			    const u8 *data, size_t data_len, u8 *mic);
+-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
++void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
+ 
+ #endif /* AES_CMAC_H */
+--- a/net/mac80211/key.h
++++ b/net/mac80211/key.h
+@@ -93,7 +93,7 @@ struct ieee80211_key {
+ 		} ccmp;
+ 		struct {
+ 			u8 rx_pn[IEEE80211_CMAC_PN_LEN];
+-			struct crypto_shash *tfm;
++			struct crypto_cipher *tfm;
+ 			u32 replays; /* dot11RSNAStatsCMACReplays */
+ 			u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
+ 		} aes_cmac;

package/kernel/mac80211/patches/132-mac80211-remove-cmac-dependency.patch

@@ -0,0 +1,10 @@
+--- a/net/mac80211/Kconfig
++++ b/net/mac80211/Kconfig
+@@ -5,7 +5,6 @@ config MAC80211
+ 	depends on CRYPTO
+ 	depends on CRYPTO_ARC4
+ 	depends on CRYPTO_AES
+-	depends on CRYPTO_CMAC
+ 	depends on CRC32
+ 	---help---
+ 	  This option enables the hardware independent IEEE 802.11

package/kernel/mac80211/patches/301-ath9k_hw-issue-external-reset-for-QCA955x.patch

@@ -29,21 +29,6 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 -		npend = ath9k_hw_numtxpending(ah, i);
 -		if (npend)
 -			break;
--	}
--
--	if (ah->external_reset &&
--	    (npend || type == ATH9K_RESET_COLD)) {
--		int reset_err = 0;
--
--		ath_dbg(ath9k_hw_common(ah), RESET,
--			"reset MAC via external reset\n");
--
--		reset_err = ah->external_reset();
--		if (reset_err) {
--			ath_err(ath9k_hw_common(ah),
--				"External reset failed, err=%d\n",
--				reset_err);
--			return false;
 +	if (type == ATH9K_RESET_COLD)
 +		return true;
 +
@@ -59,35 +44,47 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +		for (i = 0; i < AR_NUM_QCU; i++) {
 +			if (ath9k_hw_numtxpending(ah, i))
 +				return true;
- 		}
-+	}
-+
++		}
+ 	}
+ 
+-	if (ah->external_reset &&
+-	    (npend || type == ATH9K_RESET_COLD)) {
+-		int reset_err = 0;
 +	return false;
 +}
-+
+ 
+-		ath_dbg(ath9k_hw_common(ah), RESET,
+-			"reset MAC via external reset\n");
 +static bool ath9k_hw_external_reset(struct ath_hw *ah, int type)
 +{
 +	int err;
-+
+ 
+-		reset_err = ah->external_reset();
+-		if (reset_err) {
+-			ath_err(ath9k_hw_common(ah),
+-				"External reset failed, err=%d\n",
+-				reset_err);
+-			return false;
+-		}
 +	if (!ah->external_reset || !ath9k_hw_need_external_reset(ah, type))
 +		return true;
-+
-+	ath_dbg(ath9k_hw_common(ah), RESET,
-+		"reset MAC via external reset\n");
  
 -		REG_WRITE(ah, AR_RTC_RESET, 1);
++	ath_dbg(ath9k_hw_common(ah), RESET,
++		"reset MAC via external reset\n");
++
 +	err = ah->external_reset();
 +	if (err) {
 +		ath_err(ath9k_hw_common(ah),
 +			"External reset failed, err=%d\n", err);
 +		return false;
- 	}
- 
++	}
++
 +	if (AR_SREV_9550(ah)) {
 +		REG_WRITE(ah, AR_RTC_RESET, 0);
 +		udelay(10);
-+	}
-+
+ 	}
+ 
 +	REG_WRITE(ah, AR_RTC_RESET, 1);
 +	udelay(10);
 +

package/kernel/mac80211/patches/315-ath9k-adjust-tx-power-reduction-for-US-regulatory-do.patch

@@ -1,6 +1,7 @@
 From: Felix Fietkau <nbd@nbd.name>
 Date: Wed, 19 Jul 2017 08:49:31 +0200
-Subject: [PATCH] ath9k: adjust tx power reduction for US regulatory domain
+Subject: [PATCH] ath9k: adjust tx power reduction for US regulatory
+ domain
 
 FCC regulatory rules allow for up to 3 dBi antenna gain. Account for
 this in the EEPROM based tx power reduction code.
@@ -16,7 +17,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
 +	/* FCC allows maximum antenna gain of 3 dBi */
 +	if (reg->region == NL80211_DFS_FCC)
-+		ant_reduction = max_t(int, ant_reduction - 6, 0);
++		ant_reduction = min_t(int, ant_reduction - 6, 0);
 +
  	ah->eep_ops->set_txpower(ah, chan, ctl, ant_reduction, new_pwr, test);
  }

package/kernel/mac80211/patches/316-ath9k-fix-more-data-flag-for-buffered-multicast-pack.patch

@@ -1,6 +1,7 @@
 From: Felix Fietkau <nbd@nbd.name>
 Date: Sun, 23 Jul 2017 14:58:22 +0200
-Subject: [PATCH] ath9k: fix more-data flag for buffered multicast packets
+Subject: [PATCH] ath9k: fix more-data flag for buffered multicast
+ packets
 
 The flag needs to be cleared for the last packet in the list, not the
 first one. Fixes some issues with multicast packet loss for powersave

package/kernel/mac80211/patches/317-Revert-ath10k-disable-wake_tx_queue-for-older-device.patch

@@ -1,7 +1,7 @@
-From 59f8c22bf1749c4a2b5947bfaebc677c259a1ad6 Mon Sep 17 00:00:00 2001
 From: dave taht <dave@taht.net>
 Date: Wed, 5 Oct 2016 20:09:15 -0700
-Subject: [PATCH 5/7] Revert "ath10k: disable wake_tx_queue for older devices"
+Subject: [PATCH] Revert "ath10k: disable wake_tx_queue for older
+ devices"
 
 This reverts commit 4ca1807815aa6801aaced7fdefa9edacc2521767
 in the hope that we've fixed all the performance problems now.

package/kernel/mac80211/patches/522-mac80211_configure_antenna_gain.patch

@@ -36,9 +36,9 @@
  	u8 ps_dtim_period;
 --- a/include/uapi/linux/nl80211.h
 +++ b/include/uapi/linux/nl80211.h
-@@ -2139,6 +2139,9 @@ enum nl80211_commands {
-  *	the driver or is not needed (because roaming used the Fast Transition
-  *	protocol).
+@@ -2149,6 +2149,9 @@ enum nl80211_commands {
+  * @NL80211_ATTR_PMKR0_NAME: PMK-R0 Name for offloaded FT.
+  * @NL80211_ATTR_PORT_AUTHORIZED: (reserved)
   *
 + * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce
 + *	transmit power to stay within regulatory limits. u32, dBi.
@@ -46,7 +46,7 @@
   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
   * @NL80211_ATTR_MAX: highest attribute number currently defined
   * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -2565,6 +2568,8 @@ enum nl80211_attrs {
+@@ -2575,6 +2578,8 @@ enum nl80211_attrs {
  	NL80211_ATTR_PMKR0_NAME,
  	NL80211_ATTR_PORT_AUTHORIZED,
  
@@ -137,7 +137,7 @@
  };
  
  /* policy for the key attributes */
-@@ -2378,6 +2379,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -2395,6 +2396,20 @@ static int nl80211_set_wiphy(struct sk_b
  		if (result)
  			return result;
  	}

package/kernel/mac80211/patches/530-ath9k_extra_leds.patch

@@ -103,7 +103,8 @@
 +		      GFP_KERNEL);
 +	if (!led)
 +		return -ENOMEM;
-+
+ 
+-	ath9k_hw_set_gpio(sc->sc_ah, sc->sc_ah->led_pin, val);
 +	led->gpio = gpio = (struct gpio_led *) (led + 1);
 +	_name = (char *) (led->gpio + 1);
 +
@@ -116,8 +117,7 @@
 +	ret = ath_add_led(sc, led);
 +	if (unlikely(ret < 0))
 +		kfree(led);
- 
--	ath9k_hw_set_gpio(sc->sc_ah, sc->sc_ah->led_pin, val);
++
 +	return ret;
  }
  
@@ -125,11 +125,11 @@
  {
 -	if (!sc->led_registered)
 -		return;
-+	struct ath_led *led;
- 
+-
 -	ath_led_brightness(&sc->led_cdev, LED_OFF);
 -	led_classdev_unregister(&sc->led_cdev);
--
++	struct ath_led *led;
+ 
 -	ath9k_hw_gpio_free(sc->sc_ah, sc->sc_ah->led_pin);
 +	while (!list_empty(&sc->leds)) {
 +		led = list_first_entry(&sc->leds, struct ath_led, list);

package/kernel/mac80211/patches/653-0043-rtl8xxxu-Do-not-set-auto-rate-fallback-on-8188eu.patch

@@ -39,7 +39,7 @@ Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
  	.adda_2t_path_on_a = 0x04db25a4,
 --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c
 +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c
-@@ -1655,6 +1655,7 @@ struct rtl8xxxu_fileops rtl8192eu_fops =
+@@ -1658,6 +1658,7 @@ struct rtl8xxxu_fileops rtl8192eu_fops =
  	.rx_desc_size = sizeof(struct rtl8xxxu_rxdesc24),
  	.has_s0s1 = 0,
  	.gen2_thermal_meter = 1,

package/kernel/mac80211/patches/862-brcmfmac-Disable-power-management.patch

@@ -14,7 +14,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -2849,6 +2849,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
+@@ -2838,6 +2838,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
  	 * preference in cfg struct to apply this to
  	 * FW later while initializing the dongle
  	 */