diff options
author | Franck Bui <fbui@suse.com> | 2016-09-23 13:33:01 +0200 |
---|---|---|
committer | Franck Bui <fbui@suse.com> | 2016-09-23 14:59:51 +0200 |
commit | 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a (patch) | |
tree | e02807ff1130ab0b41d50398695b088a6a6e7181 /src/journal | |
parent | 43cd8794839548a6f332875e8bee8bed2652bf2c (diff) |
journal: fix HMAC calculation when appending a data object
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
calculation of the HMAC is broken because the hash for a data object
including a field is done in the wrong order: the field object is
hashed before the data object is.
However during verification, the hash is done in the opposite order as
objects are scanned sequentially.
Diffstat (limited to 'src/journal')
-rw-r--r-- | src/journal/journal-file.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index f6f58a1ae3..349ef74e81 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -1374,6 +1374,12 @@ static int journal_file_append_data( if (r < 0) return r; +#ifdef HAVE_GCRYPT + r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); + if (r < 0) + return r; +#endif + /* The linking might have altered the window, so let's * refresh our pointer */ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); @@ -1398,12 +1404,6 @@ static int journal_file_append_data( fo->field.head_data_offset = le64toh(p); } -#ifdef HAVE_GCRYPT - r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); - if (r < 0) - return r; -#endif - if (ret) *ret = o; |