From 72ddbae1e60470943aaae0bfce74ebdc88c07cd2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 18 Feb 2018 12:33:48 +0100 Subject: stupidgcm: create private copy of the key Relieves the caller from worrying about whether they can overwrite the key. --- internal/cryptocore/cryptocore.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'internal/cryptocore') diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index a355342..43cfdbc 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -86,13 +86,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec if IVLen != 16 { log.Panic("stupidgcm only supports 128-bit IVs") } - // stupidgcm does not create a private copy of the key, so things - // break when initFuseFrontend() overwrites it with zeros. Create - // a copy here. This is unnecessary when useHKDF == true, but - // does no harm. - var stupidgcmKey []byte - stupidgcmKey = append(stupidgcmKey, gcmKey...) - aeadCipher = stupidgcm.New(stupidgcmKey, forceDecode) + aeadCipher = stupidgcm.New(gcmKey, forceDecode) case BackendGoGCM: goGcmBlockCipher, err := aes.NewCipher(gcmKey) if err != nil { -- cgit v1.2.3