Opened 2 years ago
Closed 2 years ago
#21305 closed defect (fixed)
IPsec / strongSwan fails with kernel >= 4.3
Reported by: | arokh | Owned by: | developers |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | kernel | Version: | Trunk |
Keywords: | Cc: |
Description
Dec 4 22:35:20 02[KNL] received netlink error: No such file or directory (2) Dec 4 22:35:20 02[KNL] unable to add SAD entry with SPI c7e5cc85
Nailed it down to these two modules missing:
CONFIG_CRYPTO_DRBG (drbg.ko)
CONFIG_CRYPTO_ECHAINIV (echainiv.ko)
Adjustments to crypto.mk should be made.
Attachments (0)
Change History (7)
comment:1 follow-ups: ↓ 2 ↓ 3 ↓ 4 Changed 2 years ago by anonymous
comment:2 in reply to: ↑ 1 Changed 2 years ago by Damian Kaczkowski
Replying to anonymous:
ERROR: module '/home/xxx/trunk/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_mt7620/linux-4.3/crypto/drbg.ko' is missing.
+1
comment:3 in reply to: ↑ 1 Changed 2 years ago by anonymous
Replying to anonymous:
ERROR: module '/home/xxx/trunk/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_mt7620/linux-4.3/crypto/drbg.ko' is missing.
driveby google ->
+1 same issue
comment:4 in reply to: ↑ 1 Changed 2 years ago by anonymous
Replying to anonymous:
ERROR: module '/home/xxx/trunk/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_mt7620/linux-4.3/crypto/drbg.ko' is missing.
+1 same issue
ERROR: module '/home/jack/openwrt/build_dir/target-mipsel_1004kc+dsp_musl-1.1.11/linux-ramips_mt7621/linux-4.3/crypto/drbg.ko' is missing.
comment:5 Changed 2 years ago by fededim@…
Solved! In the new kernel 4.3 you should be able to choose among 4 algorithms for rng (https://en.wikipedia.org/wiki/NIST_SP_800-90A), there should be a menu to choose one of the four methods. As a quick workaround we can patch crypto.mk file with one of the four methods. In short edit package/kernel/linux/modules/crypto.mk, look for KernelPackage/crypto-rng and replace CONFIG_CRYPTO_DRBG \ line like this:
define KernelPackage/crypto-rng
TITLE:=CryptoAPI random number generation
DEPENDS:=+kmod-crypto-hash
KCONFIG:= \
CONFIG_CRYPTO_DRBG_MENU=m \
CONFIG_CRYPTO_DRBG_HASH=y \
CONFIG_CRYPTO_JITTERENTROPY \
CONFIG_CRYPTO_RNG2
FILES:= \
$(LINUX_DIR)/crypto/drbg.ko@ge4.2 \
$(LINUX_DIR)/crypto/jitterentropy_rng.ko@ge4.2 \
$(LINUX_DIR)/crypto/krng.ko@lt4.2 \
$(LINUX_DIR)/crypto/rng.ko
AUTOLOAD:=$(call AutoLoad,09,drbg@ge4.2 jitterentropy_rng@ge4.2 krng@lt4.2 rng)
$(call AddDepends/crypto)
endef
comment:6 Changed 2 years ago by arokh
Setting it as =y probably builds the dependencies to that module into the kernel. Here's how I solved it:
diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index 604be9f..73b2a82 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -120,11 +120,14 @@ $(eval $(call KernelPackage,crypto-rng)) define KernelPackage/crypto-iv TITLE:=CryptoAPI initialization vectors DEPENDS:=+kmod-crypto-manager +kmod-crypto-rng +kmod-crypto-wq - KCONFIG:= CONFIG_CRYPTO_BLKCIPHER2 + KCONFIG:= \ + CONFIG_CRYPTO_BLKCIPHER2 \ + CONFIG_CRYPTO_ECHAINIV FILES:= \ $(LINUX_DIR)/crypto/eseqiv.ko \ - $(LINUX_DIR)/crypto/chainiv.ko - AUTOLOAD:=$(call AutoLoad,10,eseqiv chainiv) + $(LINUX_DIR)/crypto/chainiv.ko \ + $(LINUX_DIR)/crypto/echainiv.ko@ge4.3 + AUTOLOAD:=$(call AutoLoad,10,eseqiv chainiv echainiv@ge4.3) $(call AddDepends/crypto) endef
By including the new echainiv module.
comment:7 Changed 2 years ago by nbd
- Resolution set to fixed
- Status changed from new to closed
ERROR: module '/home/xxx/trunk/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_mt7620/linux-4.3/crypto/drbg.ko' is missing.