|
|
|
From 4f36220ccfe40621cd7df3595568278d7bca4f87 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Franck Bui <fbui@suse.com>
|
|
|
|
Date: Fri, 23 Sep 2016 13:33:01 +0200
|
|
|
|
Subject: [PATCH] journal: fix HMAC calculation when appending a data object
|
|
|
|
|
|
|
|
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
|
|
|
|
calculation of the HMAC is broken because the hash for a data object
|
|
|
|
including a field is done in the wrong order: the field object is
|
|
|
|
hashed before the data object is.
|
|
|
|
|
|
|
|
However during verification, the hash is done in the opposite order as
|
|
|
|
objects are scanned sequentially.
|
|
|
|
|
|
|
|
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
|
|
|
|
---
|
|
|
|
src/journal/journal-file.c | 12 ++++++------
|
|
|
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
|
|
|
index 2bb3a97574..586f620e21 100644
|
|
|
|
--- a/src/journal/journal-file.c
|
|
|
|
+++ b/src/journal/journal-file.c
|
|
|
|
@@ -1099,6 +1099,12 @@ static int journal_file_append_data(
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
+#ifdef HAVE_GCRYPT
|
|
|
|
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
|
|
|
+ if (r < 0)
|
|
|
|
+ return r;
|
|
|
|
+#endif
|
|
|
|
+
|
|
|
|
/* The linking might have altered the window, so let's
|
|
|
|
* refresh our pointer */
|
|
|
|
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
|
|
|
|
@@ -1123,12 +1129,6 @@ static int journal_file_append_data(
|
|
|
|
fo->field.head_data_offset = le64toh(p);
|
|
|
|
}
|
|
|
|
|
|
|
|
-#ifdef HAVE_GCRYPT
|
|
|
|
- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
|
|
|
- if (r < 0)
|
|
|
|
- return r;
|
|
|
|
-#endif
|
|
|
|
-
|
|
|
|
if (ret)
|
|
|
|
*ret = o;
|
|
|
|
|