On Friday 15 June 2007 15:00, Josh Fisher wrote: > Kern Sibbald wrote: > > Hello, > > > > I am now working on bug #807, where decrypting files gets signature digest > > errors on each file restored. As far as I can tell, these are *false* error > > messages, most likely due to the fact that Microsoft BackupWrite() does not > > restore exactly the same bits as BackupRead() gave. > > > > Anyway, in looking at the encryption code in detail, which I have not totally > > finished, I come to realize that there are some important problems that need > > fixing. > > > > 1. The code is rather inefficient from several stand points -- see items > > below. > > > > 2. It does a number of malloc() and free()s for each file backed up > > which is something that Bacula does not normally do. Over time, > > I will fix this. > > > > 3. In computing the signature digest, during a restore, it first writes the > > file to disk, then re-reads the whole file computing the digest that it > > compares to the original. This is very inefficient, and I am planning > > to change it in version 2.2.0 to compute the signature digest as it > > reads the data from the SD, and thus to skip reading the file after it > > is written. > > > > Upside -- *much* more efficient; the current signature errors > > will be eliminated. > > > > Downside -- it is probably better to compute the signature from the > > actual file written in case something goes wrong in writing it. However, > > this doesn't work. > > > > > > I don't think there is a downside. If something goes wrong with writing > the file, then the file is corrupt and it might as well get a digest > error on restore as a checksum error, or worse, no error at all.
Yes, good point. Thanks. Kern > > > 4. The current signature digest algorithm (as far as I can tell) is not saved > > on the Volume. The signature digest algorithm is compiled into the code, > > and it is a different algorithm depending on whether or not you have > > only SHA1 or you have SHA2 algorithms available. This is *very* bad. > > It means that if you rebuild your Bacula FD, it may not be able to compute > > a signature digest for a restore in the same way it did for the backup. > > > > 5. While computing the signature digest for a restore as noted above, the > > code is also computing a digest, which is used for the Bacula file hash > > code -- i.e. the old MD5 or SHA1. This means that two digests are > > during the restore, which is unnecessary (as mentioned in the author's > > comments in the files). > > > > 6. There are a good number of places where the error code returned is > > simply ignored. > > > > 7. The code for the most part causes any OpenSSL errors to be lost. > > This is now fixed in version 2.1.14 > > > > I'm proposing the following: > > > > Item 2. Eliminate the unnecessary malloc() calls over time (some gone in > > version 2.1.14 > > > > Item 3. Do the signature digest as the data is received from the SD > > eliminating the need to re-read the file. I hope to do this before version > > 2.2.0 is released. > > > > Items 4-5. Compute only a single digest and use it for the signature record > > as well as the hash code that goes into the catalog. I doubt this can be > > done for version 2.2.0 without delaying it another month, because this > > is not so simple (new streams for the Volume) and unfortunately, not > > 100% upward transparent -- you will need to modify your Dir conf file to > > have the same level of signature protection as today. > > > > Item 6. Fix over time. > > > > Item 7. Already fixed. > > > > If anyone has any comments or objections, particularly on item 3, now is the > > time to speak up. > > > > Best regards, > > > > Kern > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Bacula-users mailing list > > Bacula-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bacula-users > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Bacula-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/bacula-devel > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
