1 files changed, 213 insertions, 0 deletions
diff --git a/gl/af_alg.c b/gl/af_alg.c
new file mode 100644
index 00000000..9f022ce5
--- /dev/null
+++ b/gl/af_alg.c
@@ -0,0 +1,213 @@
+/* af_alg.c - Compute message digests from file streams and buffers.
+   Copyright (C) 2018-2023 Free Software Foundation, Inc.
+   This file is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation; either version 2.1 of the
+   License, or (at your option) any later version.
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+/* Written by Matteo Croce <mcroce@redhat.com>, 2018.  */
+#include <config.h>
+#include "af_alg.h"
+#if USE_LINUX_CRYPTO_API
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <linux/if_alg.h>
+#include <sys/stat.h>
+#include <sys/sendfile.h>
+#include <sys/socket.h>
+#include "sys-limits.h"
+#define BLOCKSIZE 32768
+/* Return a newly created socket for ALG.
+   On error, return a negative error number.  */
+static int
+alg_socket (char const *alg)
+{
+  struct sockaddr_alg salg = {
+    .salg_family = AF_ALG,
+    .salg_type = "hash",
+  };
+  /* Copy alg into salg.salg_name, without calling strcpy nor strlen.  */
+  for (size_t i = 0; (salg.salg_name[i] = alg[i]) != '\0'; i++)
+    if (i == sizeof salg.salg_name - 1)
+      /* alg is too long.  */
+      return -EINVAL;
+  int cfd = socket (AF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0);
+  if (cfd < 0)
+    return -EAFNOSUPPORT;
+  int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0
+             ? accept4 (cfd, NULL, 0, SOCK_CLOEXEC)
+             : -1);
+  close (cfd);
+  return ofd < 0 ? -EAFNOSUPPORT : ofd;
+}
+int
+afalg_buffer (const char *buffer, size_t len, const char *alg,
+              void *resblock, ssize_t hashlen)
+{
+  /* On Linux < 4.9, the value for an empty stream is wrong (all zeroes).
+     See <https://patchwork.kernel.org/patch/9308641/>.
+     This was not fixed properly until November 2016,
+     see <https://patchwork.kernel.org/patch/9434741/>.  */
+  if (len == 0)
+    return -EAFNOSUPPORT;
+  int ofd = alg_socket (alg);
+  if (ofd < 0)
+    return ofd;
+  int result;
+  for (;;)
+    {
+      ssize_t size = (len > BLOCKSIZE ? BLOCKSIZE : len);
+      if (send (ofd, buffer, size, MSG_MORE) != size)
+        {
+          result = -EAFNOSUPPORT;
+          break;
+        }
+      buffer += size;
+      len -= size;
+      if (len == 0)
+        {
+          result = read (ofd, resblock, hashlen) == hashlen ? 0 : -EAFNOSUPPORT;
+          break;
+        }
+    }
+  close (ofd);
+  return result;
+}
+int
+afalg_stream (FILE *stream, const char *alg,
+              void *resblock, ssize_t hashlen)
+{
+  int ofd = alg_socket (alg);
+  if (ofd < 0)
+    return ofd;
+  /* If STREAM's size is known and nonzero and not too large, attempt
+     sendfile to pipe the data.  The nonzero restriction avoids issues
+     with /proc files that pretend to be empty, and lets the classic
+     read-write loop work around an empty-input bug noted below.  */
+  int fd = fileno (stream);
+  int result;
+  struct stat st;
+  off_t off = ftello (stream);
+  if (0 <= off && fstat (fd, &st) == 0
+      && (S_ISREG (st.st_mode) || S_TYPEISSHM (&st) || S_TYPEISTMO (&st))
+      && off < st.st_size && st.st_size - off < SYS_BUFSIZE_MAX)
+    {
+      /* Make sure the offset of fileno (stream) reflects how many bytes
+         have been read from stream before this function got invoked.
+         Note: fflush on an input stream after ungetc does not work as expected
+         on some platforms.  Therefore this situation is not supported here.  */
+      if (fflush (stream))
+        result = -EIO;
+      else
+        {
+          off_t nbytes = st.st_size - off;
+          if (sendfile (ofd, fd, &off, nbytes) == nbytes)
+            {
+              if (read (ofd, resblock, hashlen) == hashlen)
+                {
+                  /* The input buffers of stream are no longer valid.  */
+                  if (lseek (fd, off, SEEK_SET) != (off_t)-1)
+                    result = 0;
+                  else
+                    /* The file position of fd has not changed.  */
+                    result = -EAFNOSUPPORT;
+                }
+              else
+                /* The file position of fd has not changed.  */
+                result = -EAFNOSUPPORT;
+            }
+          else
+            /* The file position of fd has not changed.  */
+            result = -EAFNOSUPPORT;
+       }
+    }
+  else
+    {
+      /* sendfile not possible, do a classic read-write loop.  */
+      /* Number of bytes to seek (backwards) in case of error.  */
+      off_t nseek = 0;
+      for (;;)
+        {
+          char buf[BLOCKSIZE];
+          /* When the stream is not seekable, start with a single-byte block,
+             so that we can use ungetc() in the case that send() fails.  */
+          size_t blocksize = (nseek == 0 && off < 0 ? 1 : BLOCKSIZE);
+          ssize_t size = fread (buf, 1, blocksize, stream);
+          if (size == 0)
+            {
+              /* On Linux < 4.9, the value for an empty stream is wrong (all 0).
+                 See <https://patchwork.kernel.org/patch/9308641/>.
+                 This was not fixed properly until November 2016,
+                 see <https://patchwork.kernel.org/patch/9434741/>.  */
+              result = ferror (stream) ? -EIO : nseek == 0 ? -EAFNOSUPPORT : 0;
+              break;
+            }
+          nseek -= size;
+          if (send (ofd, buf, size, MSG_MORE) != size)
+            {
+              if (nseek == -1)
+                {
+                  /* 1 byte of pushback buffer is guaranteed on stream, even
+                     if stream is not seekable.  */
+                  ungetc ((unsigned char) buf[0], stream);
+                  result = -EAFNOSUPPORT;
+                }
+              else if (fseeko (stream, nseek, SEEK_CUR) == 0)
+                /* The position of stream has been restored.  */
+                result = -EAFNOSUPPORT;
+              else
+                result = -EIO;
+              break;
+            }
+          /* Don't assume that EOF is sticky. See:
+             <https://sourceware.org/bugzilla/show_bug.cgi?id=19476>.  */
+          if (feof (stream))
+            {
+              result = 0;
+              break;
+            }
+        }
+      if (result == 0 && read (ofd, resblock, hashlen) != hashlen)
+        {
+          if (nseek == 0 || fseeko (stream, nseek, SEEK_CUR) == 0)
+            /* The position of stream has been restored.  */
+            result = -EAFNOSUPPORT;
+          else
+            result = -EIO;
+        }
+    }
+  close (ofd);
+  return result;
+}
+#endif

diff --git a/gl/af_alg.c b/gl/af_alg.c new file mode 100644 index 00000000..9f022ce5 --- /dev/null +++ b/gl/af_alg.c
@@ -0,0 +1,213 @@
	1	/* af_alg.c - Compute message digests from file streams and buffers.
	2	Copyright (C) 2018-2023 Free Software Foundation, Inc.
	3
	4	This file is free software: you can redistribute it and/or modify
	5	it under the terms of the GNU Lesser General Public License as
	6	published by the Free Software Foundation; either version 2.1 of the
	7	License, or (at your option) any later version.
	8
	9	This file is distributed in the hope that it will be useful,
	10	but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	GNU Lesser General Public License for more details.
	13
	14	You should have received a copy of the GNU Lesser General Public License
	15	along with this program. If not, see <https://www.gnu.org/licenses/>. */
	16
	17	/* Written by Matteo Croce <mcroce@redhat.com>, 2018. */
	18
	19	#include <config.h>
	20
	21	#include "af_alg.h"
	22
	23	#if USE_LINUX_CRYPTO_API
	24
	25	#include <unistd.h>
	26	#include <string.h>
	27	#include <stdio.h>
	28	#include <errno.h>
	29	#include <linux/if_alg.h>
	30	#include <sys/stat.h>
	31	#include <sys/sendfile.h>
	32	#include <sys/socket.h>
	33
	34	#include "sys-limits.h"
	35
	36	#define BLOCKSIZE 32768
	37
	38	/* Return a newly created socket for ALG.
	39	On error, return a negative error number. */
	40	static int
	41	alg_socket (char const *alg)
	42	{
	43	struct sockaddr_alg salg = {
	44	.salg_family = AF_ALG,
	45	.salg_type = "hash",
	46	};
	47	/* Copy alg into salg.salg_name, without calling strcpy nor strlen. */
	48	for (size_t i = 0; (salg.salg_name[i] = alg[i]) != '\0'; i++)
	49	if (i == sizeof salg.salg_name - 1)
	50	/* alg is too long. */
	51	return -EINVAL;
	52
	53	int cfd = socket (AF_ALG, SOCK_SEQPACKET \| SOCK_CLOEXEC, 0);
	54	if (cfd < 0)
	55	return -EAFNOSUPPORT;
	56	int ofd = (bind (cfd, (struct sockaddr *) &salg, sizeof salg) == 0
	57	? accept4 (cfd, NULL, 0, SOCK_CLOEXEC)
	58	: -1);
	59	close (cfd);
	60	return ofd < 0 ? -EAFNOSUPPORT : ofd;
	61	}
	62
	63	int
	64	afalg_buffer (const char buffer, size_t len, const char alg,
	65	void *resblock, ssize_t hashlen)
	66	{
	67	/* On Linux < 4.9, the value for an empty stream is wrong (all zeroes).
	68	See <https://patchwork.kernel.org/patch/9308641/>.
	69	This was not fixed properly until November 2016,
	70	see <https://patchwork.kernel.org/patch/9434741/>. */
	71	if (len == 0)
	72	return -EAFNOSUPPORT;
	73
	74	int ofd = alg_socket (alg);
	75	if (ofd < 0)
	76	return ofd;
	77
	78	int result;
	79
	80	for (;;)
	81	{
	82	ssize_t size = (len > BLOCKSIZE ? BLOCKSIZE : len);
	83	if (send (ofd, buffer, size, MSG_MORE) != size)
	84	{
	85	result = -EAFNOSUPPORT;
	86	break;
	87	}
	88	buffer += size;
	89	len -= size;
	90	if (len == 0)
	91	{
	92	result = read (ofd, resblock, hashlen) == hashlen ? 0 : -EAFNOSUPPORT;
	93	break;
	94	}
	95	}
	96
	97	close (ofd);
	98	return result;
	99	}
	100
	101	int
	102	afalg_stream (FILE stream, const char alg,
	103	void *resblock, ssize_t hashlen)
	104	{
	105	int ofd = alg_socket (alg);
	106	if (ofd < 0)
	107	return ofd;
	108
	109	/* If STREAM's size is known and nonzero and not too large, attempt
	110	sendfile to pipe the data. The nonzero restriction avoids issues
	111	with /proc files that pretend to be empty, and lets the classic
	112	read-write loop work around an empty-input bug noted below. */
	113	int fd = fileno (stream);
	114	int result;
	115	struct stat st;
	116	off_t off = ftello (stream);
	117	if (0 <= off && fstat (fd, &st) == 0
	118	&& (S_ISREG (st.st_mode) \|\| S_TYPEISSHM (&st) \|\| S_TYPEISTMO (&st))
	119	&& off < st.st_size && st.st_size - off < SYS_BUFSIZE_MAX)
	120	{
	121	/* Make sure the offset of fileno (stream) reflects how many bytes
	122	have been read from stream before this function got invoked.
	123	Note: fflush on an input stream after ungetc does not work as expected
	124	on some platforms. Therefore this situation is not supported here. */
	125	if (fflush (stream))
	126	result = -EIO;
	127	else
	128	{
	129	off_t nbytes = st.st_size - off;
	130	if (sendfile (ofd, fd, &off, nbytes) == nbytes)
	131	{
	132	if (read (ofd, resblock, hashlen) == hashlen)
	133	{
	134	/* The input buffers of stream are no longer valid. */
	135	if (lseek (fd, off, SEEK_SET) != (off_t)-1)
	136	result = 0;
	137	else
	138	/* The file position of fd has not changed. */
	139	result = -EAFNOSUPPORT;
	140	}
	141	else
	142	/* The file position of fd has not changed. */
	143	result = -EAFNOSUPPORT;
	144	}
	145	else
	146	/* The file position of fd has not changed. */
	147	result = -EAFNOSUPPORT;
	148	}
	149	}
	150	else
	151	{
	152	/* sendfile not possible, do a classic read-write loop. */
	153
	154	/* Number of bytes to seek (backwards) in case of error. */
	155	off_t nseek = 0;
	156
	157	for (;;)
	158	{
	159	char buf[BLOCKSIZE];
	160	/* When the stream is not seekable, start with a single-byte block,
	161	so that we can use ungetc() in the case that send() fails. */
	162	size_t blocksize = (nseek == 0 && off < 0 ? 1 : BLOCKSIZE);
	163	ssize_t size = fread (buf, 1, blocksize, stream);
	164	if (size == 0)
	165	{
	166	/* On Linux < 4.9, the value for an empty stream is wrong (all 0).
	167	See <https://patchwork.kernel.org/patch/9308641/>.
	168	This was not fixed properly until November 2016,
	169	see <https://patchwork.kernel.org/patch/9434741/>. */
	170	result = ferror (stream) ? -EIO : nseek == 0 ? -EAFNOSUPPORT : 0;
	171	break;
	172	}
	173	nseek -= size;
	174	if (send (ofd, buf, size, MSG_MORE) != size)
	175	{
	176	if (nseek == -1)
	177	{
	178	/* 1 byte of pushback buffer is guaranteed on stream, even
	179	if stream is not seekable. */
	180	ungetc ((unsigned char) buf[0], stream);
	181	result = -EAFNOSUPPORT;
	182	}
	183	else if (fseeko (stream, nseek, SEEK_CUR) == 0)
	184	/* The position of stream has been restored. */
	185	result = -EAFNOSUPPORT;
	186	else
	187	result = -EIO;
	188	break;
	189	}
	190
	191	/* Don't assume that EOF is sticky. See:
	192	<https://sourceware.org/bugzilla/show_bug.cgi?id=19476>. */
	193	if (feof (stream))
	194	{
	195	result = 0;
	196	break;
	197	}
	198	}
	199
	200	if (result == 0 && read (ofd, resblock, hashlen) != hashlen)
	201	{
	202	if (nseek == 0 \|\| fseeko (stream, nseek, SEEK_CUR) == 0)
	203	/* The position of stream has been restored. */
	204	result = -EAFNOSUPPORT;
	205	else
	206	result = -EIO;
	207	}
	208	}
	209	close (ofd);
	210	return result;
	211	}
	212
	213	#endif