common: add Linux kernel Crypto API support to iputils_md5dig

Useful when everything else fails, for example as when I am buildling with
musl and crypto library support is none-existing making it impossible to
test ninfod build.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>

5 files changed, 73 insertions, 13 deletions

diff --git a/iputils_md5dig.h b/iputils_md5dig.h
index 33aba44..bfa7f02 100644
--- a/iputils_md5dig.h
+++ b/iputils_md5dig.h
@@ -7,8 +7,16 @@
 # define IPUTILS_MD5DIG_LEN	16
 #elif defined(USE_NETTLE)
 # include <nettle/md5.h>
-#else
+#elif defined(USE_OPENSSL)
 # include <openssl/md5.h>
+#elif defined(USE_KERNEL_CRYPTO_API)
+# define IPUTILS_MD5DIG_LEN	16
+# include <errno.h>
+# include <linux/if_alg.h>
+# include <sys/socket.h>
+# include <sys/types.h>
+# include <unistd.h>
+# include "iputils_common.h"
 #endif
 
 #if defined(USE_GCRYPT)
@@ -80,6 +88,55 @@ static void iputils_md5dig_final(unsigned char *digest,
 # define MD5_Init		iputils_md5dig_init
 # define MD5_Update		iputils_md5dig_update
 # define MD5_Final		iputils_md5dig_final
+#elif defined(USE_KERNEL_CRYPTO_API)
+typedef struct {
+	int bind_sock;
+	int comm_sock;
+} iputils_md5dig_ctx;
+
+static void iputils_md5dig_init(iputils_md5dig_ctx *const ctx)
+{
+	const struct sockaddr_alg sa = {
+		.salg_family = AF_ALG,
+		.salg_type = "hash",
+		.salg_name = "md5"
+	};
+
+	ctx->comm_sock = -1;
+	if ((ctx->bind_sock = socket(AF_ALG, SOCK_SEQPACKET, 0)) < 0)
+		return;
+	if (bind(ctx->bind_sock, (struct sockaddr *)&sa, sizeof(sa)) < 0)
+		return;
+	ctx->comm_sock = accept(ctx->bind_sock, NULL, 0);
+	return;
+}
+
+static void iputils_md5dig_update(iputils_md5dig_ctx *ctx,
+				  void const *const buf, const int len)
+{
+	if (ctx->comm_sock < 0)
+		return;
+	if (write(ctx->comm_sock, buf, len) != len)
+		error(0, errno, "write to AF_ALG socket failed");
+	return;
+}
+
+static void iputils_md5dig_final(unsigned char *digest,
+				 iputils_md5dig_ctx const *const ctx)
+{
+	if (ctx->comm_sock < 0)
+		return;
+	if (read(ctx->comm_sock, digest, IPUTILS_MD5DIG_LEN) != IPUTILS_MD5DIG_LEN)
+		error(0, errno, "read from AF_ALG socket failed");
+	close(ctx->comm_sock);
+	close(ctx->bind_sock);
+}
+
+# define MD5_DIGEST_LENGTH	IPUTILS_MD5DIG_LEN
+# define MD5_CTX		iputils_md5dig_ctx
+# define MD5_Init		iputils_md5dig_init
+# define MD5_Update		iputils_md5dig_update
+# define MD5_Final		iputils_md5dig_final
 #endif
 
 #endif
diff --git a/meson.build b/meson.build
index 7e03f90..9fc2cd7 100644
--- a/meson.build
+++ b/meson.build
@@ -99,17 +99,20 @@ else
 	idn_dep = dependency('disabler-appears-to-disable-executable-build', required : false)
 endif
 
-opt = get_option('USE_CRYPTO')
-if opt == 'nettle'
+crypto = get_option('USE_CRYPTO')
+if crypto == 'nettle'
 	crypto_dep = dependency('nettle')
 	conf.set('USE_NETTLE', 1, description : 'If set use nettle crypto library.')
-elif opt == 'gcrypt'
+elif crypto == 'gcrypt'
 	crypto_dep = cc.find_library('gcrypt')
 	conf.set('USE_GCRYPT', 1, description : 'If set use gcrypt crypto library.')
-elif opt == 'openssl'
+elif crypto == 'openssl'
 	crypto_dep = dependency('openssl')
 	conf.set('USE_OPENSSL', 1, description : 'if set use openssl crypto library.')
-elif opt == 'none'
+elif crypto == 'kernel'
+	crypto_dep = dependency('disabler-appears-to-disable-executable-build', required : false)
+	conf.set('USE_KERNEL_CRYPTO_API', 1, description : 'if set use Linux kernel Crypto API.')
+elif crypto == 'none'
 	crypto_dep = dependency('disabler-appears-to-disable-executable-build', required : false)
 	conf.set('PING6_NONCE_MEMORY', 1,
 		description : 'If set RFC6744 random does not use any CRYPTO lib.')
@@ -142,6 +145,9 @@ endif
 
 build_ninfod = get_option('BUILD_NINFOD')
 if build_ninfod == true
+	if crypto == 'none'
+		error('BUILD_NINFOD=true and USE_CRYPTO=none cannot be combined')
+	endif
 	if cc.has_header('stdio.h') and cc.has_header('stdlib.h') and cc.has_header('stddef.h')
 		conf.set('STDC_HEADERS', 1, description : 'Defined if we have standard c headers.')
 	endif
@@ -326,9 +332,6 @@ if build_rarpd == true
 endif
 
 if build_ninfod == true
-	if not crypto_dep.found()
-		error('BUILD_NINFOD=true and USE_CRYPTO=none cannot be combined')
-	endif
 	subdir ('ninfod')
 endif
 
diff --git a/meson_options.txt b/meson_options.txt
index 86fe0b2..d99e9d6 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -5,8 +5,8 @@ option('USE_IDN', type : 'boolean', value : true,
 	description : 'IDN support (with libidn2)')
 
 option('USE_CRYPTO', type : 'combo',
-	choices : [ 'none', 'gcrypt', 'nettle', 'openssl' ], value : 'openssl',
-	description: 'Crypto library support for ping6')
+	choices : [ 'none', 'gcrypt', 'nettle', 'openssl', 'kernel' ], value : 'openssl',
+	description: 'Crypto library support')
 
 option('BUILD_ARPING', type : 'boolean', value : true,
         description : 'Build arping')
diff --git a/ninfod/ninfod_name.c b/ninfod/ninfod_name.c
index a70767c..d9d616e 100644
--- a/ninfod/ninfod_name.c
+++ b/ninfod/ninfod_name.c
@@ -95,7 +95,7 @@
 
 #include <arpa/inet.h>
 
-#if defined(HAVE_GCRYPT_H)
+#if defined(HAVE_GCRYPT_H) || defined(USE_KERNEL_CRYPTO_API)
 # include "iputils_md5dig.h"
 #elif defined(HAVE_GNUTLS_OPENSSL_H)
 # include <gnutls/openssl.h>
diff --git a/ping6_common.c b/ping6_common.c
index 3b846fe..9de3ecf 100644
--- a/ping6_common.c
+++ b/ping6_common.c
@@ -84,7 +84,7 @@ static int pr_icmph(uint8_t type, uint8_t code, uint32_t info);
 struct sockaddr_in6 source6 = { .sin6_family = AF_INET6 };
 extern char *device;
 
-#if defined(USE_GCRYPT) || defined(USE_OPENSSL) || defined(USE_NETTLE)
+#if defined(USE_GCRYPT) || defined(USE_OPENSSL) || defined(USE_NETTLE) || defined(USE_KERNEL_CRYPTO_API)
 #include "iputils_md5dig.h"
 #define USE_CRYPTO
 #endif