+ rsize = buflen;
+ jcr->ReadBytes += rsize;
+ wsize = rsize;
+ wbuf = buf;
+
+ if (flags & FO_ENCRYPT) {
+ ASSERT(cipher_ctx->cipher);
+
+ /* NOTE: We must implement block preserving semantics for the
+ * non-streaming compression and sparse code. */
+
+ /*
+ * Grow the crypto buffer, if necessary.
+ * crypto_cipher_update() will process only whole blocks,
+ * buffering the remaining input.
+ */
+ cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
+ cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
+
+ /* Decrypt the input block */
+ if (!crypto_cipher_update(cipher_ctx->cipher,
+ (const u_int8_t *)wbuf,
+ wsize,
+ (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
+ &decrypted_len)) {
+ /* Decryption failed. Shouldn't happen. */
+ Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
+ return -1;
+ }
+
+ if (decrypted_len == 0) {
+ /* No full block of encrypted data available, write more data */
+ return 0;
+ }
+
+ Dmsg2(100, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
+
+ cipher_ctx->buf_len += decrypted_len;
+ wbuf = cipher_ctx->buf;
+
+ /* If one full preserved block is available, write it to disk,
+ * and then buffer any remaining data. This should be effecient
+ * as long as Bacula's block size is not significantly smaller than the
+ * encryption block size (extremely unlikely!) */
+ unser_crypto_packet_len(cipher_ctx);
+ Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
+
+ if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
+ /* No full preserved block is available. */
+ return 0;
+ }
+
+ /* We have one full block, set up the filter input buffers */
+ wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
+ wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
+ cipher_ctx->buf_len -= cipher_ctx->packet_len;
+ Dmsg2(30, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
+ }
+