Add kernel userspace header detection.

Add --disable-kernel_crypto to allow compilation with old kernel.

diff --git a/configure.in b/configure.in
index 2985b92..dba71fa 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -172,7 +172,7 @@ AC_DEFUN([CONFIGURE_NSS], [
 
 AC_DEFUN([CONFIGURE_KERNEL], [
        AC_CHECK_HEADERS(linux/if_alg.h,,
-               [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])])
+               [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])])
 #      AC_CHECK_DECLS([AF_ALG],,
 #              [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
 #              [#include <sys/socket.h>])
@@ -253,6 +253,19 @@ AC_ARG_WITH([crypto_backend],
        AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]),
        [], with_crypto_backend=gcrypt
 )
+
+dnl Kernel crypto API backend needed for benchmark and tcrypt
+AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto],
+       [disable kernel userspace crypto (no benchmark and tcrypt)]),
+       [with_kernel_crypto=$enableval],
+       [with_kernel_crypto=yes])
+
+if test "x$with_kernel_crypto" = "xyes"; then
+       AC_CHECK_HEADERS(linux/if_alg.h,,
+               [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])])
+       AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto])
+fi
+
 case $with_crypto_backend in
        gcrypt)  CONFIGURE_GCRYPT([]) ;;
        openssl) CONFIGURE_OPENSSL([]) ;;

diff --git a/lib/crypto_backend/crypto_cipher_kernel.c b/lib/crypto_backend/crypto_cipher_kernel.c
index 922c1df..3bda80a 100644 (file)
--- a/lib/crypto_backend/crypto_cipher_kernel.c
+++ b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -26,9 +26,12 @@
 #include <unistd.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
-#include <linux/if_alg.h>
 #include "crypto_backend.h"
 
+#ifdef ENABLE_AF_ALG
+
+#include <linux/if_alg.h>
+
 #ifndef AF_ALG
 #define AF_ALG 38
 #endif
@@ -193,3 +196,30 @@ int crypt_cipher_destroy(struct crypt_cipher *ctx)
        free(ctx);
        return 0;
 }
+
+#else /* ENABLE_AF_ALG */
+
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+                   const char *mode, const void *buffer, size_t length)
+{
+       return -ENOTSUP;
+}
+
+int crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+       return 0;
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+                        const char *in, char *out, size_t length,
+                        const char *iv, size_t iv_length)
+{
+       return -EINVAL;
+}
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+                        const char *in, char *out, size_t length,
+                        const char *iv, size_t iv_length)
+{
+       return -EINVAL;
+}
+#endif

diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c
index 7ff590a..eb1e2da 100644 (file)
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
@@ -526,9 +526,12 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
                        break;
        }
 
-       if ((skipped && skipped == i) || r == -ENOTSUP)
-               log_err(cd, _("Required kernel crypto interface not available.\n"
-                             "Ensure you have algif_skcipher kernel module loaded.\n"));
+       if ((skipped && skipped == i) || r == -ENOTSUP) {
+               log_err(cd, _("Required kernel crypto interface not available.\n"));
+#ifdef ENABLE_AF_ALG
+               log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.\n"));
+#endif
+       }
        if (r < 0)
                goto out;
 

diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 29a96f9..252f031 100644 (file)
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -545,9 +545,12 @@ static int action_benchmark(void)
                        r = -ENOTSUP;
        }
 
-       if (r == -ENOTSUP)
-               log_err( _("Required kernel crypto interface not available.\n"
-                          "Ensure you have algif_skcipher kernel module loaded.\n"));
+       if (r == -ENOTSUP) {
+               log_err(_("Required kernel crypto interface not available.\n"));
+#ifdef ENABLE_AF_ALG
+               log_err( _("Ensure you have algif_skcipher kernel module loaded.\n"));
+#endif
+       }
        return r;
 }