Hello,
I am now working on bug #807, where decrypting files gets signature digest
errors on each file restored. As far as I can tell, these are *false* error
messages, most likely due to the fact that Microsoft BackupWrite() does not
restore exactly the same bits as BackupRead() gave.
Anyway, in looking at the encryption code in detail, which I have not totally
finished, I come to realize that there are some important problems that need
fixing.
1. The code is rather inefficient from several stand points -- see items
below.
2. It does a number of malloc() and free()s for each file backed up
which is something that Bacula does not normally do. Over time,
I will fix this.
3. In computing the signature digest, during a restore, it first writes the
file to disk, then re-reads the whole file computing the digest that it
compares to the original. This is very inefficient, and I am planning
to change it in version 2.2.0 to compute the signature digest as it
reads the data from the SD, and thus to skip reading the file after it
is written.
Upside -- *much* more efficient; the current signature errors
will be eliminated.
Downside -- it is probably better to compute the signature from the
actual file written in case something goes wrong in writing it. However,
this doesn't work.
4. The current signature digest algorithm (as far as I can tell) is not saved
on the Volume. The signature digest algorithm is compiled into the code,
and it is a different algorithm depending on whether or not you have
only SHA1 or you have SHA2 algorithms available. This is *very* bad.
It means that if you rebuild your Bacula FD, it may not be able to compute
a signature digest for a restore in the same way it did for the backup.
5. While computing the signature digest for a restore as noted above, the
code is also computing a digest, which is used for the Bacula file hash
code -- i.e. the old MD5 or SHA1. This means that two digests are
during the restore, which is unnecessary (as mentioned in the author's
comments in the files).
6. There are a good number of places where the error code returned is
simply ignored.
7. The code for the most part causes any OpenSSL errors to be lost.
This is now fixed in version 2.1.14
I'm proposing the following:
Item 2. Eliminate the unnecessary malloc() calls over time (some gone in
version 2.1.14
Item 3. Do the signature digest as the data is received from the SD
eliminating the need to re-read the file. I hope to do this before version
2.2.0 is released.
Items 4-5. Compute only a single digest and use it for the signature record
as well as the hash code that goes into the catalog. I doubt this can be
done for version 2.2.0 without delaying it another month, because this
is not so simple (new streams for the Volume) and unfortunately, not
100% upward transparent -- you will need to modify your Dir conf file to
have the same level of signature protection as today.
Item 6. Fix over time.
Item 7. Already fixed.
If anyone has any comments or objections, particularly on item 3, now is the
time to speak up.
Best regards,
Kern
