gl/af_alg.c

   1 /* af_alg.c - Compute message digests from file streams and buffers.
   2    Copyright (C) 2018-2023 Free Software Foundation, Inc.
   3
   4    This file is free software: you can redistribute it and/or modify
   5    it under the terms of the GNU Lesser General Public License as
   6    published by the Free Software Foundation; either version 2.1 of the
   7    License, or (at your option) any later version.
   8
   9    This file is distributed in the hope that it will be useful,
  10    but WITHOUT ANY WARRANTY; without even the implied warranty of
  11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12    GNU Lesser General Public License for more details.
  13
  14    You should have received a copy of the GNU Lesser General Public License
  15    along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
  16
  17 /* Written by Matteo Croce <mcroce@redhat.com>, 2018.  */
  18
  19 #include <config.h>
  20
  21 #include "af_alg.h"
  22
  23 #if USE_LINUX_CRYPTO_API
  24
  25 #include <unistd.h>
  26 #include <string.h>
  27 #include <stdio.h>
  28 #include <errno.h>
  29 #include <linux/if_alg.h>
  30 #include <sys/stat.h>
  31 #include <sys/sendfile.h>
  32 #include <sys/socket.h>
  33
  34 #include "sys-limits.h"
  35
  36 #define BLOCKSIZE 32768
  37
  38 /* Return a newly created socket for ALG.
  39    On error, return a negative error number.  */
  40 static int
  41 alg_socket (char const *alg)
  42 {
  43   struct sockaddr_alg salg = {
  44     .salg_family = AF_ALG,
  45     .salg_type = "hash",
  46   };
  47   /* Copy alg into salg.salg_name, without calling strcpy nor strlen.  */
  48   for (size_t i = 0; (salg.salg_name[i] = alg[i]) != '\0'; i++)
  49     if (i == sizeof salg.salg_name - 1)
  50       /* alg is too long.  */
  51       return -EINVAL;
  52
  53   int cfd = socket (AF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0);
  54   if (cfd < 0)
  55     return -EAFNOSUPPORT;
  56   int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0
  57              ? accept4 (cfd, NULL, 0, SOCK_CLOEXEC)
  58              : -1);
  59   close (cfd);
  60   return ofd < 0 ? -EAFNOSUPPORT : ofd;
  61 }
  62
  63 int
  64 afalg_buffer (const char *buffer, size_t len, const char *alg,
  65               void *resblock, ssize_t hashlen)
  66 {
  67   /* On Linux < 4.9, the value for an empty stream is wrong (all zeroes).
  68      See <https://patchwork.kernel.org/patch/9308641/>.
  69      This was not fixed properly until November 2016,
  70      see <https://patchwork.kernel.org/patch/9434741/>.  */
  71   if (len == 0)
  72     return -EAFNOSUPPORT;
  73
  74   int ofd = alg_socket (alg);
  75   if (ofd < 0)
  76     return ofd;
  77
  78   int result;
  79
  80   for (;;)
  81     {
  82       ssize_t size = (len > BLOCKSIZE ? BLOCKSIZE : len);
  83       if (send (ofd, buffer, size, MSG_MORE) != size)
  84         {
  85           result = -EAFNOSUPPORT;
  86           break;
  87         }
  88       buffer += size;
  89       len -= size;
  90       if (len == 0)
  91         {
  92           result = read (ofd, resblock, hashlen) == hashlen ? 0 : -EAFNOSUPPORT;
  93           break;
  94         }
  95     }
  96
  97   close (ofd);
  98   return result;
  99 }
 100
 101 int
 102 afalg_stream (FILE *stream, const char *alg,
 103               void *resblock, ssize_t hashlen)
 104 {
 105   int ofd = alg_socket (alg);
 106   if (ofd < 0)
 107     return ofd;
 108
 109   /* If STREAM's size is known and nonzero and not too large, attempt
 110      sendfile to pipe the data.  The nonzero restriction avoids issues
 111      with /proc files that pretend to be empty, and lets the classic
 112      read-write loop work around an empty-input bug noted below.  */
 113   int fd = fileno (stream);
 114   int result;
 115   struct stat st;
 116   off_t off = ftello (stream);
 117   if (0 <= off && fstat (fd, &st) == 0
 118       && (S_ISREG (st.st_mode) || S_TYPEISSHM (&st) || S_TYPEISTMO (&st))
 119       && off < st.st_size && st.st_size - off < SYS_BUFSIZE_MAX)
 120     {
 121       /* Make sure the offset of fileno (stream) reflects how many bytes
 122          have been read from stream before this function got invoked.
 123          Note: fflush on an input stream after ungetc does not work as expected
 124          on some platforms.  Therefore this situation is not supported here.  */
 125       if (fflush (stream))
 126         result = -EIO;
 127       else
 128         {
 129           off_t nbytes = st.st_size - off;
 130           if (sendfile (ofd, fd, &off, nbytes) == nbytes)
 131             {
 132               if (read (ofd, resblock, hashlen) == hashlen)
 133                 {
 134                   /* The input buffers of stream are no longer valid.  */
 135                   if (lseek (fd, off, SEEK_SET) != (off_t)-1)
 136                     result = 0;
 137                   else
 138                     /* The file position of fd has not changed.  */
 139                     result = -EAFNOSUPPORT;
 140                 }
 141               else
 142                 /* The file position of fd has not changed.  */
 143                 result = -EAFNOSUPPORT;
 144             }
 145           else
 146             /* The file position of fd has not changed.  */
 147             result = -EAFNOSUPPORT;
 148        }
 149     }
 150   else
 151     {
 152       /* sendfile not possible, do a classic read-write loop.  */
 153
 154       /* Number of bytes to seek (backwards) in case of error.  */
 155       off_t nseek = 0;
 156
 157       for (;;)
 158         {
 159           char buf[BLOCKSIZE];
 160           /* When the stream is not seekable, start with a single-byte block,
 161              so that we can use ungetc() in the case that send() fails.  */
 162           size_t blocksize = (nseek == 0 && off < 0 ? 1 : BLOCKSIZE);
 163           ssize_t size = fread (buf, 1, blocksize, stream);
 164           if (size == 0)
 165             {
 166               /* On Linux < 4.9, the value for an empty stream is wrong (all 0).
 167                  See <https://patchwork.kernel.org/patch/9308641/>.
 168                  This was not fixed properly until November 2016,
 169                  see <https://patchwork.kernel.org/patch/9434741/>.  */
 170               result = ferror (stream) ? -EIO : nseek == 0 ? -EAFNOSUPPORT : 0;
 171               break;
 172             }
 173           nseek -= size;
 174           if (send (ofd, buf, size, MSG_MORE) != size)
 175             {
 176               if (nseek == -1)
 177                 {
 178                   /* 1 byte of pushback buffer is guaranteed on stream, even
 179                      if stream is not seekable.  */
 180                   ungetc ((unsigned char) buf[0], stream);
 181                   result = -EAFNOSUPPORT;
 182                 }
 183               else if (fseeko (stream, nseek, SEEK_CUR) == 0)
 184                 /* The position of stream has been restored.  */
 185                 result = -EAFNOSUPPORT;
 186               else
 187                 result = -EIO;
 188               break;
 189             }
 190
 191           /* Don't assume that EOF is sticky. See:
 192              <https://sourceware.org/bugzilla/show_bug.cgi?id=19476>.  */
 193           if (feof (stream))
 194             {
 195               result = 0;
 196               break;
 197             }
 198         }
 199
 200       if (result == 0 && read (ofd, resblock, hashlen) != hashlen)
 201         {
 202           if (nseek == 0 || fseeko (stream, nseek, SEEK_CUR) == 0)
 203             /* The position of stream has been restored.  */
 204             result = -EAFNOSUPPORT;
 205           else
 206             result = -EIO;
 207         }
 208     }
 209   close (ofd);
 210   return result;
 211 }
 212
 213 #endif