diff options
| author | Kevin Kuehler <kevin@segfault.fun> | 2021-10-20 12:21:18 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-11-30 23:00:21 +0100 |
| commit | ade99252e2cdd9eeff78566789008996d27e4dc0 (patch) | |
| tree | 2279a7139a71850516594e542ea501a716ac9f4c /src/partition | |
| parent | network: address: drop deprecated temporary address (diff) | |
| download | systemd-ade99252e2cdd9eeff78566789008996d27e4dc0.tar.xz systemd-ade99252e2cdd9eeff78566789008996d27e4dc0.zip | |
repart: port to our home-grown hmac_sha256
This reduces dependencies. The speed of the code here is uimportant, because we
hash only a tiny amount of input data.
Debian and Ubuntu currently build without repart, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976959
> repart requires openssl and so far I tried to avoid linking against
> both gnutls and openssl.
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Diffstat (limited to 'src/partition')
| -rw-r--r-- | src/partition/repart.c | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/src/partition/repart.c b/src/partition/repart.c index f1af5bb0ee..895c0665d8 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -12,9 +12,6 @@ #include <sys/ioctl.h> #include <sys/stat.h> -#include <openssl/hmac.h> -#include <openssl/sha.h> - #include "sd-id128.h" #include "alloc-util.h" @@ -38,6 +35,7 @@ #include "glyph-util.h" #include "gpt.h" #include "hexdecoct.h" +#include "hmac.h" #include "id128-util.h" #include "json.h" #include "list.h" @@ -1519,7 +1517,7 @@ static int fdisk_set_disklabel_id_by_uuid(struct fdisk_context *c, sd_id128_t id static int derive_uuid(sd_id128_t base, const char *token, sd_id128_t *ret) { union { - unsigned char md[SHA256_DIGEST_LENGTH]; + uint8_t md[SHA256_DIGEST_SIZE]; sd_id128_t id; } result; @@ -1531,11 +1529,7 @@ static int derive_uuid(sd_id128_t base, const char *token, sd_id128_t *ret) { * machine ID). We use the machine ID as key (and not as cleartext!) of the HMAC operation since it's * the machine ID we don't want to leak. */ - if (!HMAC(EVP_sha256(), - &base, sizeof(base), - (const unsigned char*) token, strlen(token), - result.md, NULL)) - return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "HMAC-SHA256 calculation failed."); + hmac_sha256(base.bytes, sizeof(base.bytes), token, strlen(token), result.md); /* Take the first half, mark it as v4 UUID */ assert_cc(sizeof(result.md) == sizeof(result.id) * 2); @@ -3067,7 +3061,7 @@ static int partition_acquire_uuid(Context *context, Partition *p, sd_id128_t *re uint64_t counter; } _packed_ plaintext = {}; union { - unsigned char md[SHA256_DIGEST_LENGTH]; + uint8_t md[SHA256_DIGEST_SIZE]; sd_id128_t id; } result; @@ -3111,11 +3105,10 @@ static int partition_acquire_uuid(Context *context, Partition *p, sd_id128_t *re plaintext.type_uuid = p->type_uuid; plaintext.counter = htole64(k); - if (!HMAC(EVP_sha256(), - &context->seed, sizeof(context->seed), - (const unsigned char*) &plaintext, k == 0 ? sizeof(sd_id128_t) : sizeof(plaintext), - result.md, NULL)) - return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "SHA256 calculation failed."); + hmac_sha256(context->seed.bytes, sizeof(context->seed.bytes), + &plaintext, + k == 0 ? sizeof(sd_id128_t) : sizeof(plaintext), + result.md); /* Take the first half, mark it as v4 UUID */ assert_cc(sizeof(result.md) == sizeof(result.id) * 2); |