summaryrefslogtreecommitdiff
path: root/internal/stupidgcm
diff options
context:
space:
mode:
Diffstat (limited to 'internal/stupidgcm')
-rw-r--r--internal/stupidgcm/stupidchacha.go7
-rw-r--r--internal/stupidgcm/stupidchacha_test.go3
2 files changed, 3 insertions, 7 deletions
diff --git a/internal/stupidgcm/stupidchacha.go b/internal/stupidgcm/stupidchacha.go
index be8accb..a6fe318 100644
--- a/internal/stupidgcm/stupidchacha.go
+++ b/internal/stupidgcm/stupidchacha.go
@@ -45,7 +45,7 @@ func (g *stupidChacha20poly1305) Overhead() int {
// Seal encrypts "in" using "iv" and "authData" and append the result to "dst"
func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
if g.wiped {
- panic("BUG: tried to use wiped stupidChacha20poly1305")
+ panic("BUG: tried to use wiped key")
}
if len(iv) != g.NonceSize() {
log.Panicf("Only %d-byte IVs are supported, you passed %d bytes", g.NonceSize(), len(iv))
@@ -130,7 +130,7 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
// Open decrypts "in" using "iv" and "authData" and append the result to "dst"
func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, error) {
if g.wiped {
- panic("BUG: tried to use wiped stupidChacha20poly1305")
+ panic("BUG: tried to use wiped key")
}
if len(iv) != g.NonceSize() {
log.Panicf("Only %d-byte IVs are supported", g.NonceSize())
@@ -216,8 +216,7 @@ func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, err
return append(dst, buf...), nil
}
-// Wipe tries to wipe the AES key from memory by overwriting it with zeros
-// and setting the reference to nil.
+// Wipe tries to wipe the key from memory by overwriting it with zeros.
//
// This is not bulletproof due to possible GC copies, but
// still raises the bar for extracting the key.
diff --git a/internal/stupidgcm/stupidchacha_test.go b/internal/stupidgcm/stupidchacha_test.go
index 2690f85..513b68f 100644
--- a/internal/stupidgcm/stupidchacha_test.go
+++ b/internal/stupidgcm/stupidchacha_test.go
@@ -1,8 +1,5 @@
// +build !without_openssl
-// We compare against Go's built-in GCM implementation. Since stupidgcm only
-// supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot
-// run these tests on older Go versions.
package stupidgcm
import (