From: Lennart Poettering Date: Fri, 20 Oct 2023 12:16:01 +0000 (+0200) Subject: repart: port to new "struct iovec" JSON + primitive helpers X-Git-Tag: v255-rc1~181^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6b4b40f490f90ce7d5d36e43cb73e3eea5298eee;p=thirdparty%2Fsystemd.git repart: port to new "struct iovec" JSON + primitive helpers --- diff --git a/src/partition/repart.c b/src/partition/repart.c index 20c30c1e15c..4e57f977266 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -268,8 +268,7 @@ typedef struct Partition { int read_only; int growfs; - uint8_t *roothash; - size_t roothash_size; + struct iovec roothash; char *split_name_format; char *split_path; @@ -418,7 +417,7 @@ static Partition* partition_free(Partition *p) { strv_free(p->subvolumes); free(p->verity_match_key); - free(p->roothash); + iovec_done(&p->roothash); free(p->split_name_format); unlink_and_free(p->split_path); @@ -2824,7 +2823,7 @@ static int context_dump_partitions(Context *context) { if (p->verity != VERITY_OFF) { Partition *hp = p->verity == VERITY_HASH ? p : p->siblings[VERITY_HASH]; - rh = hp->roothash ? hexmem(hp->roothash, hp->roothash_size) : strdup("TBD"); + rh = iovec_is_set(&hp->roothash) ? hexmem(hp->roothash.iov_base, hp->roothash.iov_len) : strdup("TBD"); if (!rh) return log_oom(); } @@ -3101,7 +3100,7 @@ static int context_dump_partition_bar(Context *context) { static bool context_has_roothash(Context *context) { LIST_FOREACH(partitions, p, context->partitions) - if (p->roothash) + if (iovec_is_set(&p->roothash)) return true; return false; @@ -3986,8 +3985,6 @@ static int partition_format_verity_hash( _cleanup_(partition_target_freep) PartitionTarget *t = NULL; _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_free_ char *hint = NULL; - _cleanup_free_ uint8_t *rh = NULL; - size_t rhs; int r; assert(context); @@ -4066,30 +4063,31 @@ static int partition_format_verity_hash( r = sym_crypt_get_volume_key_size(cd); if (r < 0) return log_error_errno(r, "Failed to determine verity root hash size of partition %s: %m", strna(hint)); - rhs = (size_t) r; - rh = malloc(rhs); - if (!rh) + _cleanup_(iovec_done) struct iovec rh = { + .iov_base = malloc(r), + .iov_len = r, + }; + if (!rh.iov_base) return log_oom(); - r = sym_crypt_volume_key_get(cd, CRYPT_ANY_SLOT, (char *) rh, &rhs, NULL, 0); + r = sym_crypt_volume_key_get(cd, CRYPT_ANY_SLOT, (char *) rh.iov_base, &rh.iov_len, NULL, 0); if (r < 0) return log_error_errno(r, "Failed to get verity root hash of partition %s: %m", strna(hint)); - assert(rhs >= sizeof(sd_id128_t) * 2); + assert(rh.iov_len >= sizeof(sd_id128_t) * 2); if (!dp->new_uuid_is_set) { - memcpy_safe(dp->new_uuid.bytes, rh, sizeof(sd_id128_t)); + memcpy_safe(dp->new_uuid.bytes, rh.iov_base, sizeof(sd_id128_t)); dp->new_uuid_is_set = true; } if (!p->new_uuid_is_set) { - memcpy_safe(p->new_uuid.bytes, rh + rhs - sizeof(sd_id128_t), sizeof(sd_id128_t)); + memcpy_safe(p->new_uuid.bytes, (uint8_t*) rh.iov_base + (rh.iov_len - sizeof(sd_id128_t)), sizeof(sd_id128_t)); p->new_uuid_is_set = true; } - p->roothash = TAKE_PTR(rh); - p->roothash_size = rhs; + p->roothash = TAKE_IOVEC(rh); return 0; #else @@ -4098,10 +4096,8 @@ static int partition_format_verity_hash( } static int sign_verity_roothash( - const uint8_t *roothash, - size_t roothash_size, - uint8_t **ret_signature, - size_t *ret_signature_size) { + const struct iovec *roothash, + struct iovec *ret_signature) { #if HAVE_OPENSSL _cleanup_(BIO_freep) BIO *rb = NULL; @@ -4111,11 +4107,10 @@ static int sign_verity_roothash( int sigsz; assert(roothash); - assert(roothash_size > 0); + assert(iovec_is_set(roothash)); assert(ret_signature); - assert(ret_signature_size); - hex = hexmem(roothash, roothash_size); + hex = hexmem(roothash->iov_base, roothash->iov_len); if (!hex) return log_oom(); @@ -4133,8 +4128,8 @@ static int sign_verity_roothash( return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert PKCS7 signature to DER: %s", ERR_error_string(ERR_get_error(), NULL)); - *ret_signature = TAKE_PTR(sig); - *ret_signature_size = sigsz; + ret_signature->iov_base = TAKE_PTR(sig); + ret_signature->iov_len = sigsz; return 0; #else @@ -4144,11 +4139,10 @@ static int sign_verity_roothash( static int partition_format_verity_sig(Context *context, Partition *p) { _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; - _cleanup_free_ uint8_t *sig = NULL; + _cleanup_(iovec_done) struct iovec sig = IOVEC_NULL; _cleanup_free_ char *text = NULL, *hint = NULL; Partition *hp; uint8_t fp[X509_FINGERPRINT_SIZE]; - size_t sigsz = 0; /* avoid false maybe-uninitialized warning */ int whole_fd, r; assert(p->verity == VERITY_SIG); @@ -4168,7 +4162,7 @@ static int partition_format_verity_sig(Context *context, Partition *p) { assert_se((whole_fd = fdisk_get_devfd(context->fdisk_context)) >= 0); - r = sign_verity_roothash(hp->roothash, hp->roothash_size, &sig, &sigsz); + r = sign_verity_roothash(&hp->roothash, &sig); if (r < 0) return r; @@ -4178,12 +4172,12 @@ static int partition_format_verity_sig(Context *context, Partition *p) { r = json_build(&v, JSON_BUILD_OBJECT( - JSON_BUILD_PAIR("rootHash", JSON_BUILD_HEX(hp->roothash, hp->roothash_size)), + JSON_BUILD_PAIR("rootHash", JSON_BUILD_HEX(hp->roothash.iov_base, hp->roothash.iov_len)), JSON_BUILD_PAIR( "certificateFingerprint", JSON_BUILD_HEX(fp, sizeof(fp)) ), - JSON_BUILD_PAIR("signature", JSON_BUILD_BASE64(sig, sigsz)) + JSON_BUILD_PAIR("signature", JSON_BUILD_IOVEC_BASE64(&sig)) ) ); if (r < 0)