Linux's Crypto API Is Adopting Some Aspects Of Zinc, Opening Door To Mainline WireGuard

Mainlining of the WireGuard secure VPN tunnel was being held up by its use of the new "Zinc" crypto API developed in conjunction with this network tech. But with obstacles in getting Zinc merged, WireGuard was going to be resorting to targeting the existing kernel crypto interfaces. Instead, however, it turns out the upstream Linux crypto developers were interested and willing to incorporate some elements of Zinc into the existing kernel crypto implementation.

Back in September is when Jason Donenfeld decided porting WireGuard to the existing Linux crypto API was the best path forward for getting this secure networking functionality into the mainline kernel in a timely manner. But since then other upstream kernel developers working on the crypto subsystem ended up with patches incorporating some elements of Zinc's design.

Published earlier this month were a set of 34 patches making improvements to the crypto API library interfaces. Donenfeld has reviewed the changes and is happy with them although there still are some items he would like to merge into this Linux crypto code with due course.

Donenfeld announced this now unlocks WireGuard for upstreaming into the kernel. Though the timing may be a bit less than ideal with the Linux 5.5 merge window kicking off next week. As of writing the cryptodev branch isn't yet carrying the necessary crypto changes. As such, the networking subsystem tree also isn't carrying any of the WireGuard code yet. If WireGuard is to undergo another review it may be a bit tough for all this to happen for the upcoming Linux 5.5 merge window. But perhaps there could be a Christmas miracle with Linus Torvalds being interested in WireGuard and last year saying he wanted it merged sooner rather than later. Stay tuned!