diff options
Diffstat (limited to 'src/journal')
-rw-r--r-- | src/journal/journal-authenticate.c | 20 | ||||
-rw-r--r-- | src/journal/journal-authenticate.h | 2 | ||||
-rw-r--r-- | src/journal/journal-file.c | 16 | ||||
-rw-r--r-- | src/journal/journal-verify.c | 2 |
4 files changed, 22 insertions, 18 deletions
diff --git a/src/journal/journal-authenticate.c b/src/journal/journal-authenticate.c index 593bf7eb2a..674f81218f 100644 --- a/src/journal/journal-authenticate.c +++ b/src/journal/journal-authenticate.c @@ -66,7 +66,7 @@ int journal_file_append_tag(JournalFile *f) { /* Add the tag object itself, so that we can protect its * header. This will exclude the actual hash value in it */ - r = journal_file_hmac_put_object(f, OBJECT_TAG, p); + r = journal_file_hmac_put_object(f, OBJECT_TAG, o, p); if (r < 0) return r; @@ -229,9 +229,8 @@ int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) { return 0; } -int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) { +int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p) { int r; - Object *o; assert(f); @@ -242,9 +241,14 @@ int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) { if (r < 0) return r; - r = journal_file_move_to_object(f, type, p, &o); - if (r < 0) - return r; + if (!o) { + r = journal_file_move_to_object(f, type, p, &o); + if (r < 0) + return r; + } else { + if (type >= 0 && o->object.type != type) + return -EBADMSG; + } gcry_md_write(f->hmac, o, offsetof(ObjectHeader, payload)); @@ -460,7 +464,7 @@ int journal_file_append_first_tag(JournalFile *f) { return -EINVAL; p -= offsetof(Object, hash_table.items); - r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, p); + r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, NULL, p); if (r < 0) return r; @@ -469,7 +473,7 @@ int journal_file_append_first_tag(JournalFile *f) { return -EINVAL; p -= offsetof(Object, hash_table.items); - r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, p); + r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, NULL, p); if (r < 0) return r; diff --git a/src/journal/journal-authenticate.h b/src/journal/journal-authenticate.h index 3586464d1e..0aaf836721 100644 --- a/src/journal/journal-authenticate.h +++ b/src/journal/journal-authenticate.h @@ -33,7 +33,7 @@ int journal_file_append_first_tag(JournalFile *f); int journal_file_hmac_setup(JournalFile *f); int journal_file_hmac_start(JournalFile *f); int journal_file_hmac_put_header(JournalFile *f); -int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p); +int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p); int journal_file_fss_load(JournalFile *f); int journal_file_parse_verification_key(JournalFile *f, const char *key); diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 8016852b91..e55162ab2c 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -775,18 +775,18 @@ static int journal_file_append_data( if (r < 0) return r; -#ifdef HAVE_GCRYPT - r = journal_file_hmac_put_object(f, OBJECT_DATA, p); - if (r < 0) - return r; -#endif - /* The linking might have altered the window, so let's * refresh our pointer */ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); if (r < 0) return r; +#ifdef HAVE_GCRYPT + r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); + if (r < 0) + return r; +#endif + if (ret) *ret = o; @@ -866,7 +866,7 @@ static int link_entry_into_array(JournalFile *f, return r; #ifdef HAVE_GCRYPT - r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, q); + r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, o, q); if (r < 0) return r; #endif @@ -1012,7 +1012,7 @@ static int journal_file_append_entry_internal( o->entry.boot_id = f->header->boot_id; #ifdef HAVE_GCRYPT - r = journal_file_hmac_put_object(f, OBJECT_ENTRY, np); + r = journal_file_hmac_put_object(f, OBJECT_ENTRY, o, np); if (r < 0) return r; #endif diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c index 5d134bdb97..629b2389bc 100644 --- a/src/journal/journal-verify.c +++ b/src/journal/journal-verify.c @@ -959,7 +959,7 @@ int journal_file_verify( if (r < 0) goto fail; - r = journal_file_hmac_put_object(f, -1, q); + r = journal_file_hmac_put_object(f, -1, o, q); if (r < 0) goto fail; |