diff options
| author | Jakob Unterwurzacher | 2017-04-24 00:25:02 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2017-04-24 00:25:02 +0200 |
| commit | 3409ade2723d931097560fbbe35e461553c5912c (patch) | |
| tree | c12f3eb3fa93eba352170ab597d70d6a72498ce2 /internal/stupidgcm | |
| parent | f1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff) | |
forcedecode: tighten checks
...and fix a few golint issues and print a scary warning message on mount.
Also, force the fs to ro,noexec.
Diffstat (limited to 'internal/stupidgcm')
| -rw-r--r-- | internal/stupidgcm/autherr.go | 8 | ||||
| -rw-r--r-- | internal/stupidgcm/stupidgcm.go | 9 | ||||
| -rw-r--r-- | internal/stupidgcm/without_openssl.go | 3 |
3 files changed, 10 insertions, 10 deletions
diff --git a/internal/stupidgcm/autherr.go b/internal/stupidgcm/autherr.go new file mode 100644 index 0000000..e59f92e --- /dev/null +++ b/internal/stupidgcm/autherr.go @@ -0,0 +1,8 @@ +package stupidgcm + +import ( + "fmt" +) + +// ErrAuth is returned when the message authentication fails +var ErrAuth = fmt.Errorf("stupidgcm: message authentication failed") diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go index 133ee1a..5cc6c3c 100644 --- a/internal/stupidgcm/stupidgcm.go +++ b/internal/stupidgcm/stupidgcm.go @@ -10,7 +10,6 @@ import "C" import ( "crypto/cipher" - "fmt" "log" "unsafe" ) @@ -30,9 +29,6 @@ type stupidGCM struct { forceDecode bool } -//authentication error -var AuthError error = fmt.Errorf("stupidgcm: message authentication failed") - var _ cipher.AEAD = &stupidGCM{} // New returns a new cipher.AEAD implementation.. @@ -193,10 +189,9 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { // The error code must always be checked by the calling function, because the decrypted buffer // may contain corrupted data that we are returning in case the user forced reads if g.forceDecode == true { - return append(dst, buf...), AuthError - } else { - return nil, AuthError + return append(dst, buf...), ErrAuth } + return nil, ErrAuth } return append(dst, buf...), nil diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go index 52d8fa0..1c6ebcf 100644 --- a/internal/stupidgcm/without_openssl.go +++ b/internal/stupidgcm/without_openssl.go @@ -14,9 +14,6 @@ const ( BuiltWithoutOpenssl = true ) -//authentication error - needed to compile as same varaible is exported when openssl is enable via stupidgcm.go -var AuthError error = fmt.Errorf("stupidgcm: message authentication failed with openssl disabled!") - func errExit() { fmt.Fprintln(os.Stderr, "gocryptfs has been compiled without openssl support but you are still trying to use openssl") os.Exit(2) |