[Openswan Users] KLIPS + kernel 2.4.31 + CriptoAPI

GuillermoOntañón gontanon at pandasoftware.es
Thu Dec 1 10:15:43 CET 2005


Hi,

I'm trying to build KLIPS on a 2.4.31 kernel with cryptoapi support, but
I must be doing something very wrong... First I had to modify the patch
in order to get CONFIG_KLIPS_ENC_CRYPTOAPI to be offered as an option by
menuconfig. I had to do two string substitutions in
ipsec/alg/Config.alg_cryptoapi.in (patch attached):

        s/CONFIG_IPSEC_ALG/CONFIG_KLIPS_ALG/
        s/CONFIG_IPSEC_ALG_CRYPTOAPI/CONFIG_KLIPS_ENC_CRYPTOAPI/

After making those changes I ended up with the ipsec.o and
ipsec_alg_cryptoapi.o kernel modules. I then loaded all the cryptoapi
modules, ipsec.o and ipsec_alg_cryptoapi.o (in that order) and started
pluto. However pluto does not report any of the cryptoapi algs as being
available, and when I set up a connection to use blowfish I always get:

	requested kernel enc ealg_id=7 not present

I've tried to pass "blowfish=1" as an option to ipsec_alg_cryptoapi and
it loads without errors, but the behavior is exactly the same.

these are the relevant parts of my kernel config:

CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_KLIPS=m
CONFIG_KLIPS_IPIP=y
CONFIG_KLIPS_AH=y
CONFIG_KLIPS_ESP=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
CONFIG_KLIPS_ALG=y
CONFIG_KLIPS_ENC_CRYPTOAPI=m
CONFIG_IPSEC_ALG_NON_LIBRE=y
CONFIG_KLIPS_IPCOMP=y
CONFIG_KLIPS_DEBUG=y

CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
# CONFIG_CRYPTO_NULL is not set
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=m
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_SHA256=m
CONFIG_CRYPTO_SHA512=m
# CONFIG_CRYPTO_WP512 is not set
CONFIG_CRYPTO_DES=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_AES=m
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_ANUBIS is not set
# CONFIG_CRYPTO_ARC4 is not set
CONFIG_CRYPTO_DEFLATE=m
# CONFIG_CRYPTO_MICHAEL_MIC is not set
# CONFIG_CRYPTO_TEST is not set



any ideas?

thanks,
-- 
Guillermo Ontañón <gontanon at pandasoftware.es>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: klips.patch
Type: text/x-patch
Size: 790 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20051201/347ee977/klips.bin


More information about the Users mailing list