From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 26 Jun 2026 19:59:08 +0000 (+0900)
Subject: journal-authenticate: initialize hmac when necessary
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b97dc560636978785cc9590cd05eec62f4432df;p=thirdparty%2Fsystemd.git

journal-authenticate: initialize hmac when necessary
---

diff --git a/src/libsystemd/sd-journal/journal-authenticate.c b/src/libsystemd/sd-journal/journal-authenticate.c
index 7ad52b539b4..f2c42ce0ffb 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.c
+++ b/src/libsystemd/sd-journal/journal-authenticate.c
@@ -234,11 +234,13 @@ int journal_file_fsprg_seek(JournalFile *f, uint64_t goal) {
         return FSPRG_Seek(f->fsprg_state.iov_base, goal, msk.iov_base, f->fsprg_seed.iov_base, f->fsprg_seed.iov_len);
 }
 
-int journal_file_hmac_setup(JournalFile *f) {
 #if HAVE_GCRYPT
+static int journal_file_hmac_setup(JournalFile *f) {
         int r;
 
-        if (!JOURNAL_HEADER_SEALED(f->header))
+        assert(f);
+
+        if (f->hmac)
                 return 0;
 
         r = initialize_libgcrypt(true);
@@ -249,10 +251,8 @@ int journal_file_hmac_setup(JournalFile *f) {
                 return -EOPNOTSUPP;
 
         return 0;
-#else
-        return -EOPNOTSUPP;
-#endif
 }
+#endif
 
 int journal_file_hmac_start(JournalFile *f) {
 #if HAVE_GCRYPT
@@ -266,6 +266,10 @@ int journal_file_hmac_start(JournalFile *f) {
         if (f->hmac_running)
                 return 0;
 
+        r = journal_file_hmac_setup(f);
+        if (r < 0)
+                return r;
+
         /* Prepare HMAC for next cycle */
         sym_gcry_md_reset(f->hmac);
 
diff --git a/src/libsystemd/sd-journal/journal-authenticate.h b/src/libsystemd/sd-journal/journal-authenticate.h
index 0dd2ef3bf62..f4164b32ad6 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.h
+++ b/src/libsystemd/sd-journal/journal-authenticate.h
@@ -8,7 +8,6 @@ int journal_file_append_tag(JournalFile *f);
 int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime);
 int journal_file_append_first_tag(JournalFile *f);
 
-int journal_file_hmac_setup(JournalFile *f);
 int journal_file_hmac_start(JournalFile *f);
 int journal_file_hmac_put_header(JournalFile *f);
 int journal_file_hmac_put_object(JournalFile *f, ObjectType type, Object *o, uint64_t p);
diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c
index 37392ea9bb8..4dfcb9343f2 100644
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@@ -4304,12 +4304,6 @@ int journal_file_open(
                         goto fail;
         }
 
-#if HAVE_GCRYPT
-        r = journal_file_hmac_setup(f);
-        if (r < 0)
-                goto fail;
-#endif
-
         if (newly_created) {
                 r = journal_file_setup_field_hash_table(f);
                 if (r < 0)