Professional Web Applications Themes

cryptography in 2.4.24 kernels - Linux Setup, Configuration & Administration

Hi, I've recompiled several recent 2.4.* kernels, the most recent a 2.4.24. In the xconfig dialog I always find the cryptogaphy section and would like to activate it as I've a encrypted file (cryptoloop, aes) from a successfully patched 2.4.21-rc6 with patch-int-2.4.18 (IIRC) and cryptoloop. Unfortunately everytime I compile the kernel cryptography modules they have unresolved symbols. Can anybody comment or solve this? To me it looks like this is broken code in the kernel (since at least 2.4.22 and up to 2.4.25-pre4). If I include the cryptoloop patch and compile the kenel cipher code in the kernel (not as ...

  1. #1

    Default cryptography in 2.4.24 kernels


    Hi,

    I've recompiled several recent 2.4.* kernels, the most recent a
    2.4.24. In the xconfig dialog I always find the cryptogaphy section
    and would like to activate it as I've a encrypted file (cryptoloop,
    aes) from a successfully patched 2.4.21-rc6 with patch-int-2.4.18
    (IIRC) and cryptoloop.


    Unfortunately everytime I compile the kernel cryptography modules they
    have unresolved symbols. Can anybody comment or solve this? To me it
    looks like this is broken code in the kernel (since at least 2.4.22
    and up to 2.4.25-pre4).

    If I include the cryptoloop patch and compile the kenel cipher code in
    the kernel (not as module) I don't get unresoved symbols but the
    cipher is still not available to cryptoloop.


    If I grab a recent patch for the cryptographic stuff like
    patch-int-2.4.21.0 it won't patch clean. Most of the ciphers go in ok,
    but the biggest trouble is crypto.h -- it should not exist according
    to the patch and the patch version and the kernel version disagree
    heavily on defines and subroutine names.


    The successful 2.4.21 patch was also only after handtweaking but then
    at least there was no alternative kernel crypto version in the way.

    I want to go at least up to 2.4.23 as the latest prism54
    patches/modules for my Wireless card are supposed for 2.4.23 or
    higher.

    Any ideas on how to get a cryptoloop working in 2.4.24?

    I don't mind unencrypting with the old kernel and reencrypting under
    the new version.


    thanks!


    K.-H.
    Karl-Heinz Guest

  2. #2

    Default Re: cryptography in 2.4.24 kernels

    Hello

    Karl-Heinz Herrmann (<de>) wrote:
     

    Maybe this doesn't work because the patch doesn't know about the new
    cryptoapi that was backported from 2.6 and integrated in 2.4.22.
     

    Better use 2.4.24, 2.4.23 has security issues.
     

    Get only the cryptoloop patch. I think the latest is for 2.4.22, but it
    works with newer kernels as well, at least for me. Activate cryptoloop
    support. It seems as if it doesn't matter whether you activete the new
    crypto support. Get the cryptoapi archive from kerneli.org and compile
    the cryptoapi and cipher modules seperately from your kernel (make
    modules KDIR=/usr/src/... and make modules_install KDIR=/usr/src/...).
    That works for me.

    Or use the cryptoloop patch with the new cryptoapi that is already in
    the kernel. In that case, make sure your mount and losetup support the
    new api. I also don't know if your old container files are compatible
    to the new system.

    best regards
    Andreas Janssen

    --
    Andreas Janssen
    com
    PGP-Key-ID: 0xDC801674
    Registered Linux User #267976
    Andreas Guest

  3. #3

    Default Re: cryptography in 2.4.24 kernels

    Andreas Janssen <com> writes: 
    >
    > Maybe this doesn't work because the patch doesn't know about the new
    > cryptoapi that was backported from 2.6 and integrated in 2.4.22.[/ref]

    Sure -- but I can't locate anything crypto which *is* supposed to be
    patched into 2.4.24.
     

    I tried to locate any crytoloop patch which is meant for 2.4.22 -- no
    luck whatsoever. The only packages I could locate are cryptoloop-0.0.1
    or cryptoloop-0.0.1-pre[14]. I tried patching them into an unpatched
    2.4.25-pre4 and it wouldn't compile. cryptoapi-0.1.0
    (cryptoapi-0.1.0-pre4) does provide a different selection in the
    kernel config but also won't compile patched into the kernel. As
    module it was complaining about the missing cryptoloop.
     

    Well -- I tried once again using patch-int-2.4.21.0 and assuming that
    it would replace all the kernel cryptoapi code I checked with
    --dry-run which files exist already and moved them out of the
    way. Then remained one major Conflict with include/linux/crypto.h --
    where I also chose the patch version instead of merging them. This
    finally did compile and I've a working cryptoloop again. It even is
    able to read my old encrypted file. Maybe it helps somebody else to
    get it working.


    K.-H.




    Karl-Heinz Guest

  4. #4

    Default Re: cryptography in 2.4.24 kernels

    Hello

    Karl-Heinz Herrmann (<de>) wrote:
     
    >>
    >> Maybe this doesn't work because the patch doesn't know about the new
    >> cryptoapi that was backported from 2.6 and integrated in 2.4.22.[/ref]
    >
    > Sure -- but I can't locate anything crypto which *is* supposed to be
    > patched into 2.4.24.

    >
    > I tried to locate any crytoloop patch which is meant for 2.4.22 -- no
    > luck whatsoever.[/ref]

    Get one of these cryptoloop patches:
    http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-cryptoloop-hvr-2.4.22.0
    http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-cryptoloop-jari-2.4.22.0

    Apply it and activate cryptoloop support. It should work with kernel
    2.4.23 and 2.4.24. It did work for me.
     

    You could build the cryptoapi and cipher modules /apart/ from the
    kernel, as I suggested, without patching it into your kernel source
    tree.

    best regards
    Andreas Janssen

    --
    Andreas Janssen
    com
    PGP-Key-ID: 0xDC801674
    Registered Linux User #267976
    Andreas Guest

  5. #5

    Default Re: cryptography in 2.4.24 kernels


    Hi,

    Andreas Janssen <com> writes: 

    These deep kernel.org links didn't show up on any of my google
    searches unfortunately. Thanks. Right now it's working with the
    patch-int-x.x.x I patched in, but I have to reinstall another machine
    pretty soon (to bump it from 2.2.16 up to something which can handle a
    fast IDE dvd burner). I'll give thes patches a go then :-)
     

    I try next time -- this time it was complaining about the missing
    cryptoloop.


    K.-H.



    Karl-Heinz Guest

Similar Threads

  1. Cryptography.
    By Bala in forum ASP.NET Security
    Replies: 8
    Last Post: October 19th, 03:00 AM
  2. Cryptography
    By Dale in forum ASP.NET Security
    Replies: 4
    Last Post: May 8th, 03:43 AM
  3. RedHat 9 and 2.6.0 test kernels
    By Nico in forum Linux Setup, Configuration & Administration
    Replies: 2
    Last Post: November 8th, 12:57 AM
  4. Removing kernels
    By Coyote in forum Linux Setup, Configuration & Administration
    Replies: 8
    Last Post: August 24th, 05:48 AM
  5. Cryptography in ASP
    By Alexei Pashin in forum ASP Components
    Replies: 0
    Last Post: July 1st, 08:53 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139