Add kernel userspace header detection.

Add --disable-kernel_crypto to allow compilation with old kernel.
2025-12-07 17:00:03 +01:00 · 2012-12-30 12:28:30 +01:00
parent 0946c704bf
commit 46de69d0e6
4 changed files with 57 additions and 8 deletions
--- a/configure.in
+++ b/configure.in
@@ -172,7 +172,7 @@ AC_DEFUN([CONFIGURE_NSS], [

 AC_DEFUN([CONFIGURE_KERNEL], [
 	AC_CHECK_HEADERS(linux/if_alg.h,,
-		[AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])])
+		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])])
 #	AC_CHECK_DECLS([AF_ALG],,
 #		[AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
 #		[#include <sys/socket.h>])
@@ -253,6 +253,19 @@ AC_ARG_WITH([crypto_backend],
 	AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]),
 	[], with_crypto_backend=gcrypt
 )
+
+dnl Kernel crypto API backend needed for benchmark and tcrypt
+AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto],
+	[disable kernel userspace crypto (no benchmark and tcrypt)]),
+	[with_kernel_crypto=$enableval],
+	[with_kernel_crypto=yes])
+
+if test "x$with_kernel_crypto" = "xyes"; then
+	AC_CHECK_HEADERS(linux/if_alg.h,,
+		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])])
+	AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto])
+fi
+
 case $with_crypto_backend in
 	gcrypt)  CONFIGURE_GCRYPT([]) ;;
 	openssl) CONFIGURE_OPENSSL([]) ;;
--- a/lib/crypto_backend/crypto_cipher_kernel.c
+++ b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -26,9 +26,12 @@
 #include <unistd.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
-#include <linux/if_alg.h>
 #include "crypto_backend.h"

+#ifdef ENABLE_AF_ALG
+
+#include <linux/if_alg.h>
+
 #ifndef AF_ALG
 #define AF_ALG 38
 #endif
@@ -193,3 +196,30 @@ int crypt_cipher_destroy(struct crypt_cipher *ctx)
 	free(ctx);
 	return 0;
 }
+
+#else /* ENABLE_AF_ALG */
+
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		    const char *mode, const void *buffer, size_t length)
+{
+	return -ENOTSUP;
+}
+
+int crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+	return 0;
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return -EINVAL;
+}
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return -EINVAL;
+}
+#endif
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
@@ -526,9 +526,12 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 			break;
 	}

-	if ((skipped && skipped == i) || r == -ENOTSUP)
-		log_err(cd, _("Required kernel crypto interface not available.\n"
-			      "Ensure you have algif_skcipher kernel module loaded.\n"));
+	if ((skipped && skipped == i) || r == -ENOTSUP) {
+		log_err(cd, _("Required kernel crypto interface not available.\n"));
+#ifdef ENABLE_AF_ALG
+		log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.\n"));
+#endif
+	}
 	if (r < 0)
 		goto out;

--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -545,9 +545,12 @@ static int action_benchmark(void)
 			r = -ENOTSUP;
 	}

-	if (r == -ENOTSUP)
-		log_err( _("Required kernel crypto interface not available.\n"
-			   "Ensure you have algif_skcipher kernel module loaded.\n"));
+	if (r == -ENOTSUP) {
+		log_err(_("Required kernel crypto interface not available.\n"));
+#ifdef ENABLE_AF_ALG
+		log_err( _("Ensure you have algif_skcipher kernel module loaded.\n"));
+#endif
+	}
 	return r;
 }