General:
24Jun06
+- Turn on new bsnprintf() code.
+- Fix crypto when not using openssl. I previously overlooked this.
- Eliminate crypto type punning problems by eliminating void * and
using uint8_t * instead.
- Harden authentication failure in FD by single threading errors
jcr->compress_buf = get_memory(jcr->compress_buf_size);
#ifdef HAVE_LIBZ
- z_stream *pZlibStream = (z_stream*) malloc(sizeof(z_stream));
+ z_stream *pZlibStream = (z_stream*)malloc(sizeof(z_stream));
if (pZlibStream) {
pZlibStream->zalloc = Z_NULL;
pZlibStream->zfree = Z_NULL;
* structure. We use a single session key for each backup, so we'll encode
* the session data only once. */
if (jcr->pki_encrypt) {
- size_t size = 0;
+ uint32_t size = 0;
/* Create per-job session encryption context */
jcr->pki_session = crypto_session_new(cipher, jcr->pki_recipients);
/* Get the session data size */
- if (crypto_session_encode(jcr->pki_session, NULL, &size) == false) {
+ if (crypto_session_encode(jcr->pki_session, (uint8_t *)0, &size) == false) {
Jmsg(jcr, M_FATAL, 0, _("An error occured while encrypting the stream.\n"));
return 0;
}
if (jcr->pZLIB_compress_workset) {
/* Free the zlib stream */
#ifdef HAVE_LIBZ
- deflateEnd((z_stream *) jcr->pZLIB_compress_workset);
+ deflateEnd((z_stream *)jcr->pZLIB_compress_workset);
#endif
free (jcr->pZLIB_compress_workset);
jcr->pZLIB_compress_workset = NULL;
int rsize = jcr->buf_size; /* read buffer size */
POOLMEM *msgsave;
CIPHER_CONTEXT *cipher_ctx = NULL; /* Quell bogus uninitialized warnings */
- const void *cipher_input;
- size_t cipher_input_len;
- size_t cipher_block_size;
- size_t encrypted_len;
+ const uint8_t *cipher_input;
+ uint32_t cipher_input_len;
+ uint32_t cipher_block_size;
+ uint32_t encrypted_len;
#ifdef FD_NO_SEND_TEST
return 1;
#endif
msgsave = sd->msg;
rbuf = sd->msg; /* read buffer */
wbuf = sd->msg; /* write buffer */
- cipher_input = rbuf; /* encrypt uncompressed data */
+ cipher_input = (uint8_t *)rbuf; /* encrypt uncompressed data */
Dmsg1(300, "Saving data, type=%d\n", ff_pkt->type);
max_compress_len = jcr->compress_buf_size; /* set max length */
}
wbuf = jcr->compress_buf; /* compressed output here */
- cipher_input = jcr->compress_buf; /* encrypt compressed data */
+ cipher_input = (uint8_t *)jcr->compress_buf; /* encrypt compressed data */
/*
* Only change zlib parameters if there is no pending operation.
if (ff_pkt->flags & FO_ENCRYPT) {
/* Encrypt the input block */
- if (crypto_cipher_update(cipher_ctx, cipher_input, cipher_input_len, jcr->crypto_buf, &encrypted_len)) {
+ if (crypto_cipher_update(cipher_ctx, cipher_input, cipher_input_len, (uint8_t *)jcr->crypto_buf, &encrypted_len)) {
if (encrypted_len == 0) {
/* No full block of data available, read more data */
continue;
/* Send any remaining encrypted data + padding */
if (ff_pkt->flags & FO_ENCRYPT) {
- if (!crypto_cipher_finalize(cipher_ctx, jcr->crypto_buf, &encrypted_len)) {
+ if (!crypto_cipher_finalize(cipher_ctx, (uint8_t *)jcr->crypto_buf, &encrypted_len)) {
/* Padding failed. Shouldn't happen. */
Jmsg(jcr, M_FATAL, 0, _("Encryption padding error\n"));
goto err;
*
*/
/*
- Copyright (C) 2000-2005 Kern Sibbald
+ Copyright (C) 2000-2006 Kern Sibbald
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
#include <sys/attr.h>
#endif
+#if defined(HAVE_CRYPTO)
+const bool have_crypto = true;
+#else
+const bool have_crypto = false;
+#endif
+
/* Data received from Storage Daemon */
static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
/* Forward referenced functions */
-#ifdef HAVE_LIBZ
+#if defined(HAVE_LIBZ)
static const char *zlib_strerror(int stat);
+const bool have_libz = true;
+#else
+const bool have_libz = false;
#endif
int verify_signature(JCR *jcr, SIGNATURE *sig);
}
#endif
-#ifdef HAVE_LIBZ
- uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
- jcr->compress_buf = (char *)bmalloc(compress_buf_size);
- jcr->compress_buf_size = compress_buf_size;
-#endif
+ if (have_libz) {
+ uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
+ jcr->compress_buf = (char *)bmalloc(compress_buf_size);
+ jcr->compress_buf_size = compress_buf_size;
+ }
-#ifdef HAVE_CRYPTO
- jcr->crypto_buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
-#endif
+ if (have_crypto) {
+ jcr->crypto_buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
+ }
/*
* Get a record from the Storage daemon. We are guaranteed to
}
-#ifdef HAVE_LIBZ
/*
* Convert ZLIB error code into an ASCII message
*/
return _("*none*");
}
}
-#endif
-static int do_file_digest(FF_PKT *ff_pkt, void *pkt, bool top_level) {
- JCR *jcr = (JCR *) pkt;
+static int do_file_digest(FF_PKT *ff_pkt, void *pkt, bool top_level)
+{
+ JCR *jcr = (JCR *)pkt;
return (digest_file(jcr, ff_pkt, jcr->digest));
}
uint32_t wsize; /* write size */
uint32_t rsize; /* read size */
char ec1[50]; /* Buffer printing huge values */
- const void *cipher_input; /* Decryption input */
- size_t cipher_input_len; /* Decryption input length */
- size_t decrypted_len = 0; /* Decryption output length */
+ const uint8_t *cipher_input; /* Decryption input */
+ uint32_t cipher_input_len; /* Decryption input length */
+ uint32_t decrypted_len = 0; /* Decryption output length */
if (flags & FO_SPARSE) {
ser_declare;
rsize = buflen;
}
wsize = rsize;
- cipher_input = wbuf;
- cipher_input_len = wsize;
+ cipher_input = (uint8_t *)wbuf;
+ cipher_input_len = (uint32_t)wsize;
if (flags & FO_GZIP) {
#ifdef HAVE_LIBZ
}
wbuf = jcr->compress_buf;
wsize = compress_len;
- cipher_input = jcr->compress_buf; /* decrypt decompressed data */
+ cipher_input = (uint8_t *)jcr->compress_buf; /* decrypt decompressed data */
cipher_input_len = compress_len;
Dmsg2(100, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
#else
/* Encrypt the input block */
- if (!crypto_cipher_update(cipher, cipher_input, cipher_input_len, jcr->crypto_buf, &decrypted_len)) {
+ if (!crypto_cipher_update(cipher, cipher_input, cipher_input_len, (uint8_t *)jcr->crypto_buf, &decrypted_len)) {
/* Decryption failed. Shouldn't happen. */
Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
return -1;
/* Write out the remaining block and free the cipher context */
jcr->crypto_buf = check_pool_memory_size(jcr->crypto_buf, cipher_block_size);
- if (!crypto_cipher_finalize(cipher, jcr->crypto_buf, &decrypted_len)) {
+ if (!crypto_cipher_finalize(cipher, (uint8_t *)jcr->crypto_buf, &decrypted_len)) {
/* Writing out the final, buffered block failed. Shouldn't happen. */
Jmsg1(jcr, M_FATAL, 0, _("Decryption error for %s\n"), jcr->last_fname);
}
* Returns: true on success
* false on failure
*/
-bool crypto_digest_update (DIGEST *digest, const uint8_t *data, uint32_t length) {
+bool crypto_digest_update(DIGEST *digest, const uint8_t *data, uint32_t length)
+{
if (EVP_DigestUpdate(&digest->ctx, data, length) == 0) {
return true;
} else {
* Returns: true on success, number of bytes output in written
* false on failure
*/
-bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, size_t length, const void *dest, size_t *written) {
- if (!EVP_CipherUpdate(&cipher_ctx->ctx, (unsigned char *) dest, (int *) written, (const unsigned char *) data, length)) {
+bool crypto_cipher_update(CIPHER_CONTEXT *cipher_ctx, const uint8_t *data, uint32_t length, const uint8_t *dest, uint32_t *written)
+{
+ if (!EVP_CipherUpdate(&cipher_ctx->ctx, (unsigned char *)dest, (int *)written, (const unsigned char *)data, length)) {
/* This really shouldn't fail */
return false;
} else {
return (digest);
}
-bool crypto_digest_update(DIGEST *digest, const void *data, size_t length)
+bool crypto_digest_update(DIGEST *digest, const uint8_t *data, uint32_t length)
{
switch (digest->type) {
case CRYPTO_DIGEST_MD5:
}
}
-bool crypto_digest_finalize(DIGEST *digest, void *dest, size_t *length) {
-
+bool crypto_digest_finalize(DIGEST *digest, uint8_t *dest, uint32_t *length)
+{
switch (digest->type) {
case CRYPTO_DIGEST_MD5:
/* Guard against programmer error by either the API client or
crypto_error_t crypto_sign_verify (SIGNATURE *sig, X509_KEYPAIR *keypair, DIGEST *digest) { return CRYPTO_ERROR_INTERNAL; }
int crypto_sign_add_signer (SIGNATURE *sig, DIGEST *digest, X509_KEYPAIR *keypair) { return false; }
-int crypto_sign_encode (SIGNATURE *sig, void *dest, size_t *length) { return false; }
+int crypto_sign_encode (SIGNATURE *sig, uint8_t *dest, uint32_t *length) { return false; }
-SIGNATURE *crypto_sign_decode (const void *sigData, size_t length) { return NULL; }
+SIGNATURE *crypto_sign_decode (const uint8_t *sigData, uint32_t length) { return NULL; }
void crypto_sign_free (SIGNATURE *sig) { }
CRYPTO_SESSION *crypto_session_new (crypto_cipher_t cipher, alist *pubkeys) { return NULL; }
void crypto_session_free (CRYPTO_SESSION *cs) { }
-bool crypto_session_encode (CRYPTO_SESSION *cs, void *dest, size_t *length) { return false; }
-crypto_error_t crypto_session_decode (const void *data, size_t length, alist *keypairs, CRYPTO_SESSION **session) { return CRYPTO_ERROR_INTERNAL; }
+bool crypto_session_encode (CRYPTO_SESSION *cs, uint8_t *dest, uint32_t *length) { return false; }
+crypto_error_t crypto_session_decode(const uint8_t *data, uint32_t length, alist *keypairs, CRYPTO_SESSION **session) { return CRYPTO_ERROR_INTERNAL; }
-CIPHER_CONTEXT *crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, size_t *blocksize) { return NULL; }
-bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, size_t length, const void *dest, size_t *written) { return false; }
-bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, void *dest, size_t *written) { return false; }
+CIPHER_CONTEXT *crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, uint32_t *blocksize) { return NULL; }
+bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const uint8_t *data, uint32_t length, const uint8_t *dest, uint32_t *written) { return false; }
+bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, uint8_t *dest, uint32_t *written) { return false; }
void crypto_cipher_free (CIPHER_CONTEXT *cipher_ctx) { }
#endif /* HAVE_CRYPTO */
crypto_error_t crypto_session_decode (const uint8_t *data, uint32_t length, alist *keypairs, CRYPTO_SESSION **session);
CRYPTO_SESSION * crypto_session_decode (const uint8_t *data, uint32_t length);
CIPHER_CONTEXT * crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, uint32_t *blocksize);
-bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, uint32_t length, const void *dest, size_t *written);
-bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, void *dest, size_t *written);
+bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const uint8_t *data, uint32_t length, const uint8_t *dest, uint32_t *written);
+bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, uint8_t *dest, uint32_t *written);
void crypto_cipher_free (CIPHER_CONTEXT *cipher_ctx);
X509_KEYPAIR * crypto_keypair_new (void);
X509_KEYPAIR * crypto_keypair_dup (X509_KEYPAIR *keypair);
open_file_device(dcr, omode);
}
state |= preserve; /* reset any important state info */
- if (preserve) {
- Dmsg1(000, "preserve=0x%x\n", preserve);
- }
+ Dmsg1(100, "preserve=0x%x\n", preserve);
return fd;
}
/* If this is set stdout will not be closed on startup */
#define DEVELOPER 1
-/* #define USE_BSNPRINTF */
+#define USE_BSNPRINTF 1
/* Debug flags not normally turned on */
projects / bacula / bacula / commitdiff