summaryrefslogtreecommitdiff
path: root/internal/cryptocore/cryptocore.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-02-18 12:33:48 +0100
committerJakob Unterwurzacher2018-02-18 12:35:51 +0100
commit72ddbae1e60470943aaae0bfce74ebdc88c07cd2 (patch)
tree7a420ca2e534e18e8d869ef6e5c3ac6a6aab2906 /internal/cryptocore/cryptocore.go
parent18f6c6106c66ba1fe6e7b48aaa5dd444ba0f9b09 (diff)
stupidgcm: create private copy of the key
Relieves the caller from worrying about whether they can overwrite the key.
Diffstat (limited to 'internal/cryptocore/cryptocore.go')
-rw-r--r--internal/cryptocore/cryptocore.go8
1 files changed, 1 insertions, 7 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index a355342..43cfdbc 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -86,13 +86,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
if IVLen != 16 {
log.Panic("stupidgcm only supports 128-bit IVs")
}
- // stupidgcm does not create a private copy of the key, so things
- // break when initFuseFrontend() overwrites it with zeros. Create
- // a copy here. This is unnecessary when useHKDF == true, but
- // does no harm.
- var stupidgcmKey []byte
- stupidgcmKey = append(stupidgcmKey, gcmKey...)
- aeadCipher = stupidgcm.New(stupidgcmKey, forceDecode)
+ aeadCipher = stupidgcm.New(gcmKey, forceDecode)
case BackendGoGCM:
goGcmBlockCipher, err := aes.NewCipher(gcmKey)
if err != nil {