AC_DEFUN([CONFIGURE_KERNEL], [
AC_CHECK_HEADERS(linux/if_alg.h,,
- [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])])
+ [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])])
# AC_CHECK_DECLS([AF_ALG],,
# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
# [#include <sys/socket.h>])
AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]),
[], with_crypto_backend=gcrypt
)
+
+dnl Kernel crypto API backend needed for benchmark and tcrypt
+AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto],
+ [disable kernel userspace crypto (no benchmark and tcrypt)]),
+ [with_kernel_crypto=$enableval],
+ [with_kernel_crypto=yes])
+
+if test "x$with_kernel_crypto" = "xyes"; then
+ AC_CHECK_HEADERS(linux/if_alg.h,,
+ [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])])
+ AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto])
+fi
+
case $with_crypto_backend in
gcrypt) CONFIGURE_GCRYPT([]) ;;
openssl) CONFIGURE_OPENSSL([]) ;;
#include <unistd.h>
#include <sys/socket.h>
#include <sys/stat.h>
-#include <linux/if_alg.h>
#include "crypto_backend.h"
+#ifdef ENABLE_AF_ALG
+
+#include <linux/if_alg.h>
+
#ifndef AF_ALG
#define AF_ALG 38
#endif
free(ctx);
return 0;
}
+
+#else /* ENABLE_AF_ALG */
+
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+ const char *mode, const void *buffer, size_t length)
+{
+ return -ENOTSUP;
+}
+
+int crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+ return 0;
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+ const char *in, char *out, size_t length,
+ const char *iv, size_t iv_length)
+{
+ return -EINVAL;
+}
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+ const char *in, char *out, size_t length,
+ const char *iv, size_t iv_length)
+{
+ return -EINVAL;
+}
+#endif
break;
}
- if ((skipped && skipped == i) || r == -ENOTSUP)
- log_err(cd, _("Required kernel crypto interface not available.\n"
- "Ensure you have algif_skcipher kernel module loaded.\n"));
+ if ((skipped && skipped == i) || r == -ENOTSUP) {
+ log_err(cd, _("Required kernel crypto interface not available.\n"));
+#ifdef ENABLE_AF_ALG
+ log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.\n"));
+#endif
+ }
if (r < 0)
goto out;