diff options
author | Sami Kerola <kerolasa@iki.fi> | 2019-03-22 22:05:46 +0000 |
---|---|---|
committer | Sami Kerola <kerolasa@iki.fi> | 2019-03-22 22:05:46 +0000 |
commit | abf42523fe0ecb6202357ffedaaa5a0c90a5f736 (patch) | |
tree | cb11ccc943748eb4c5c29ce133cd4ba9352988f7 | |
parent | cab98aac8cdaa79ffa61a00360e63523df4f73cf (diff) | |
download | iputils-abf42523fe0ecb6202357ffedaaa5a0c90a5f736.tar.gz |
common: add Linux kernel Crypto API support to iputils_md5dig
Useful when everything else fails, for example as when I am buildling with
musl and crypto library support is none-existing making it impossible to
test ninfod build.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
-rw-r--r-- | iputils_md5dig.h | 59 | ||||
-rw-r--r-- | meson.build | 19 | ||||
-rw-r--r-- | meson_options.txt | 4 | ||||
-rw-r--r-- | ninfod/ninfod_name.c | 2 | ||||
-rw-r--r-- | ping6_common.c | 2 |
5 files changed, 73 insertions, 13 deletions
diff --git a/iputils_md5dig.h b/iputils_md5dig.h index 33aba44..bfa7f02 100644 --- a/iputils_md5dig.h +++ b/iputils_md5dig.h @@ -7,8 +7,16 @@ # define IPUTILS_MD5DIG_LEN 16 #elif defined(USE_NETTLE) # include <nettle/md5.h> -#else +#elif defined(USE_OPENSSL) # include <openssl/md5.h> +#elif defined(USE_KERNEL_CRYPTO_API) +# define IPUTILS_MD5DIG_LEN 16 +# include <errno.h> +# include <linux/if_alg.h> +# include <sys/socket.h> +# include <sys/types.h> +# include <unistd.h> +# include "iputils_common.h" #endif #if defined(USE_GCRYPT) @@ -80,6 +88,55 @@ static void iputils_md5dig_final(unsigned char *digest, # define MD5_Init iputils_md5dig_init # define MD5_Update iputils_md5dig_update # define MD5_Final iputils_md5dig_final +#elif defined(USE_KERNEL_CRYPTO_API) +typedef struct { + int bind_sock; + int comm_sock; +} iputils_md5dig_ctx; + +static void iputils_md5dig_init(iputils_md5dig_ctx *const ctx) +{ + const struct sockaddr_alg sa = { + .salg_family = AF_ALG, + .salg_type = "hash", + .salg_name = "md5" + }; + + ctx->comm_sock = -1; + if ((ctx->bind_sock = socket(AF_ALG, SOCK_SEQPACKET, 0)) < 0) + return; + if (bind(ctx->bind_sock, (struct sockaddr *)&sa, sizeof(sa)) < 0) + return; + ctx->comm_sock = accept(ctx->bind_sock, NULL, 0); + return; +} + +static void iputils_md5dig_update(iputils_md5dig_ctx *ctx, + void const *const buf, const int len) +{ + if (ctx->comm_sock < 0) + return; + if (write(ctx->comm_sock, buf, len) != len) + error(0, errno, "write to AF_ALG socket failed"); + return; +} + +static void iputils_md5dig_final(unsigned char *digest, + iputils_md5dig_ctx const *const ctx) +{ + if (ctx->comm_sock < 0) + return; + if (read(ctx->comm_sock, digest, IPUTILS_MD5DIG_LEN) != IPUTILS_MD5DIG_LEN) + error(0, errno, "read from AF_ALG socket failed"); + close(ctx->comm_sock); + close(ctx->bind_sock); +} + +# define MD5_DIGEST_LENGTH IPUTILS_MD5DIG_LEN +# define MD5_CTX iputils_md5dig_ctx +# define MD5_Init iputils_md5dig_init +# define MD5_Update iputils_md5dig_update +# define MD5_Final iputils_md5dig_final #endif #endif diff --git a/meson.build b/meson.build index 7e03f90..9fc2cd7 100644 --- a/meson.build +++ b/meson.build @@ -99,17 +99,20 @@ else idn_dep = dependency('disabler-appears-to-disable-executable-build', required : false) endif -opt = get_option('USE_CRYPTO') -if opt == 'nettle' +crypto = get_option('USE_CRYPTO') +if crypto == 'nettle' crypto_dep = dependency('nettle') conf.set('USE_NETTLE', 1, description : 'If set use nettle crypto library.') -elif opt == 'gcrypt' +elif crypto == 'gcrypt' crypto_dep = cc.find_library('gcrypt') conf.set('USE_GCRYPT', 1, description : 'If set use gcrypt crypto library.') -elif opt == 'openssl' +elif crypto == 'openssl' crypto_dep = dependency('openssl') conf.set('USE_OPENSSL', 1, description : 'if set use openssl crypto library.') -elif opt == 'none' +elif crypto == 'kernel' + crypto_dep = dependency('disabler-appears-to-disable-executable-build', required : false) + conf.set('USE_KERNEL_CRYPTO_API', 1, description : 'if set use Linux kernel Crypto API.') +elif crypto == 'none' crypto_dep = dependency('disabler-appears-to-disable-executable-build', required : false) conf.set('PING6_NONCE_MEMORY', 1, description : 'If set RFC6744 random does not use any CRYPTO lib.') @@ -142,6 +145,9 @@ endif build_ninfod = get_option('BUILD_NINFOD') if build_ninfod == true + if crypto == 'none' + error('BUILD_NINFOD=true and USE_CRYPTO=none cannot be combined') + endif if cc.has_header('stdio.h') and cc.has_header('stdlib.h') and cc.has_header('stddef.h') conf.set('STDC_HEADERS', 1, description : 'Defined if we have standard c headers.') endif @@ -326,9 +332,6 @@ if build_rarpd == true endif if build_ninfod == true - if not crypto_dep.found() - error('BUILD_NINFOD=true and USE_CRYPTO=none cannot be combined') - endif subdir ('ninfod') endif diff --git a/meson_options.txt b/meson_options.txt index 86fe0b2..d99e9d6 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -5,8 +5,8 @@ option('USE_IDN', type : 'boolean', value : true, description : 'IDN support (with libidn2)') option('USE_CRYPTO', type : 'combo', - choices : [ 'none', 'gcrypt', 'nettle', 'openssl' ], value : 'openssl', - description: 'Crypto library support for ping6') + choices : [ 'none', 'gcrypt', 'nettle', 'openssl', 'kernel' ], value : 'openssl', + description: 'Crypto library support') option('BUILD_ARPING', type : 'boolean', value : true, description : 'Build arping') diff --git a/ninfod/ninfod_name.c b/ninfod/ninfod_name.c index a70767c..d9d616e 100644 --- a/ninfod/ninfod_name.c +++ b/ninfod/ninfod_name.c @@ -95,7 +95,7 @@ #include <arpa/inet.h> -#if defined(HAVE_GCRYPT_H) +#if defined(HAVE_GCRYPT_H) || defined(USE_KERNEL_CRYPTO_API) # include "iputils_md5dig.h" #elif defined(HAVE_GNUTLS_OPENSSL_H) # include <gnutls/openssl.h> diff --git a/ping6_common.c b/ping6_common.c index 3b846fe..9de3ecf 100644 --- a/ping6_common.c +++ b/ping6_common.c @@ -84,7 +84,7 @@ static int pr_icmph(uint8_t type, uint8_t code, uint32_t info); struct sockaddr_in6 source6 = { .sin6_family = AF_INET6 }; extern char *device; -#if defined(USE_GCRYPT) || defined(USE_OPENSSL) || defined(USE_NETTLE) +#if defined(USE_GCRYPT) || defined(USE_OPENSSL) || defined(USE_NETTLE) || defined(USE_KERNEL_CRYPTO_API) #include "iputils_md5dig.h" #define USE_CRYPTO #endif |