Check and forward syscall errors in AF_ALG
authorMartin Willi <martin@revosec.ch>
Mon, 9 Jul 2012 15:55:52 +0000 (17:55 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:55:07 +0000 (14:55 +0200)
src/libstrongswan/plugins/af_alg/af_alg_crypter.c
src/libstrongswan/plugins/af_alg/af_alg_hasher.c
src/libstrongswan/plugins/af_alg/af_alg_ops.c
src/libstrongswan/plugins/af_alg/af_alg_ops.h
src/libstrongswan/plugins/af_alg/af_alg_prf.c
src/libstrongswan/plugins/af_alg/af_alg_signer.c

index ed268c0..5d0976d 100644 (file)
@@ -137,13 +137,9 @@ METHOD(crypter_t, decrypt, bool,
        if (dst)
        {
                *dst = chunk_alloc(data.len);
-               this->ops->crypt(this->ops, ALG_OP_DECRYPT, iv, data, dst->ptr);
+               return this->ops->crypt(this->ops, ALG_OP_DECRYPT, iv, data, dst->ptr);
        }
-       else
-       {
-               this->ops->crypt(this->ops, ALG_OP_DECRYPT, iv, data, data.ptr);
-       }
-       return TRUE;
+       return this->ops->crypt(this->ops, ALG_OP_DECRYPT, iv, data, data.ptr);
 }
 
 METHOD(crypter_t, encrypt, bool,
@@ -152,13 +148,9 @@ METHOD(crypter_t, encrypt, bool,
        if (dst)
        {
                *dst = chunk_alloc(data.len);
-               this->ops->crypt(this->ops, ALG_OP_ENCRYPT, iv, data, dst->ptr);
-       }
-       else
-       {
-               this->ops->crypt(this->ops, ALG_OP_ENCRYPT, iv, data, data.ptr);
+               return this->ops->crypt(this->ops, ALG_OP_ENCRYPT, iv, data, dst->ptr);
        }
-       return TRUE;
+       return this->ops->crypt(this->ops, ALG_OP_ENCRYPT, iv, data, data.ptr);
 }
 
 METHOD(crypter_t, get_block_size, size_t,
@@ -182,8 +174,7 @@ METHOD(crypter_t, get_key_size, size_t,
 METHOD(crypter_t, set_key, bool,
        private_af_alg_crypter_t *this, chunk_t key)
 {
-       this->ops->set_key(this->ops, key);
-       return TRUE;
+       return this->ops->set_key(this->ops, key);
 }
 
 METHOD(crypter_t, destroy, void,
index de3fbaa..47a6e5e 100644 (file)
@@ -109,8 +109,7 @@ METHOD(hasher_t, reset, bool,
 METHOD(hasher_t, get_hash, bool,
        private_af_alg_hasher_t *this, chunk_t chunk, u_int8_t *hash)
 {
-       this->ops->hash(this->ops, chunk, hash, this->size);
-       return TRUE;
+       return this->ops->hash(this->ops, chunk, hash, this->size);
 }
 
 METHOD(hasher_t, allocate_hash, bool,
index a7b5de2..7fe47c5 100644 (file)
@@ -54,7 +54,7 @@ METHOD(af_alg_ops_t, reset, void,
        }
 }
 
-METHOD(af_alg_ops_t, hash, void,
+METHOD(af_alg_ops_t, hash, bool,
        private_af_alg_ops_t *this, chunk_t data, char *out, size_t outlen)
 {
        ssize_t len;
@@ -62,39 +62,52 @@ METHOD(af_alg_ops_t, hash, void,
        while (this->op == -1)
        {
                this->op = accept(this->tfm, NULL, 0);
-               if (this->op == -1)
+               if (this->op == -1 && errno != EINTR)
                {
                        DBG1(DBG_LIB, "opening AF_ALG hasher failed: %s", strerror(errno));
-                       sleep(1);
+                       return FALSE;
                }
        }
+
        do
        {
                len = send(this->op, data.ptr, data.len, out ? 0 : MSG_MORE);
                if (len == -1)
                {
+                       if (errno == EINTR)
+                       {
+                               continue;
+                       }
                        DBG1(DBG_LIB, "writing to AF_ALG hasher failed: %s", strerror(errno));
-                       sleep(1);
-               }
-               else
-               {
-                       data = chunk_skip(data, len);
+                       return FALSE;
                }
+               data = chunk_skip(data, len);
        }
        while (data.len);
 
        if (out)
        {
-               while (read(this->op, out, outlen) != outlen)
+               while (outlen)
                {
-                       DBG1(DBG_LIB, "reading AF_ALG hasher failed: %s", strerror(errno));
-                       sleep(1);
+                       len = read(this->op, out, outlen);
+                       if (len == -1)
+                       {
+                               if (errno == EINTR)
+                               {
+                                       continue;
+                               }
+                               DBG1(DBG_LIB, "reading AF_ALG hasher failed: %s", strerror(errno));
+                               return FALSE;
+                       }
+                       outlen -= len;
+                       out += len;
                }
                reset(this);
        }
+       return TRUE;
 }
 
-METHOD(af_alg_ops_t, crypt, void,
+METHOD(af_alg_ops_t, crypt, bool,
        private_af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data,
        char *out)
 {
@@ -107,11 +120,16 @@ METHOD(af_alg_ops_t, crypt, void,
        ssize_t len;
        int op;
 
-       while ((op = accept(this->tfm, NULL, 0)) == -1)
+       do
        {
-               DBG1(DBG_LIB, "accepting AF_ALG crypter failed: %s", strerror(errno));
-               sleep(1);
+               op = accept(this->tfm, NULL, 0);
+               if (op == -1 && errno != EINTR)
+               {
+                       DBG1(DBG_LIB, "accepting AF_ALG crypter failed: %s", strerror(errno));
+                       return FALSE;
+               }
        }
+       while (op == -1);
 
        memset(buf, 0, sizeof(buf));
 
@@ -143,30 +161,39 @@ METHOD(af_alg_ops_t, crypt, void,
                len = sendmsg(op, &msg, 0);
                if (len == -1)
                {
-                       DBG1(DBG_LIB, "writing to AF_ALG crypter failed: %s",
-                                strerror(errno));
-                       sleep(1);
-                       continue;
+                       if (errno == EINTR)
+                       {
+                               continue;
+                       }
+                       DBG1(DBG_LIB, "writing to AF_ALG crypter failed: %s", strerror(errno));
+                       return FALSE;
                }
-               if (read(op, out, len) != len)
+               while (read(op, out, len) != len)
                {
-                       DBG1(DBG_LIB, "reading from AF_ALG crypter failed: %s",
-                                strerror(errno));
+                       if (errno != EINTR)
+                       {
+                               DBG1(DBG_LIB, "reading from AF_ALG crypter failed: %s",
+                                        strerror(errno));
+                               return FALSE;
+                       }
                }
                data = chunk_skip(data, len);
                /* no IV for subsequent data chunks */
                msg.msg_controllen = 0;
        }
        close(op);
+       return TRUE;
 }
 
-METHOD(af_alg_ops_t, set_key, void,
+METHOD(af_alg_ops_t, set_key, bool,
        private_af_alg_ops_t *this, chunk_t key)
 {
        if (setsockopt(this->tfm, SOL_ALG, ALG_SET_KEY, key.ptr, key.len) == -1)
        {
                DBG1(DBG_LIB, "setting AF_ALG key failed: %s", strerror(errno));
+               return FALSE;
        }
+       return TRUE;
 }
 
 METHOD(af_alg_ops_t, destroy, void,
index ad16402..e34f229 100644 (file)
@@ -46,8 +46,9 @@ struct af_alg_ops_t {
         * @param data          data to hash
         * @param out           buffer to write hash to, NULL for append mode
         * @param outlen        number of bytes to read into out
+        * @return                      TRUE if successful
         */
-       void (*hash)(af_alg_ops_t *this, chunk_t data, char *out, size_t outlen);
+       bool (*hash)(af_alg_ops_t *this, chunk_t data, char *out, size_t outlen);
 
        /**
         * Reset hasher state.
@@ -61,16 +62,18 @@ struct af_alg_ops_t {
         * @param iv            iv to use
         * @param data          data to encrypt/decrypt
         * @param out           buffer write processed data to
+        * @return                      TRUE if successful
         */
-       void (*crypt)(af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data,
+       bool (*crypt)(af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data,
                                  char *out);
 
        /**
         * Set the key for en-/decryption or HMAC/XCBC operations.
         *
         * @param key           key to set for transform
+        * @return                      TRUE if successful
         */
-       void (*set_key)(af_alg_ops_t *this, chunk_t key);
+       bool (*set_key)(af_alg_ops_t *this, chunk_t key);
 
        /**
         * Destroy a af_alg_ops_t.
index f426e5d..720738a 100644 (file)
@@ -108,8 +108,7 @@ static size_t lookup_alg(pseudo_random_function_t algo, char **name, bool *xcbc)
 METHOD(prf_t, get_bytes, bool,
        private_af_alg_prf_t *this, chunk_t seed, u_int8_t *buffer)
 {
-       this->ops->hash(this->ops, seed, buffer, this->block_size);
-       return TRUE;
+       return this->ops->hash(this->ops, seed, buffer, this->block_size);
 }
 
 METHOD(prf_t, allocate_bytes, bool,
@@ -153,13 +152,15 @@ METHOD(prf_t, set_key, bool,
                else if (key.len > this->block_size)
                {
                        memset(buf, 0, this->block_size);
-                       this->ops->set_key(this->ops, chunk_from_thing(buf));
-                       this->ops->hash(this->ops, key, buf, this->block_size);
+                       if (!this->ops->set_key(this->ops, chunk_from_thing(buf)) ||
+                               !this->ops->hash(this->ops, key, buf, this->block_size))
+                       {
+                               return FALSE;
+                       }
                        key = chunk_from_thing(buf);
                }
        }
-       this->ops->set_key(this->ops, key);
-       return TRUE;
+       return this->ops->set_key(this->ops, key);
 }
 
 METHOD(prf_t, destroy, void,
index 9d32b49..d995b13 100644 (file)
@@ -110,8 +110,7 @@ static size_t lookup_alg(integrity_algorithm_t algo, char **name,
 METHOD(signer_t, get_signature, bool,
        private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer)
 {
-       this->ops->hash(this->ops, data, buffer, this->block_size);
-       return TRUE;
+       return this->ops->hash(this->ops, data, buffer, this->block_size);
 }
 
 METHOD(signer_t, allocate_signature, bool,
@@ -156,8 +155,7 @@ METHOD(signer_t, get_block_size, size_t,
 METHOD(signer_t, set_key, bool,
        private_af_alg_signer_t *this, chunk_t key)
 {
-       this->ops->set_key(this->ops, key);
-       return TRUE;
+       return this->ops->set_key(this->ops, key);
 }
 
 METHOD(signer_t, destroy, void,