#include <fcntl.h>
#include <unistd.h>
-#if HAVE_OPENSSL
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-#endif
-
#include "sd-id128.h"
#include "alloc-util.h"
#include "fd-util.h"
#include "hexdecoct.h"
+#include "hmac.h"
#include "id128-util.h"
#include "io-util.h"
-#if !HAVE_OPENSSL
-#include "khash.h"
-#endif
#include "macro.h"
#include "missing_syscall.h"
#include "random-util.h"
}
static int get_app_specific(sd_id128_t base, sd_id128_t app_id, sd_id128_t *ret) {
+ uint8_t hmac[SHA256_DIGEST_SIZE];
sd_id128_t result;
assert(ret);
-#if HAVE_OPENSSL
- /* We prefer doing this in-process, since we this means we are not dependent on kernel configuration,
- * and this also works in locked down container environments. But some distros don't like OpenSSL's
- * license and its (in-) compatibility with GPL2, hence also support khash */
- uint8_t md[256/8];
- if (!HMAC(EVP_sha256(),
- &base, sizeof(base),
- (const unsigned char*) &app_id, sizeof(app_id),
- md, NULL))
- return -ENOTRECOVERABLE;
+ hmac_sha256(&base, sizeof(base), &app_id, sizeof(app_id), hmac);
/* Take only the first half. */
- memcpy(&result, md, MIN(sizeof(md), sizeof(result)));
-#else
- _cleanup_(khash_unrefp) khash *h = NULL;
- const void *p;
- int r;
-
- r = khash_new_with_key(&h, "hmac(sha256)", &base, sizeof(base));
- if (r < 0)
- return r;
-
- r = khash_put(h, &app_id, sizeof(app_id));
- if (r < 0)
- return r;
-
- r = khash_digest_data(h, &p);
- if (r < 0)
- return r;
-
- /* We chop off the trailing 16 bytes */
- memcpy(&result, p, MIN(khash_get_size(h), sizeof(result)));
-#endif
+ memcpy(&result, hmac, MIN(sizeof(hmac), sizeof(result)));
*ret = id128_make_v4_uuid(result);
return 0;
assert_se(id128_read_fd(fd, ID128_UUID, &id2) >= 0);
assert_se(sd_id128_equal(id, id2));
- r = sd_id128_get_machine_app_specific(SD_ID128_MAKE(f0,3d,aa,eb,1c,33,4b,43,a7,32,17,29,44,bf,77,2e), &id);
- if (r == -EOPNOTSUPP)
- log_info("khash not supported on this kernel, skipping sd_id128_get_machine_app_specific() checks");
- else {
- assert_se(r >= 0);
- assert_se(sd_id128_get_machine_app_specific(SD_ID128_MAKE(f0,3d,aa,eb,1c,33,4b,43,a7,32,17,29,44,bf,77,2e), &id2) >= 0);
- assert_se(sd_id128_equal(id, id2));
- assert_se(sd_id128_get_machine_app_specific(SD_ID128_MAKE(51,df,0b,4b,c3,b0,4c,97,80,e2,99,b9,8c,a3,73,b8), &id2) >= 0);
- assert_se(!sd_id128_equal(id, id2));
- }
+ assert_se(sd_id128_get_machine_app_specific(SD_ID128_MAKE(f0,3d,aa,eb,1c,33,4b,43,a7,32,17,29,44,bf,77,2e), &id) >= 0);
+ assert_se(sd_id128_get_machine_app_specific(SD_ID128_MAKE(f0,3d,aa,eb,1c,33,4b,43,a7,32,17,29,44,bf,77,2e), &id2) >= 0);
+ assert_se(sd_id128_equal(id, id2));
+ assert_se(sd_id128_get_machine_app_specific(SD_ID128_MAKE(51,df,0b,4b,c3,b0,4c,97,80,e2,99,b9,8c,a3,73,b8), &id2) >= 0);
+ assert_se(!sd_id128_equal(id, id2));
/* Query the invocation ID */
r = sd_id128_get_invocation(&id);