phpbu icon indicating copy to clipboard operation
phpbu copied to clipboard

Published 20 hours ago verified publisher icon sebastianfeldmann

Large database silent encryption failure

Open TomAdam opened this issue 4 years ago • 2 comments

OpenSSL SMIME cannot decrypt files over 1.5GB and encryption truncates at 1.9GB. See https://github.com/openssl/openssl/issues/2515.

Unfortunately it fails silently (returning 0) when encrypting in both these situations, causing PHPBU to continue and log a success where the backup is actually corrupt.

Luckily, we discovered this issue during a disaster recovery fire-drill rather than a real fire.

Suggested actions:

  • Update the documentation to warn about the limit
  • Consider replacing the OpenSSL crypter, perhaps with a Halite/libsodium based crypter.

TomAdam avatar Sep 15 '21 09:09 TomAdam

Thanks for bringing this to my attention, I will update the documentation and see how the backup can be failed.

sebastianfeldmann avatar Sep 15 '21 12:09 sebastianfeldmann

Please let me know if you need anything from me. This undocumented "feature" of OpenSSL SMIME has affected other DB backup tools too. I'm quite surprised they haven't tackled it since it was reported 5 years ago.

TomAdam avatar Sep 15 '21 12:09 TomAdam