From 3409ade2723d931097560fbbe35e461553c5912c Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 24 Apr 2017 00:25:02 +0200 Subject: forcedecode: tighten checks ...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec. --- internal/stupidgcm/autherr.go | 8 ++++++++ internal/stupidgcm/stupidgcm.go | 9 ++------- internal/stupidgcm/without_openssl.go | 3 --- 3 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 internal/stupidgcm/autherr.go (limited to 'internal/stupidgcm') diff --git a/internal/stupidgcm/autherr.go b/internal/stupidgcm/autherr.go new file mode 100644 index 0000000..e59f92e --- /dev/null +++ b/internal/stupidgcm/autherr.go @@ -0,0 +1,8 @@ +package stupidgcm + +import ( + "fmt" +) + +// ErrAuth is returned when the message authentication fails +var ErrAuth = fmt.Errorf("stupidgcm: message authentication failed") diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go index 133ee1a..5cc6c3c 100644 --- a/internal/stupidgcm/stupidgcm.go +++ b/internal/stupidgcm/stupidgcm.go @@ -10,7 +10,6 @@ import "C" import ( "crypto/cipher" - "fmt" "log" "unsafe" ) @@ -30,9 +29,6 @@ type stupidGCM struct { forceDecode bool } -//authentication error -var AuthError error = fmt.Errorf("stupidgcm: message authentication failed") - var _ cipher.AEAD = &stupidGCM{} // New returns a new cipher.AEAD implementation.. @@ -193,10 +189,9 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { // The error code must always be checked by the calling function, because the decrypted buffer // may contain corrupted data that we are returning in case the user forced reads if g.forceDecode == true { - return append(dst, buf...), AuthError - } else { - return nil, AuthError + return append(dst, buf...), ErrAuth } + return nil, ErrAuth } return append(dst, buf...), nil diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go index 52d8fa0..1c6ebcf 100644 --- a/internal/stupidgcm/without_openssl.go +++ b/internal/stupidgcm/without_openssl.go @@ -14,9 +14,6 @@ const ( BuiltWithoutOpenssl = true ) -//authentication error - needed to compile as same varaible is exported when openssl is enable via stupidgcm.go -var AuthError error = fmt.Errorf("stupidgcm: message authentication failed with openssl disabled!") - func errExit() { fmt.Fprintln(os.Stderr, "gocryptfs has been compiled without openssl support but you are still trying to use openssl") os.Exit(2) -- cgit v1.2.3