/* af_alg.c - Compute message digests from file streams and buffers. Copyright (C) 2018-2023 Free Software Foundation, Inc. This file is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. */ /* Written by Matteo Croce <mcroce@redhat.com>, 2018. */ #include <config.h> #include "af_alg.h" #if USE_LINUX_CRYPTO_API #include <unistd.h> #include <string.h> #include <stdio.h> #include <errno.h> #include <linux/if_alg.h> #include <sys/stat.h> #include <sys/sendfile.h> #include <sys/socket.h> #include "sys-limits.h" #define BLOCKSIZE 32768 /* Return a newly created socket for ALG. On error, return a negative error number. */ static int alg_socket (char const *alg) { struct sockaddr_alg salg = { .salg_family = AF_ALG, .salg_type = "hash", }; /* Copy alg into salg.salg_name, without calling strcpy nor strlen. */ for (size_t i = 0; (salg.salg_name[i] = alg[i]) != '\0'; i++) if (i == sizeof salg.salg_name - 1) /* alg is too long. */ return -EINVAL; int cfd = socket (AF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0); if (cfd < 0) return -EAFNOSUPPORT; int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0 ? accept4 (cfd, NULL, 0, SOCK_CLOEXEC) : -1); close (cfd); return ofd < 0 ? -EAFNOSUPPORT : ofd; } int afalg_buffer (const char *buffer, size_t len, const char *alg, void *resblock, ssize_t hashlen) { /* On Linux < 4.9, the value for an empty stream is wrong (all zeroes). See <https://patchwork.kernel.org/patch/9308641/>. This was not fixed properly until November 2016, see <https://patchwork.kernel.org/patch/9434741/>. */ if (len == 0) return -EAFNOSUPPORT; int ofd = alg_socket (alg); if (ofd < 0) return ofd; int result; for (;;) { ssize_t size = (len > BLOCKSIZE ? BLOCKSIZE : len); if (send (ofd, buffer, size, MSG_MORE) != size) { result = -EAFNOSUPPORT; break; } buffer += size; len -= size; if (len == 0) { result = read (ofd, resblock, hashlen) == hashlen ? 0 : -EAFNOSUPPORT; break; } } close (ofd); return result; } int afalg_stream (FILE *stream, const char *alg, void *resblock, ssize_t hashlen) { int ofd = alg_socket (alg); if (ofd < 0) return ofd; /* If STREAM's size is known and nonzero and not too large, attempt sendfile to pipe the data. The nonzero restriction avoids issues with /proc files that pretend to be empty, and lets the classic read-write loop work around an empty-input bug noted below. */ int fd = fileno (stream); int result; struct stat st; off_t off = ftello (stream); if (0 <= off && fstat (fd, &st) == 0 && (S_ISREG (st.st_mode) || S_TYPEISSHM (&st) || S_TYPEISTMO (&st)) && off < st.st_size && st.st_size - off < SYS_BUFSIZE_MAX) { /* Make sure the offset of fileno (stream) reflects how many bytes have been read from stream before this function got invoked. Note: fflush on an input stream after ungetc does not work as expected on some platforms. Therefore this situation is not supported here. */ if (fflush (stream)) result = -EIO; else { off_t nbytes = st.st_size - off; if (sendfile (ofd, fd, &off, nbytes) == nbytes) { if (read (ofd, resblock, hashlen) == hashlen) { /* The input buffers of stream are no longer valid. */ if (lseek (fd, off, SEEK_SET) != (off_t)-1) result = 0; else /* The file position of fd has not changed. */ result = -EAFNOSUPPORT; } else /* The file position of fd has not changed. */ result = -EAFNOSUPPORT; } else /* The file position of fd has not changed. */ result = -EAFNOSUPPORT; } } else { /* sendfile not possible, do a classic read-write loop. */ /* Number of bytes to seek (backwards) in case of error. */ off_t nseek = 0; for (;;) { char buf[BLOCKSIZE]; /* When the stream is not seekable, start with a single-byte block, so that we can use ungetc() in the case that send() fails. */ size_t blocksize = (nseek == 0 && off < 0 ? 1 : BLOCKSIZE); ssize_t size = fread (buf, 1, blocksize, stream); if (size == 0) { /* On Linux < 4.9, the value for an empty stream is wrong (all 0). See <https://patchwork.kernel.org/patch/9308641/>. This was not fixed properly until November 2016, see <https://patchwork.kernel.org/patch/9434741/>. */ result = ferror (stream) ? -EIO : nseek == 0 ? -EAFNOSUPPORT : 0; break; } nseek -= size; if (send (ofd, buf, size, MSG_MORE) != size) { if (nseek == -1) { /* 1 byte of pushback buffer is guaranteed on stream, even if stream is not seekable. */ ungetc ((unsigned char) buf[0], stream); result = -EAFNOSUPPORT; } else if (fseeko (stream, nseek, SEEK_CUR) == 0) /* The position of stream has been restored. */ result = -EAFNOSUPPORT; else result = -EIO; break; } /* Don't assume that EOF is sticky. See: <https://sourceware.org/bugzilla/show_bug.cgi?id=19476>. */ if (feof (stream)) { result = 0; break; } } if (result == 0 && read (ofd, resblock, hashlen) != hashlen) { if (nseek == 0 || fseeko (stream, nseek, SEEK_CUR) == 0) /* The position of stream has been restored. */ result = -EAFNOSUPPORT; else result = -EIO; } } close (ofd); return result; } #endif