Le 8 Déc, Pour: linux-crypto@xxxxxxxxxxxx a écrit :
> After that, I tried to apply patch-cryptoloop-jari-2.4.22.0 to kernel. I
> noticed that a new cryptoloop option appears. As it disables crypto
> ciphers if enabling it I let it disabled. This time, the losetup seemed
> to function but then fsck.ext3 -n /dev/loop7 never succeeded in finding
> a superblock.
>
> It seems to me that cryptoapi is installed but I must miss something.
> I'm not sure jari patch is needed since I never used it before.
>
OK I found it. The problem came from... make xconfig !!!
The cryptloop-jari patch is mandatory since it is the only way you have
loop_xfer calls in the kernel to load ciphers. But, if you use make
xconfig like me, then the patch breaks the compilation of cryptoapi.
The problem comes from the fact that xconfig try to parse the script
file in a different way as the shell in order to display grayed boxes
when something is disabled. Hence, when you have
if [ "$CONFIG_BLK_DEV_CRYPTOLOOP" = "y" -o \
"$CONFIG_BLK_DEV_CRYPTOLOOP" = "m" -o \
"$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO y
else
bool 'Cryptographic API' CONFIG_CRYPTO
fi
and the condition is "true" for a shell you enable CONFIG_CRYPTO whereas
for xconfig you gray the box in the else part and... disable
CONFIG_CRYPTO !
Attached is a new crypto/Config.in file that should work with make
config and make xconfig. I just duplicated the true statements.
Fortunately, when digging in xconfig sources I found a comment saying it
is at the end of its life cycle... I don't rember the date of this
statement ;-)
Florent Chabaud
gpg: 28C9 9E1A 5507 5574 EDE6 2E8F 2B37 D83F 95C8 1C3C
http://www.carva.org/florent.chabaud | florent.chabaud@xxxxxxx#
# Cryptographic API Configuration
#
mainmenu_option next_comment
comment 'Cryptographic options'
if [ "$CONFIG_BLK_DEV_CRYPTOLOOP" = "y" -o \
"$CONFIG_BLK_DEV_CRYPTOLOOP" = "m" -o \
"$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO y
else
bool 'Cryptographic API' CONFIG_CRYPTO
fi
if [ "$CONFIG_BLK_DEV_CRYPTOLOOP" = "y" -o \
"$CONFIG_BLK_DEV_CRYPTOLOOP" = "m" -o \
"$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO y
fi
if [ "$CONFIG_CRYPTO" = "y" ]; then
if [ "$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_HMAC y
else
bool ' HMAC support' CONFIG_CRYPTO_HMAC
fi
if [ "$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_HMAC y
fi
tristate ' NULL algorithms' CONFIG_CRYPTO_NULL
tristate ' MD4 digest algorithm' CONFIG_CRYPTO_MD4
if [ "$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_MD5 y
else
tristate ' MD5 digest algorithm' CONFIG_CRYPTO_MD5
fi
if [ "$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_MD5 y
fi
if [ "$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_SHA1 y
else
tristate ' SHA1 digest algorithm' CONFIG_CRYPTO_SHA1
fi
if [ "$CONFIG_INET_AH" = "y" -o \
"$CONFIG_INET_AH" = "m" -o \
"$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_AH" = "y" -o \
"$CONFIG_INET6_AH" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_SHA1 y
fi
tristate ' SHA256 digest algorithm' CONFIG_CRYPTO_SHA256
tristate ' SHA384 and SHA512 digest algorithms' CONFIG_CRYPTO_SHA512
if [ "$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_DES y
else
tristate ' DES and Triple DES EDE cipher algorithms' CONFIG_CRYPTO_DES
fi
if [ "$CONFIG_INET_ESP" = "y" -o \
"$CONFIG_INET_ESP" = "m" -o \
"$CONFIG_INET6_ESP" = "y" -o \
"$CONFIG_INET6_ESP" = "m" ]; then
define_bool CONFIG_CRYPTO_DES y
fi
tristate ' Blowfish cipher algorithm' CONFIG_CRYPTO_BLOWFISH
tristate ' Twofish cipher algorithm' CONFIG_CRYPTO_TWOFISH
tristate ' Serpent cipher algorithm' CONFIG_CRYPTO_SERPENT
tristate ' AES cipher algorithms' CONFIG_CRYPTO_AES
if [ "$CONFIG_X86" = "y" -a \
"$CONFIG_X86_64" != "y" -a \
"$CONFIG_M386" != "y" -a \
"$CONFIG_M486" != "y" ]; then
dep_mbool ' use assembler optimized AES implementation' CONFIG_CRYPTO_AES_ASM $CONFIG_CRYPTO_AES
fi
tristate ' CAST5 (CAST-128) cipher algorithm' CONFIG_CRYPTO_CAST5
if [ "$CONFIG_INET_IPCOMP" = "y" -o \
"$CONFIG_INET_IPCOMP" = "m" -o \
"$CONFIG_INET6_IPCOMP" = "y" -o \
"$CONFIG_INET6_IPCOMP" = "m" ]; then
define_bool CONFIG_CRYPTO_DEFLATE y
else
tristate ' Deflate compression algorithm' CONFIG_CRYPTO_DEFLATE
fi
if [ "$CONFIG_INET_IPCOMP" = "y" -o \
"$CONFIG_INET_IPCOMP" = "m" -o \
"$CONFIG_INET6_IPCOMP" = "y" -o \
"$CONFIG_INET6_IPCOMP" = "m" ]; then
define_bool CONFIG_CRYPTO_DEFLATE y
fi
tristate ' Testing module' CONFIG_CRYPTO_TEST
fi
endmenu
Attachment:
pgp00100.pgp
Description: PGP signature
