Kern Sibbald wrote: > Hello, > > I am now working on bug #807, where decrypting files gets signature digest > errors on each file restored. As far as I can tell, these are *false* error > messages, most likely due to the fact that Microsoft BackupWrite() does not > restore exactly the same bits as BackupRead() gave. > > Anyway, in looking at the encryption code in detail, which I have not totally > finished, I come to realize that there are some important problems that need > fixing. > > 1. The code is rather inefficient from several stand points -- see items > below. > > 2. It does a number of malloc() and free()s for each file backed up > which is something that Bacula does not normally do. Over time, > I will fix this. > > 3. In computing the signature digest, during a restore, it first writes the > file to disk, then re-reads the whole file computing the digest that it > compares to the original. This is very inefficient, and I am planning > to change it in version 2.2.0 to compute the signature digest as it > reads the data from the SD, and thus to skip reading the file after it > is written. > > Upside -- *much* more efficient; the current signature errors > will be eliminated. > > Downside -- it is probably better to compute the signature from the > actual file written in case something goes wrong in writing it. However, > this doesn't work. > >
I don't think there is a downside. If something goes wrong with writing the file, then the file is corrupt and it might as well get a digest error on restore as a checksum error, or worse, no error at all. > 4. The current signature digest algorithm (as far as I can tell) is not saved > on the Volume. The signature digest algorithm is compiled into the code, > and it is a different algorithm depending on whether or not you have > only SHA1 or you have SHA2 algorithms available. This is *very* bad. > It means that if you rebuild your Bacula FD, it may not be able to compute > a signature digest for a restore in the same way it did for the backup. > > 5. While computing the signature digest for a restore as noted above, the > code is also computing a digest, which is used for the Bacula file hash > code -- i.e. the old MD5 or SHA1. This means that two digests are > during the restore, which is unnecessary (as mentioned in the author's > comments in the files). > > 6. There are a good number of places where the error code returned is > simply ignored. > > 7. The code for the most part causes any OpenSSL errors to be lost. > This is now fixed in version 2.1.14 > > I'm proposing the following: > > Item 2. Eliminate the unnecessary malloc() calls over time (some gone in > version 2.1.14 > > Item 3. Do the signature digest as the data is received from the SD > eliminating the need to re-read the file. I hope to do this before version > 2.2.0 is released. > > Items 4-5. Compute only a single digest and use it for the signature record > as well as the hash code that goes into the catalog. I doubt this can be > done for version 2.2.0 without delaying it another month, because this > is not so simple (new streams for the Volume) and unfortunately, not > 100% upward transparent -- you will need to modify your Dir conf file to > have the same level of signature protection as today. > > Item 6. Fix over time. > > Item 7. Already fixed. > > If anyone has any comments or objections, particularly on item 3, now is the > time to speak up. > > Best regards, > > Kern > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
