diff options
| author | Thomas Waldmann <tw@waldmann-edv.de> | 2023-02-19 21:25:24 +0100 |
|---|---|---|
| committer | Thomas Waldmann <tw@waldmann-edv.de> | 2023-02-19 21:25:24 +0100 |
| commit | 74a19ee2a0f04cb98212f58ac46c7b0c247811ea (patch) | |
| tree | eef4a05936932b0b0926eac214e7b81f9369fe0a | |
| parent | fea630027c6981094293deeeff9aa5a35fca9628 (diff) | |
verify_data: always decompress and call assert_id(), see #7362
| -rw-r--r-- | src/borg/archive.py | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/src/borg/archive.py b/src/borg/archive.py index 0cd81e784..e8d9c5b20 100644 --- a/src/borg/archive.py +++ b/src/borg/archive.py @@ -1837,12 +1837,6 @@ class ArchiveChecker: chunks_count_index = len(self.chunks) chunks_count_segments = 0 errors = 0 - # for the new crypto, derived from AEADKeyBase, we know that it checks authenticity on - # the crypto.low_level level - invalid chunks will fail to AEAD authenticate. - # for these key types, we know that there is no need to decompress the data afterwards. - # for all other modes, we assume that we must decompress, so we can verify authenticity - # based on the plaintext MAC (via calling ._assert_id(id, plaintext)). - decompress = not isinstance(self.key, AEADKeyBase) defect_chunks = [] pi = ProgressIndicatorPercent( total=chunks_count_index, msg="Verifying data %6.2f%%", step=0.01, msgid="check.verify_data" @@ -1872,7 +1866,8 @@ class ArchiveChecker: chunk_data_iter = self.repository.get_many(chunk_ids) else: try: - self.repo_objs.parse(chunk_id, encrypted_data, decompress=decompress) + # we must decompress, so it'll call assert_id() in there: + self.repo_objs.parse(chunk_id, encrypted_data, decompress=True) except IntegrityErrorBase as integrity_error: self.error_found = True errors += 1 @@ -1903,7 +1898,8 @@ class ArchiveChecker: # from the underlying media. try: encrypted_data = self.repository.get(defect_chunk) - self.repo_objs.parse(defect_chunk, encrypted_data, decompress=decompress) + # we must decompress, so it'll call assert_id() in there: + self.repo_objs.parse(defect_chunk, encrypted_data, decompress=True) except IntegrityErrorBase: # failed twice -> get rid of this chunk del self.chunks[defect_chunk] |