From 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 23 Sep 2016 13:33:01 +0200
Subject: journal: fix HMAC calculation when appending a data object

Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
calculation of the HMAC is broken because the hash for a data object
including a field is done in the wrong order: the field object is
hashed before the data object is.

However during verification, the hash is done in the opposite order as
objects are scanned sequentially.
---
 src/journal/journal-file.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'src/journal/journal-file.c')

diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index f6f58a1ae3..349ef74e81 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -1374,6 +1374,12 @@ static int journal_file_append_data(
         if (r < 0)
                 return r;
 
+#ifdef HAVE_GCRYPT
+        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
+        if (r < 0)
+                return r;
+#endif
+
         /* The linking might have altered the window, so let's
          * refresh our pointer */
         r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
@@ -1398,12 +1404,6 @@ static int journal_file_append_data(
                 fo->field.head_data_offset = le64toh(p);
         }
 
-#ifdef HAVE_GCRYPT
-        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
-        if (r < 0)
-                return r;
-#endif
-
         if (ret)
                 *ret = o;
 
-- 
cgit v1.2.3-54-g00ecf