From 4b97dc560636978785cc9590cd05eec62f4432df Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 27 Jun 2026 04:59:08 +0900
Subject: [PATCH] journal-authenticate: initialize hmac when necessary

---
 src/libsystemd/sd-journal/journal-authenticate.c | 14 +++++++++-----
 src/libsystemd/sd-journal/journal-authenticate.h |  1 -
 src/libsystemd/sd-journal/journal-file.c         |  6 ------
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/libsystemd/sd-journal/journal-authenticate.c b/src/libsystemd/sd-journal/journal-authenticate.c
index 7ad52b539b4..f2c42ce0ffb 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.c
+++ b/src/libsystemd/sd-journal/journal-authenticate.c
@@ -234,11 +234,13 @@ int journal_file_fsprg_seek(JournalFile *f, uint64_t goal) {
         return FSPRG_Seek(f->fsprg_state.iov_base, goal, msk.iov_base, f->fsprg_seed.iov_base, f->fsprg_seed.iov_len);
 }
 
-int journal_file_hmac_setup(JournalFile *f) {
 #if HAVE_GCRYPT
+static int journal_file_hmac_setup(JournalFile *f) {
         int r;
 
-        if (!JOURNAL_HEADER_SEALED(f->header))
+        assert(f);
+
+        if (f->hmac)
                 return 0;
 
         r = initialize_libgcrypt(true);
@@ -249,10 +251,8 @@ int journal_file_hmac_setup(JournalFile *f) {
                 return -EOPNOTSUPP;
 
         return 0;
-#else
-        return -EOPNOTSUPP;
-#endif
 }
+#endif
 
 int journal_file_hmac_start(JournalFile *f) {
 #if HAVE_GCRYPT
@@ -266,6 +266,10 @@ int journal_file_hmac_start(JournalFile *f) {
         if (f->hmac_running)
                 return 0;
 
+        r = journal_file_hmac_setup(f);
+        if (r < 0)
+                return r;
+
         /* Prepare HMAC for next cycle */
         sym_gcry_md_reset(f->hmac);
 
diff --git a/src/libsystemd/sd-journal/journal-authenticate.h b/src/libsystemd/sd-journal/journal-authenticate.h
index 0dd2ef3bf62..f4164b32ad6 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.h
+++ b/src/libsystemd/sd-journal/journal-authenticate.h
@@ -8,7 +8,6 @@ int journal_file_append_tag(JournalFile *f);
 int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime);
 int journal_file_append_first_tag(JournalFile *f);
 
-int journal_file_hmac_setup(JournalFile *f);
 int journal_file_hmac_start(JournalFile *f);
 int journal_file_hmac_put_header(JournalFile *f);
 int journal_file_hmac_put_object(JournalFile *f, ObjectType type, Object *o, uint64_t p);
diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c
index 37392ea9bb8..4dfcb9343f2 100644
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@@ -4304,12 +4304,6 @@ int journal_file_open(
                         goto fail;
         }
 
-#if HAVE_GCRYPT
-        r = journal_file_hmac_setup(f);
-        if (r < 0)
-                goto fail;
-#endif
-
         if (newly_created) {
                 r = journal_file_setup_field_hash_table(f);
                 if (r < 0)
-- 
2.47.3