]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
journal-authenticate: initialize hmac when necessary 42772/head
authorYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 26 Jun 2026 19:59:08 +0000 (04:59 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Sat, 27 Jun 2026 14:58:00 +0000 (23:58 +0900)
src/libsystemd/sd-journal/journal-authenticate.c
src/libsystemd/sd-journal/journal-authenticate.h
src/libsystemd/sd-journal/journal-file.c

index 7ad52b539b495c0f10d3bbfa50a60f36a940fab7..f2c42ce0ffb2129fe44069d8ede9db342821ea8d 100644 (file)
@@ -234,11 +234,13 @@ int journal_file_fsprg_seek(JournalFile *f, uint64_t goal) {
         return FSPRG_Seek(f->fsprg_state.iov_base, goal, msk.iov_base, f->fsprg_seed.iov_base, f->fsprg_seed.iov_len);
 }
 
-int journal_file_hmac_setup(JournalFile *f) {
 #if HAVE_GCRYPT
+static int journal_file_hmac_setup(JournalFile *f) {
         int r;
 
-        if (!JOURNAL_HEADER_SEALED(f->header))
+        assert(f);
+
+        if (f->hmac)
                 return 0;
 
         r = initialize_libgcrypt(true);
@@ -249,10 +251,8 @@ int journal_file_hmac_setup(JournalFile *f) {
                 return -EOPNOTSUPP;
 
         return 0;
-#else
-        return -EOPNOTSUPP;
-#endif
 }
+#endif
 
 int journal_file_hmac_start(JournalFile *f) {
 #if HAVE_GCRYPT
@@ -266,6 +266,10 @@ int journal_file_hmac_start(JournalFile *f) {
         if (f->hmac_running)
                 return 0;
 
+        r = journal_file_hmac_setup(f);
+        if (r < 0)
+                return r;
+
         /* Prepare HMAC for next cycle */
         sym_gcry_md_reset(f->hmac);
 
index 0dd2ef3bf621ac1fddf7b58e88b7106ee57f80f6..f4164b32ad68e56493ddc6cf275c40b6b8f39d3c 100644 (file)
@@ -8,7 +8,6 @@ int journal_file_append_tag(JournalFile *f);
 int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime);
 int journal_file_append_first_tag(JournalFile *f);
 
-int journal_file_hmac_setup(JournalFile *f);
 int journal_file_hmac_start(JournalFile *f);
 int journal_file_hmac_put_header(JournalFile *f);
 int journal_file_hmac_put_object(JournalFile *f, ObjectType type, Object *o, uint64_t p);
index 37392ea9bb861524cf36d148ad0e0502966e56bf..4dfcb9343f24461059ae8642597f196f9ec0ce5c 100644 (file)
@@ -4304,12 +4304,6 @@ int journal_file_open(
                         goto fail;
         }
 
-#if HAVE_GCRYPT
-        r = journal_file_hmac_setup(f);
-        if (r < 0)
-                goto fail;
-#endif
-
         if (newly_created) {
                 r = journal_file_setup_field_hash_table(f);
                 if (r < 0)