summaryrefslogtreecommitdiff
path: root/internal/stupidgcm
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-04-24 00:25:02 +0200
committerJakob Unterwurzacher2017-04-24 00:25:02 +0200
commit3409ade2723d931097560fbbe35e461553c5912c (patch)
treec12f3eb3fa93eba352170ab597d70d6a72498ce2 /internal/stupidgcm
parentf1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff)
forcedecode: tighten checks
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
Diffstat (limited to 'internal/stupidgcm')
-rw-r--r--internal/stupidgcm/autherr.go8
-rw-r--r--internal/stupidgcm/stupidgcm.go9
-rw-r--r--internal/stupidgcm/without_openssl.go3
3 files changed, 10 insertions, 10 deletions
diff --git a/internal/stupidgcm/autherr.go b/internal/stupidgcm/autherr.go
new file mode 100644
index 0000000..e59f92e
--- /dev/null
+++ b/internal/stupidgcm/autherr.go
@@ -0,0 +1,8 @@
+package stupidgcm
+
+import (
+ "fmt"
+)
+
+// ErrAuth is returned when the message authentication fails
+var ErrAuth = fmt.Errorf("stupidgcm: message authentication failed")
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index 133ee1a..5cc6c3c 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -10,7 +10,6 @@ import "C"
import (
"crypto/cipher"
- "fmt"
"log"
"unsafe"
)
@@ -30,9 +29,6 @@ type stupidGCM struct {
forceDecode bool
}
-//authentication error
-var AuthError error = fmt.Errorf("stupidgcm: message authentication failed")
-
var _ cipher.AEAD = &stupidGCM{}
// New returns a new cipher.AEAD implementation..
@@ -193,10 +189,9 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
// The error code must always be checked by the calling function, because the decrypted buffer
// may contain corrupted data that we are returning in case the user forced reads
if g.forceDecode == true {
- return append(dst, buf...), AuthError
- } else {
- return nil, AuthError
+ return append(dst, buf...), ErrAuth
}
+ return nil, ErrAuth
}
return append(dst, buf...), nil
diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go
index 52d8fa0..1c6ebcf 100644
--- a/internal/stupidgcm/without_openssl.go
+++ b/internal/stupidgcm/without_openssl.go
@@ -14,9 +14,6 @@ const (
BuiltWithoutOpenssl = true
)
-//authentication error - needed to compile as same varaible is exported when openssl is enable via stupidgcm.go
-var AuthError error = fmt.Errorf("stupidgcm: message authentication failed with openssl disabled!")
-
func errExit() {
fmt.Fprintln(os.Stderr, "gocryptfs has been compiled without openssl support but you are still trying to use openssl")
os.Exit(2)