1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
There is a race condition inside the client-side sendbackup. The short version
is that any output from the compression or encryption pipes that gets send
before the "sendbackup:" headers gets discarded by the server on receipt.
For any pipe command that outputs headers, a sufficiently fast machine will
allow this to happen.
As a solution, we buffer the header from amcrypt-ossl-asym, and only output it
after we have started receiving real data. At the time of writing this patch,
amaespipe looks to suffer from the same problem.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
(Forward ported from the 2.5.2p1 patch)
diff -Nuar --exclude '*~' --exclude '*.orig' --exclude '*.rej' amanda-2.6.0p2.orig/common-src/amcrypt-ossl-asym.sh amanda-2.6.0p2/common-src/amcrypt-ossl-asym.sh
--- amanda-2.6.0p2.orig/common-src/amcrypt-ossl-asym.sh 2008-01-17 16:31:41.000000000 -0800
+++ amanda-2.6.0p2/common-src/amcrypt-ossl-asym.sh 2008-09-21 22:32:21.265609630 -0700
@@ -95,7 +95,7 @@
perl -pe 'BEGIN { $bs = 96; $/ = \8192 } $nbytes = ($nbytes + length) % $bs; END { print "\0" x ($bs - $nbytes) }'
}
-encrypt() {
+encrypt_setup() {
# generate a random printable cipher key (on one line)
echo `"${OPENSSL}" rand -base64 80` >"${WORKDIR}/pass"
@@ -105,11 +105,20 @@
# print magic
printf "%s" "${MAGIC}"
+ [ $? -eq 0 ] || return 1
# print the encrypted cipher key, preceded by size
ls -l "${WORKDIR}/pass.ciphertext" | awk '{ printf("%-10d", $5) }'
+ [ $? -eq 0 ] || return 1
cat "${WORKDIR}/pass.ciphertext"
+ [ $? -eq 0 ] || return 1
+ # Do a test encryption to see that it will work and we will not lose data
+ echo "foo" | encrypt >/dev/null
+ [ $? -eq 0 ] || return 1
+}
+
+encrypt() {
# encrypt data using the cipher key and print
pad | "${OPENSSL}" enc "-${CIPHER}" -nopad -e -pass "file:${WORKDIR}/pass" -nosalt
[ $? -eq 0 ] || return 1
@@ -180,7 +189,26 @@
exit 1
fi
- encrypt
+ # we must perform the encryption setup, but not produce any output until we start getting input
+ encrypt_setup >"${WORKDIR}/encryption-header"
+ if [ $? -ne 0 ]; then
+ echo "${ME}: encryption setup failed" >&2
+ exit 1
+ fi
+ # block until the first of the input
+ dd of="${WORKDIR}/data.buffer" bs=4 count=1 2>/dev/null
+ if [ $? -ne 0 ]; then
+ echo "${ME}: encryption failed to get input data" >&2
+ exit 1
+ fi
+ # now spit out the encryption header
+ cat "${WORKDIR}/encryption-header"
+ if [ $? -ne 0 ]; then
+ echo "${ME}: encryption failed to output encryption header" >&2
+ exit 1
+ fi
+ # followed by our first bit of input, then the rest
+ cat "${WORKDIR}/data.buffer" - | encrypt
if [ $? -ne 0 ]; then
echo `_ '%s: encryption failed' "${ME}"` >&2
exit 1
|
GitWeb
