|
 |
17b0f1 |
From 4f36220ccfe40621cd7df3595568278d7bca4f87 Mon Sep 17 00:00:00 2001
|
|
|
17b0f1 |
From: Franck Bui <fbui@suse.com>
|
|
|
17b0f1 |
Date: Fri, 23 Sep 2016 13:33:01 +0200
|
|
|
17b0f1 |
Subject: [PATCH] journal: fix HMAC calculation when appending a data object
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
|
|
|
17b0f1 |
calculation of the HMAC is broken because the hash for a data object
|
|
|
17b0f1 |
including a field is done in the wrong order: the field object is
|
|
|
17b0f1 |
hashed before the data object is.
|
|
|
17b0f1 |
|
|
|
17b0f1 |
However during verification, the hash is done in the opposite order as
|
|
|
17b0f1 |
objects are scanned sequentially.
|
|
|
17b0f1 |
|
|
|
17b0f1 |
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
|
|
|
17b0f1 |
---
|
|
|
17b0f1 |
src/journal/journal-file.c | 12 ++++++------
|
|
|
17b0f1 |
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
|
|
17b0f1 |
index 2bb3a97574..586f620e21 100644
|
|
|
17b0f1 |
--- a/src/journal/journal-file.c
|
|
|
17b0f1 |
+++ b/src/journal/journal-file.c
|
|
|
17b0f1 |
@@ -1099,6 +1099,12 @@ static int journal_file_append_data(
|
|
|
17b0f1 |
if (r < 0)
|
|
|
17b0f1 |
return r;
|
|
|
17b0f1 |
|
|
|
17b0f1 |
+#ifdef HAVE_GCRYPT
|
|
|
17b0f1 |
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
|
|
17b0f1 |
+ if (r < 0)
|
|
|
17b0f1 |
+ return r;
|
|
|
17b0f1 |
+#endif
|
|
|
17b0f1 |
+
|
|
|
17b0f1 |
/* The linking might have altered the window, so let's
|
|
|
17b0f1 |
* refresh our pointer */
|
|
|
17b0f1 |
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
|
|
|
17b0f1 |
@@ -1123,12 +1129,6 @@ static int journal_file_append_data(
|
|
|
17b0f1 |
fo->field.head_data_offset = le64toh(p);
|
|
|
17b0f1 |
}
|
|
|
17b0f1 |
|
|
|
17b0f1 |
-#ifdef HAVE_GCRYPT
|
|
|
17b0f1 |
- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
|
|
17b0f1 |
- if (r < 0)
|
|
|
17b0f1 |
- return r;
|
|
|
17b0f1 |
-#endif
|
|
|
17b0f1 |
-
|
|
|
17b0f1 |
if (ret)
|
|
|
17b0f1 |
*ret = o;
|
|
|
17b0f1 |
|