stupidgcm: stupidChacha20poly1305: normalize panic messages

internal/stupidgcm/stupidchacha.go

@@ -45,7 +45,7 @@ func (g *stupidChacha20poly1305) Overhead() int {
 // Seal encrypts "in" using "iv" and "authData" and append the result to "dst"
 func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
 	if g.wiped {
-		panic("BUG: tried to use wiped stupidChacha20poly1305")
+		panic("BUG: tried to use wiped key")
 	}
 	if len(iv) != g.NonceSize() {
 		log.Panicf("Only %d-byte IVs are supported, you passed %d bytes", g.NonceSize(), len(iv))
@@ -130,7 +130,7 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
 // Open decrypts "in" using "iv" and "authData" and append the result to "dst"
 func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, error) {
 	if g.wiped {
-		panic("BUG: tried to use wiped stupidChacha20poly1305")
+		panic("BUG: tried to use wiped key")
 	}
 	if len(iv) != g.NonceSize() {
 		log.Panicf("Only %d-byte IVs are supported", g.NonceSize())
@@ -216,8 +216,7 @@ func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, err
 	return append(dst, buf...), nil
 }
 
-// Wipe tries to wipe the AES key from memory by overwriting it with zeros
+// Wipe tries to wipe the key from memory by overwriting it with zeros.
-// and setting the reference to nil.
 //
 // This is not bulletproof due to possible GC copies, but
 // still raises the bar for extracting the key.

internal/stupidgcm/stupidchacha_test.go

@@ -1,8 +1,5 @@
 // +build !without_openssl
 
-// We compare against Go's built-in GCM implementation. Since stupidgcm only
-// supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot
-// run these tests on older Go versions.
 package stupidgcm
 
 import (