SEO

Hi,

I've recompiled several recent 2.4.* kernels, the most recent a
2.4.24. In the xconfig dialog I always find the cryptogaphy section
and would like to activate it as I've a encrypted file (cryptoloop,
aes) from a successfully patched 2.4.21-rc6 with patch-int-2.4.18
(IIRC) and cryptoloop.


Unfortunately everytime I compile the kernel cryptography modules they
have unresolved symbols. Can anybody comment or solve this? To me it
looks like this is broken code in the kernel (since at least 2.4.22
and up to 2.4.25-pre4).

If I include the cryptoloop patch and compile the kenel cipher code in
the kernel (not as module) I don't get unresoved symbols but the
cipher is still not available to cryptoloop.


If I grab a recent patch for the cryptographic stuff like
patch-int-2.4.21.0 it won't patch clean. Most of the ciphers go in ok,
but the biggest trouble is crypto.h -- it should not exist according
to the patch and the patch version and the kernel version disagree
heavily on defines and subroutine names.


The successful 2.4.21 patch was also only after handtweaking but then
at least there was no alternative kernel crypto version in the way.

I want to go at least up to 2.4.23 as the latest prism54
patches/modules for my Wireless card are supposed for 2.4.23 or
higher.

Any ideas on how to get a cryptoloop working in 2.4.24?

I don't mind unencrypting with the old kernel and reencrypting under
the new version.


thanks!


K.-H.

Hello

Karl-Heinz Herrmann (<kh1@khherrmann.de>) wrote:

> I've recompiled several recent 2.4.* kernels, the most recent a
> 2.4.24. In the xconfig dialog I always find the cryptogaphy section
> and would like to activate it as I've a encrypted file (cryptoloop,
> aes) from a successfully patched 2.4.21-rc6 with patch-int-2.4.18
> (IIRC) and cryptoloop.
>
> Unfortunately everytime I compile the kernel cryptography modules they
> have unresolved symbols. Can anybody comment or solve this? To me it
> looks like this is broken code in the kernel (since at least 2.4.22
> and up to 2.4.25-pre4).
>
> If I include the cryptoloop patch and compile the kenel cipher code in
> the kernel (not as module) I don't get unresoved symbols but the
> cipher is still not available to cryptoloop.
>
> If I grab a recent patch for the cryptographic stuff like
> patch-int-2.4.21.0 it won't patch clean. Most of the ciphers go in ok,
> but the biggest trouble is crypto.h -- it should not exist according
> to the patch and the patch version and the kernel version disagree
> heavily on defines and subroutine names.

Maybe this doesn't work because the patch doesn't know about the new
cryptoapi that was backported from 2.6 and integrated in 2.4.22.

> The successful 2.4.21 patch was also only after handtweaking but then
> at least there was no alternative kernel crypto version in the way.
>
> I want to go at least up to 2.4.23 as the latest prism54
> patches/modules for my Wireless card are supposed for 2.4.23 or
> higher.

Better use 2.4.24, 2.4.23 has security issues.

> Any ideas on how to get a cryptoloop working in 2.4.24?
>
> I don't mind unencrypting with the old kernel and reencrypting under
> the new version.

Get only the cryptoloop patch. I think the latest is for 2.4.22, but it
works with newer kernels as well, at least for me. Activate cryptoloop
support. It seems as if it doesn't matter whether you activete the new
crypto support. Get the cryptoapi archive from kerneli.org and compile
the cryptoapi and cipher modules seperately from your kernel (make
modules KDIR=/usr/src/... and make modules_install KDIR=/usr/src/...).
That works for me.

Or use the cryptoloop patch with the new cryptoapi that is already in
the kernel. In that case, make sure your mount and losetup support the
new api. I also don't know if your old container files are compatible
to the new system.

best regards
Andreas Janssen

--
Andreas Janssen
andreas.janssen@bigfoot.com
PGP-Key-ID: 0xDC801674
Registered Linux User #267976

Andreas Janssen <andreas.janssen@bigfoot.com> writes:
> Karl-Heinz Herrmann (<kh1@khherrmann.de>) wrote:
> > If I grab a recent patch for the cryptographic stuff like
> > patch-int-2.4.21.0 it won't patch clean. Most of the ciphers go in ok,
> > but the biggest trouble is crypto.h -- it should not exist according
> > to the patch and the patch version and the kernel version disagree
> > heavily on defines and subroutine names.
>
> Maybe this doesn't work because the patch doesn't know about the new
> cryptoapi that was backported from 2.6 and integrated in 2.4.22.

Sure -- but I can't locate anything crypto which *is* supposed to be
patched into 2.4.24.

> Get only the cryptoloop patch. I think the latest is for 2.4.22, but it
> works with newer kernels as well, at least for me. Activate cryptoloop
> support. It seems as if it doesn't matter whether you activete the new
> crypto support. Get the cryptoapi archive from kerneli.org and compile
> the cryptoapi and cipher modules seperately from your kernel (make
> modules KDIR=/usr/src/... and make modules_install KDIR=/usr/src/...).
> That works for me.

I tried to locate any crytoloop patch which is meant for 2.4.22 -- no
luck whatsoever. The only packages I could locate are cryptoloop-0.0.1
or cryptoloop-0.0.1-pre[14]. I tried patching them into an unpatched
2.4.25-pre4 and it wouldn't compile. cryptoapi-0.1.0
(cryptoapi-0.1.0-pre4) does provide a different selection in the
kernel config but also won't compile patched into the kernel. As
module it was complaining about the missing cryptoloop.

> Or use the cryptoloop patch with the new cryptoapi that is already in
> the kernel. In that case, make sure your mount and losetup support the
> new api. I also don't know if your old container files are compatible
> to the new system.

Well -- I tried once again using patch-int-2.4.21.0 and assuming that
it would replace all the kernel cryptoapi code I checked with
--dry-run which files exist already and moved them out of the
way. Then remained one major Conflict with include/linux/crypto.h --
where I also chose the patch version instead of merging them. This
finally did compile and I've a working cryptoloop again. It even is
able to read my old encrypted file. Maybe it helps somebody else to
get it working.


K.-H.

Hello

Karl-Heinz Herrmann (<kh1@khherrmann.de>) wrote:

> Andreas Janssen <andreas.janssen@bigfoot.com> writes:
>> Karl-Heinz Herrmann (<kh1@khherrmann.de>) wrote:
>>> If I grab a recent patch for the cryptographic stuff like
>>> patch-int-2.4.21.0 it won't patch clean. Most of the ciphers go in
>>> ok, but the biggest trouble is crypto.h -- it should not exist
>>> according to the patch and the patch version and the kernel version
>>> disagree heavily on defines and subroutine names.
>>
>> Maybe this doesn't work because the patch doesn't know about the new
>> cryptoapi that was backported from 2.6 and integrated in 2.4.22.
>
> Sure -- but I can't locate anything crypto which *is* supposed to be
> patched into 2.4.24.
>
>> Get only the cryptoloop patch. I think the latest is for 2.4.22, but
>> it works with newer kernels as well, at least for me. Activate
>> cryptoloop support. It seems as if it doesn't matter whether you
>> activete the new crypto support. Get the cryptoapi archive from
>> kerneli.org and compile the cryptoapi and cipher modules seperately
>> from your kernel (make modules KDIR=/usr/src/... and make
>> modules_install KDIR=/usr/src/...). That works for me.
>
> I tried to locate any crytoloop patch which is meant for 2.4.22 -- no
> luck whatsoever.

Get one of these cryptoloop patches:
http://www.kernel.org/pub/linux/kern...p-hvr-2.4.22.0
http://www.kernel.org/pub/linux/kern...-jari-2.4.22.0

Apply it and activate cryptoloop support. It should work with kernel
2.4.23 and 2.4.24. It did work for me.

> The only packages I could locate are cryptoloop-0.0.1
> or cryptoloop-0.0.1-pre[14]. I tried patching them into an unpatched
> 2.4.25-pre4 and it wouldn't compile. cryptoapi-0.1.0
> (cryptoapi-0.1.0-pre4) does provide a different selection in the
> kernel config but also won't compile patched into the kernel. As
> module it was complaining about the missing cryptoloop.

You could build the cryptoapi and cipher modules /apart/ from the
kernel, as I suggested, without patching it into your kernel source
tree.

best regards
Andreas Janssen

--
Andreas Janssen
andreas.janssen@bigfoot.com
PGP-Key-ID: 0xDC801674
Registered Linux User #267976

Hi,

Andreas Janssen <andreas.janssen@bigfoot.com> writes:
> Get one of these cryptoloop patches:
> http://www.kernel.org/pub/linux/kern...p-hvr-2.4.22.0
> http://www.kernel.org/pub/linux/kern...-jari-2.4.22.0

These deep kernel.org links didn't show up on any of my google
searches unfortunately. Thanks. Right now it's working with the
patch-int-x.x.x I patched in, but I have to reinstall another machine
pretty soon (to bump it from 2.2.16 up to something which can handle a
fast IDE dvd burner). I'll give thes patches a go then :-)

> You could build the cryptoapi and cipher modules /apart/ from the
> kernel, as I suggested, without patching it into your kernel source
> tree.

I try next time -- this time it was complaining about the missing
cryptoloop.


K.-H.