aboutsummaryrefslogtreecommitdiff
path: root/internal/fusefrontend
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-09-10 12:14:19 +0200
committerJakob Unterwurzacher2021-09-10 12:14:19 +0200
commitd023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a (patch)
tree8e5df3a175b183f0db989a9d8f940a3c5c7434b0 /internal/fusefrontend
parentc974116322f057a36ffb0b2ec0338b7f60872773 (diff)
cli: drop -forcedecode flag
The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
Diffstat (limited to 'internal/fusefrontend')
-rw-r--r--internal/fusefrontend/args.go2
-rw-r--r--internal/fusefrontend/file.go14
-rw-r--r--internal/fusefrontend/xattr_unit_test.go4
3 files changed, 5 insertions, 15 deletions
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 4aedf2e..64a5923 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -26,8 +26,6 @@ type Args struct {
ConfigCustom bool
// NoPrealloc disables automatic preallocation before writing
NoPrealloc bool
- // Force decode even if integrity check fails (openSSL only)
- ForceDecode bool
// Exclude is a list of paths to make inaccessible, starting match at
// the filesystem root
Exclude []string
diff --git a/internal/fusefrontend/file.go b/internal/fusefrontend/file.go
index 661c2b8..3ce1b1e 100644
--- a/internal/fusefrontend/file.go
+++ b/internal/fusefrontend/file.go
@@ -20,7 +20,6 @@ import (
"github.com/rfjakob/gocryptfs/v2/internal/contentenc"
"github.com/rfjakob/gocryptfs/v2/internal/inomap"
"github.com/rfjakob/gocryptfs/v2/internal/openfiletable"
- "github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/v2/internal/syscallcompat"
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)
@@ -208,16 +207,9 @@ func (f *File) doRead(dst []byte, off uint64, length uint64) ([]byte, syscall.Er
plaintext, err := f.contentEnc.DecryptBlocks(ciphertext, firstBlockNo, fileID)
f.rootNode.contentEnc.CReqPool.Put(ciphertext)
if err != nil {
- if f.rootNode.args.ForceDecode && err == stupidgcm.ErrAuth {
- // We do not have the information which block was corrupt here anymore,
- // but DecryptBlocks() has already logged it anyway.
- tlog.Warn.Printf("doRead %d: off=%d len=%d: returning corrupt data due to forcedecode",
- f.qIno.Ino, off, length)
- } else {
- curruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext)))
- tlog.Warn.Printf("doRead %d: corrupt block #%d: %v", f.qIno.Ino, curruptBlockNo, err)
- return nil, syscall.EIO
- }
+ curruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext)))
+ tlog.Warn.Printf("doRead %d: corrupt block #%d: %v", f.qIno.Ino, curruptBlockNo, err)
+ return nil, syscall.EIO
}
// Crop down to the relevant part
diff --git a/internal/fusefrontend/xattr_unit_test.go b/internal/fusefrontend/xattr_unit_test.go
index 7449d24..5bffd5e 100644
--- a/internal/fusefrontend/xattr_unit_test.go
+++ b/internal/fusefrontend/xattr_unit_test.go
@@ -17,8 +17,8 @@ import (
func newTestFS(args Args) *RootNode {
// Init crypto backend
key := make([]byte, cryptocore.KeyLen)
- cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true, false)
- cEnc := contentenc.New(cCore, contentenc.DefaultBS, false)
+ cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true)
+ cEnc := contentenc.New(cCore, contentenc.DefaultBS)
n := nametransform.New(cCore.EMECipher, true, true, nil, false)
rn := NewRootNode(args, cEnc, n)
oneSec := time.Second