summaryrefslogtreecommitdiff
path: root/src/journal
diff options
context:
space:
mode:
Diffstat (limited to 'src/journal')
-rw-r--r--src/journal/journal-authenticate.c20
-rw-r--r--src/journal/journal-authenticate.h2
-rw-r--r--src/journal/journal-file.c16
-rw-r--r--src/journal/journal-verify.c2
4 files changed, 22 insertions, 18 deletions
diff --git a/src/journal/journal-authenticate.c b/src/journal/journal-authenticate.c
index 593bf7eb2a..674f81218f 100644
--- a/src/journal/journal-authenticate.c
+++ b/src/journal/journal-authenticate.c
@@ -66,7 +66,7 @@ int journal_file_append_tag(JournalFile *f) {
/* Add the tag object itself, so that we can protect its
* header. This will exclude the actual hash value in it */
- r = journal_file_hmac_put_object(f, OBJECT_TAG, p);
+ r = journal_file_hmac_put_object(f, OBJECT_TAG, o, p);
if (r < 0)
return r;
@@ -229,9 +229,8 @@ int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) {
return 0;
}
-int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
+int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p) {
int r;
- Object *o;
assert(f);
@@ -242,9 +241,14 @@ int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
if (r < 0)
return r;
- r = journal_file_move_to_object(f, type, p, &o);
- if (r < 0)
- return r;
+ if (!o) {
+ r = journal_file_move_to_object(f, type, p, &o);
+ if (r < 0)
+ return r;
+ } else {
+ if (type >= 0 && o->object.type != type)
+ return -EBADMSG;
+ }
gcry_md_write(f->hmac, o, offsetof(ObjectHeader, payload));
@@ -460,7 +464,7 @@ int journal_file_append_first_tag(JournalFile *f) {
return -EINVAL;
p -= offsetof(Object, hash_table.items);
- r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, p);
+ r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, NULL, p);
if (r < 0)
return r;
@@ -469,7 +473,7 @@ int journal_file_append_first_tag(JournalFile *f) {
return -EINVAL;
p -= offsetof(Object, hash_table.items);
- r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, p);
+ r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, NULL, p);
if (r < 0)
return r;
diff --git a/src/journal/journal-authenticate.h b/src/journal/journal-authenticate.h
index 3586464d1e..0aaf836721 100644
--- a/src/journal/journal-authenticate.h
+++ b/src/journal/journal-authenticate.h
@@ -33,7 +33,7 @@ int journal_file_append_first_tag(JournalFile *f);
int journal_file_hmac_setup(JournalFile *f);
int journal_file_hmac_start(JournalFile *f);
int journal_file_hmac_put_header(JournalFile *f);
-int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p);
+int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p);
int journal_file_fss_load(JournalFile *f);
int journal_file_parse_verification_key(JournalFile *f, const char *key);
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 8016852b91..e55162ab2c 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -775,18 +775,18 @@ static int journal_file_append_data(
if (r < 0)
return r;
-#ifdef HAVE_GCRYPT
- r = journal_file_hmac_put_object(f, OBJECT_DATA, p);
- if (r < 0)
- return r;
-#endif
-
/* The linking might have altered the window, so let's
* refresh our pointer */
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
if (r < 0)
return r;
+#ifdef HAVE_GCRYPT
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
+ if (r < 0)
+ return r;
+#endif
+
if (ret)
*ret = o;
@@ -866,7 +866,7 @@ static int link_entry_into_array(JournalFile *f,
return r;
#ifdef HAVE_GCRYPT
- r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, q);
+ r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, o, q);
if (r < 0)
return r;
#endif
@@ -1012,7 +1012,7 @@ static int journal_file_append_entry_internal(
o->entry.boot_id = f->header->boot_id;
#ifdef HAVE_GCRYPT
- r = journal_file_hmac_put_object(f, OBJECT_ENTRY, np);
+ r = journal_file_hmac_put_object(f, OBJECT_ENTRY, o, np);
if (r < 0)
return r;
#endif
diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
index 5d134bdb97..629b2389bc 100644
--- a/src/journal/journal-verify.c
+++ b/src/journal/journal-verify.c
@@ -959,7 +959,7 @@ int journal_file_verify(
if (r < 0)
goto fail;
- r = journal_file_hmac_put_object(f, -1, q);
+ r = journal_file_hmac_put_object(f, -1, o, q);
if (r < 0)
goto fail;