[Openswan dev] problems with 2.4.10

Laszlo Attila Toth panther at balabit.hu
Wed Dec 12 05:27:56 EST 2007 

Hello,

I found other problems.

First of all, the configuration (kernel 2.6.22)
CONFIG_KLIPS_ALG=y
CONFIG_KLIPS=y
# KLIPS options
CONFIG_KLIPS_ESP=y
CONFIG_KLIPS_AH=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
CONFIG_KLIPS_ENC_CRYPTOAPI=y
CONFIG_KLIPS_ENC_1DES=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
# CONFIG_KLIPS_ENC_NULL is not set
CONFIG_KLIPS_IPCOMP=y
# CONFIG_KLIPS_DEBUG is not set


1) If KLIPS_DEBUG is not set, debug_tunnel is undeclared in 
net/ipsec/ipsec_xmit.c line 1251.

include/openswan/ipsec_xmit.h line 128-129:
  #ifdef CONFIG_KLIPS_DEBUG
  extern int debug_tunnel;

Same problem is with DB_TN_XMIT defined in 
include/openswan/ipsec_tunnel.h line 123 only if KLIPS_DEBUG is set

I think, previously I set this config option also I didn't got these errors.


net/ipsec/Kconfig may be the following:
config KLIPS
         tristate "Openswan IPsec (KLIPS26)"
         default n
+       select KLIPS_ALG
+       select KLIPS_DEBUG


2) crypto_alg_available is undeclared
warning: implicit declaration of function `crypto_alg_available'

Used in:

net/ipsec/alg/ipsec_alg_cryptoapi.c:
185 int setup_cipher(const char *ciphername)
186 {
187         return crypto_alg_available(ciphername, 0);
188 }

net/ipsec/ipsec_alg_cryptoapi.c:
198 int setup_cipher(const char *ciphername)
199 {
200         return crypto_alg_available(ciphername, 0);
201 }
...
349 setup_cipher_list (struct ipsec_alg_capi_cipher* clist)
...
377                 if( setup_cipher(cptr->ciphername) ) {

Two non-static functions in different files. It can be problematic 
(multpile definition). And they are called.

3)

net/ipsec/ipsec_alg_cryptoapi.c: In function `_capi_new_key':
net/ipsec/ipsec_alg_cryptoapi.c:287: warning: int format, different type 
arg (arg 5)
284         if (debug_crypto > 0)
285                 printk(KERN_DEBUG "klips_debug:_capi_new_key:"
286                                 "name=%s cptr=%p key=%p keysize=%d\n",
287                                 alg->ixt_common.ixt_name, cptr, key, 
keylen);

The keylen is size_t which may be unsigned long, also it is 32-bit or 
64-bit long depending on the architecture. The %d format assumes it is 
32-bit


4) if KLIPS_ENC_CRYPTOAPI is set:
net/ipsec/ipsec_alg_cryptoapi.c:292: error: `CRYPTO_TFM_MODE_CBC' 
undeclared (first use in this function)

The code is same as in 2.4.11 (I checked this one)

88
289         /*
290          *      alloc tfm
291          */
292         tfm = crypto_alloc_tfm(cptr->ciphername, CRYPTO_TFM_MODE_CBC);
29

The define is removed from
include/linux/crypto.h, after kernel v2.6.20 (2007-01-27)

  43 #define CRYPTO_TFM_MODE_ECB             0x00000001
  44 #define CRYPTO_TFM_MODE_CBC             0x00000002
  45 #define CRYPTO_TFM_MODE_CFB             0x00000004
  46 #define CRYPTO_TFM_MODE_CTR             0x00000008

The git commit's SHA1-ID is
f1ddcaf3393b7a3871809b97fae90fac841a1f39


Will the newer cryptoapi be supported?

Regards,
	Attila

More information about the Dev mailing list