aboutsummaryrefslogtreecommitdiff
path: root/internal/stupidgcm/stupidgcm.go
AgeCommit message (Collapse)Author
2018-02-18stupidgcm: create private copy of the keyJakob Unterwurzacher
Relieves the caller from worrying about whether they can overwrite the key.
2018-02-18main: try to wipe cryptocore's secret keys on unmountJakob Unterwurzacher
Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: implement key wipeJakob Unterwurzacher
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: switch to pointer receiversJakob Unterwurzacher
What the key slice does not get copied around will make it possible to check if the key has been wiped.
2017-06-30stupidgcm: Open: if "dst" is big enough, use it as the output bufferJakob Unterwurzacher
This means we won't need any allocation for the plaintext.
2017-06-29stupidgcm: use "dst" as the output buffer it is big enoughJakob Unterwurzacher
This saves an allocation of the ciphertext block.
2017-04-24forcedecode: tighten checksJakob Unterwurzacher
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
2017-04-23Add -forcedecodedanim7
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2016-12-10Replace all calls to naked panic() with log.Panic()Jakob Unterwurzacher
We want all panics to show up in the syslog.
2016-10-04A few more lint fixesJakob Unterwurzacher
2016-10-04lint fixesValient Gough
2016-10-04without_openssl: support compiling completely without opensslJakob Unterwurzacher
Build helper script: build-without-openssl.bash
2016-05-05Revert "stupidgcm: print openssl error stack before panicing"Jakob Unterwurzacher
This did not help in debugging the openssl <= 1.0.1c issue at all and makes the code more complex. Keep it simple.
2016-05-05stupidgcm: reorder calls to support openssl <= 1.0.1cJakob Unterwurzacher
This fixes the test failures on Travis CI. Quoting from https://github.com/openssl/openssl/commit/07a4ff79d23e45f1a45da717b7c1f41a5e1c7c0c /* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier * required the tag before any AAD or ciphertext */
2016-05-04stupidgcm: print openssl error stack before panicingJakob Unterwurzacher
2016-05-04stupidgcm: fix copy-paste error in panic messageJakob Unterwurzacher
Also, print the openssl version in Travis CI
2016-05-04stupidgcm: add our own thin wrapper around openssl gcmJakob Unterwurzacher
...complete with tests and benchmark. This will allow us to get rid of the dependency to spacemonkeygo/openssl that causes problems on Arch Linux ( https://github.com/rfjakob/gocryptfs/issues/21 )