From: Lennart Poettering <lennart@amutable.com>
Date: Fri, 19 Jun 2026 03:12:10 +0000 (+0200)
Subject: sha256: add sha256_direct_hex() helper
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe83c5be7f69e938d2240f8bf5bc1edcaf31ebb2;p=thirdparty%2Fsystemd.git

sha256: add sha256_direct_hex() helper

A various places we need a SHA256SUM of something as a string. Let's add
a simple helper for this that does this generically.
---

diff --git a/src/basic/sha256.c b/src/basic/sha256.c
index 31e535d4d29..ebefdc75409 100644
--- a/src/basic/sha256.c
+++ b/src/basic/sha256.c
@@ -11,6 +11,8 @@ int sha256_fd(int fd, uint64_t max_size, uint8_t ret[static SHA256_DIGEST_SIZE])
         struct sha256_ctx ctx;
         uint64_t total_size = 0;
 
+        assert(fd >= 0);
+
         sha256_init_ctx(&ctx);
 
         for (;;) {
@@ -53,3 +55,12 @@ int parse_sha256(const char *s, uint8_t ret[static SHA256_DIGEST_SIZE]) {
 bool sha256_is_valid(const char *s) {
         return s && in_charset(s, HEXDIGITS) && (strlen(s) == SHA256_DIGEST_SIZE * 2);
 }
+
+char* sha256_direct_hex(const void *buffer, size_t sz) {
+        assert(buffer || sz == 0);
+
+        if (sz == SIZE_MAX)
+                sz = strlen(buffer);
+
+        return hexmem(SHA256_DIRECT(buffer, sz), SHA256_DIGEST_SIZE);
+}
diff --git a/src/basic/sha256.h b/src/basic/sha256.h
index 74314a0cab8..8d3387ea490 100644
--- a/src/basic/sha256.h
+++ b/src/basic/sha256.h
@@ -11,3 +11,5 @@ int sha256_fd(int fd, uint64_t max_size, uint8_t ret[static SHA256_DIGEST_SIZE])
 int parse_sha256(const char *s, uint8_t ret[static SHA256_DIGEST_SIZE]);
 
 bool sha256_is_valid(const char *s) _pure_;
+
+char* sha256_direct_hex(const void *buffer, size_t sz);
diff --git a/src/shared/pcrextend-util.c b/src/shared/pcrextend-util.c
index cf6eb7d1a56..5bd87e03c91 100644
--- a/src/shared/pcrextend-util.c
+++ b/src/shared/pcrextend-util.c
@@ -358,7 +358,7 @@ int pcrextend_imds_userdata_word(const struct iovec *data, char **ret) {
         /* We include both a hash of the complete user data, and a truncated version of the data in the word
          * we measure. The former protects the actual data, the latter is useful for debugging. */
 
-        _cleanup_free_ char *hash = hexmem(SHA256_DIRECT(data->iov_base, data->iov_len), SHA256_DIGEST_SIZE);
+        _cleanup_free_ char *hash = sha256_direct_hex(data->iov_base, data->iov_len);
         if (!hash)
                 return log_oom();
 
diff --git a/src/shared/tar-util.c b/src/shared/tar-util.c
index 97c41adba9a..e2603680bda 100644
--- a/src/shared/tar-util.c
+++ b/src/shared/tar-util.c
@@ -14,7 +14,6 @@
 #include "chattr-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
-#include "hexdecoct.h"
 #include "iovec-util.h"
 #include "libarchive-util.h"
 #include "mountpoint-util.h"
@@ -1184,7 +1183,7 @@ static int hardlink_lookup(
         else
                 assert(d->have_unique_mount_id == (r > 0));
 
-        m = hexmem(SHA256_DIRECT(handle->f_handle, handle->handle_bytes), SHA256_DIGEST_SIZE);
+        m = sha256_direct_hex(handle->f_handle, handle->handle_bytes);
         if (!m)
                 return log_oom();