3 files changed, 7 insertions, 3 deletions

diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index ddfb9dc..5781db8 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -31,4 +31,6 @@ type Args struct {
 	HKDF bool
 	// Try to serialize read operations, "-serialize_reads"
 	SerializeReads bool
+	// Force decode even if integrity check fails (openSSL only)
+	ForceDecode bool
 }
diff --git a/internal/fusefrontend/file.go b/internal/fusefrontend/file.go
index 84ce058..4d75d64 100644
--- a/internal/fusefrontend/file.go
+++ b/internal/fusefrontend/file.go
@@ -202,7 +202,9 @@ func (f *file) doRead(off uint64, length uint64) ([]byte, fuse.Status) {
 	if err != nil {
 		curruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext)))
 		tlog.Warn.Printf("ino%d: doRead: corrupt block #%d: %v", f.devIno.ino, curruptBlockNo, err)
-		return nil, fuse.EIO
+		if (f.fs.args.ForceDecode == false) {
+			return nil, fuse.EIO
+		}
 	}
 
 	// Crop down to the relevant part
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 28c43b6..4aa4ffd 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -40,8 +40,8 @@ var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
 
 // NewFS returns a new encrypted FUSE overlay filesystem.
 func NewFS(args Args) *FS {
-	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF)
-	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
+	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, args.ForceDecode)
+	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS, args.ForceDecode)
 	nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
 
 	if args.SerializeReads {