Merge pull request #7731 from ThomasWaldmann/authenticated_no_key-fix…

…-1.2 bugfix: skip TAM check with BORG_WORKAROUNDS=authenticated_no_key
borgbackup · Jul 20, 2023 · aa913cd · aa913cd
2 parents b067aea + 104cc19
commit aa913cd
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py
@@ -235,6 +235,8 @@ def unpack_and_verify_manifest(self, data, force_tam_not_required=False):
         unpacker = get_limited_unpacker('manifest')
         unpacker.feed(data)
         unpacked = unpacker.unpack()
+        if AUTHENTICATED_NO_KEY:
+            return unpacked, True  # True is a lie.
         if b'tam' not in unpacked:
             if tam_required:
                 raise TAMRequiredError(self.repository._location.canonical_path())
@@ -258,8 +260,6 @@ def unpack_and_verify_manifest(self, data, force_tam_not_required=False):
         offset = data.index(tam_hmac)
         data[offset:offset + 64] = bytes(64)
         tam_key = self._tam_key(tam_salt, context=b'manifest')
-        if AUTHENTICATED_NO_KEY:
-            return unpacked, True  # True is a lie.
         calculated_hmac = hmac.digest(tam_key, data, 'sha512')
         if not hmac.compare_digest(calculated_hmac, tam_hmac):
             raise TAMInvalid()