Thread: cryptography in 2.4.24 kernels
View Single Post

   
  #2 (permalink)  
Old 01-17-2008, 05:28 PM
Andreas Janssen
 
Posts: n/a
Default Re: cryptography in 2.4.24 kernels
Hello

Karl-Heinz Herrmann (<kh1@khherrmann.de>) wrote:

> I've recompiled several recent 2.4.* kernels, the most recent a
> 2.4.24. In the xconfig dialog I always find the cryptogaphy section
> and would like to activate it as I've a encrypted file (cryptoloop,
> aes) from a successfully patched 2.4.21-rc6 with patch-int-2.4.18
> (IIRC) and cryptoloop.
>
> Unfortunately everytime I compile the kernel cryptography modules they
> have unresolved symbols. Can anybody comment or solve this? To me it
> looks like this is broken code in the kernel (since at least 2.4.22
> and up to 2.4.25-pre4).
>
> If I include the cryptoloop patch and compile the kenel cipher code in
> the kernel (not as module) I don't get unresoved symbols but the
> cipher is still not available to cryptoloop.
>
> If I grab a recent patch for the cryptographic stuff like
> patch-int-2.4.21.0 it won't patch clean. Most of the ciphers go in ok,
> but the biggest trouble is crypto.h -- it should not exist according
> to the patch and the patch version and the kernel version disagree
> heavily on defines and subroutine names.

Maybe this doesn't work because the patch doesn't know about the new
cryptoapi that was backported from 2.6 and integrated in 2.4.22.

> The successful 2.4.21 patch was also only after handtweaking but then
> at least there was no alternative kernel crypto version in the way.
>
> I want to go at least up to 2.4.23 as the latest prism54
> patches/modules for my Wireless card are supposed for 2.4.23 or
> higher.

Better use 2.4.24, 2.4.23 has security issues.

> Any ideas on how to get a cryptoloop working in 2.4.24?
>
> I don't mind unencrypting with the old kernel and reencrypting under
> the new version.

Get only the cryptoloop patch. I think the latest is for 2.4.22, but it
works with newer kernels as well, at least for me. Activate cryptoloop
support. It seems as if it doesn't matter whether you activete the new
crypto support. Get the cryptoapi archive from kerneli.org and compile
the cryptoapi and cipher modules seperately from your kernel (make
modules KDIR=/usr/src/... and make modules_install KDIR=/usr/src/...).
That works for me.

Or use the cryptoloop patch with the new cryptoapi that is already in
the kernel. In that case, make sure your mount and losetup support the
new api. I also don't know if your old container files are compatible
to the new system.

best regards
Andreas Janssen

--
Andreas Janssen
andreas.janssen@bigfoot.com
PGP-Key-ID: 0xDC801674
Registered Linux User #267976
Reply With Quote