libgocryptfs: update to gocryptfs v2.3.1

internal/siv_aead/siv_aead.go

@@ -6,7 +6,7 @@ import (
 	"crypto/cipher"
 	"log"
 
-	"github.com/jacobsa/crypto/siv"
+	"github.com/aperturerobotics/jacobsa-crypto/siv"
 )
 
 type sivAead struct {
@@ -63,7 +63,7 @@ func (s *sivAead) Seal(dst, nonce, plaintext, authData []byte) []byte {
 	if len(s.key) == 0 {
 		log.Panic("Key has been wiped?")
 	}
-	// https://github.com/jacobsa/crypto/blob/master/siv/encrypt.go#L48:
+	// https://github.com/aperturerobotics/jacobsa-crypto/blob/master/siv/encrypt.go#L48:
 	// As per RFC 5297 section 3, you may use this function for nonce-based
 	// authenticated encryption by passing a nonce as the last associated
 	// data element.

internal/stupidgcm/doc.go

@@ -16,13 +16,13 @@
 // However, OpenSSL has optimized assembly for almost all platforms, which Go
 // does not. Example for a 32-bit ARM device (Odroid XU4):
 //
-//   $ gocrypts -speed
-//   gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm
-//   AES-GCM-256-OpenSSL               56.84 MB/s    (selected in auto mode)
-//   AES-GCM-256-Go                    16.61 MB/s
-//   AES-SIV-512-Go                    16.49 MB/s
-//   XChaCha20-Poly1305-Go             39.08 MB/s    (use via -xchacha flag)
-//   XChaCha20-Poly1305-OpenSSL       141.82 MB/s
+//	$ gocrypts -speed
+//	gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm
+//	AES-GCM-256-OpenSSL               56.84 MB/s    (selected in auto mode)
+//	AES-GCM-256-Go                    16.61 MB/s
+//	AES-SIV-512-Go                    16.49 MB/s
+//	XChaCha20-Poly1305-Go             39.08 MB/s    (use via -xchacha flag)
+//	XChaCha20-Poly1305-OpenSSL       141.82 MB/s
 //
 // This package is "stupid" in the sense that it only supports a narrow set of
 // key- and iv-lengths, and panics if it does not like what you pass it.
@@ -33,7 +33,7 @@
 // Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on
 // decryption.
 //
-// XChaCha20-Poly1305
+// # XChaCha20-Poly1305
 //
 // The XChaCha20-Poly1305 implementation is more complicated than the others,
 // because OpenSSL does not support XChaCha20-Poly1305 directly. Follow
@@ -43,16 +43,16 @@
 // Fortunately, XChaCha20-Poly1305 is just ChaCha20-Poly1305 with some key+iv
 // mixing using HChaCha20 in front:
 //
-//     key (32 bytes), iv (24 bytes)
-//      |
-//      v
-//     HChaCha20 (provided by golang.org/x/crypto/chacha20)
-//      |
-//      v
-//     key2 (32 bytes), iv2 (16 bytes)
-//      |
-//      v
-//     ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305)
+//	key (32 bytes), iv (24 bytes)
+//	 |
+//	 v
+//	HChaCha20 (provided by golang.org/x/crypto/chacha20)
+//	 |
+//	 v
+//	key2 (32 bytes), iv2 (16 bytes)
+//	 |
+//	 v
+//	ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305)
 //
 // As HChaCha20 is very fast, XChaCha20-Poly1305 gets almost the same throughput
 // as ChaCha20-Poly1305 (for 4kiB blocks).

internal/stupidgcm/prefer.go

@@ -11,9 +11,9 @@ import (
 //
 // Go GCM is only faster if the CPU either:
 //
-// 1) Is X86_64 && has AES instructions && Go is v1.6  or higher
-// 2) Is ARM64  && has AES instructions && Go is v1.11 or higher
-//    (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
+//  1. Is X86_64 && has AES instructions && Go is v1.6  or higher
+//  2. Is ARM64  && has AES instructions && Go is v1.11 or higher
+//     (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
 //
 // See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
 // for benchmarks.