Jakob Unterwurzacher
bcc8378a2c
Fix the easy golint warnings
...
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-04-08 20:26:25 +02:00
Jakob Unterwurzacher
72ddbae1e6
stupidgcm: create private copy of the key
...
Relieves the caller from worrying about whether they
can overwrite the key.
2018-02-18 12:35:51 +01:00
Jakob Unterwurzacher
18f6c6106c
main: try to wipe cryptocore's secret keys on unmount
...
Raise the bar for recovering keys from memory.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 11:39:10 +01:00
Jakob Unterwurzacher
eeed4b4bef
stupidgcm: implement key wipe
...
Not bulletproof due to possible GC copies, but
still raises to bar for extracting the key.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17 15:14:55 +01:00
Jakob Unterwurzacher
7e0fefe970
stupidgcm: switch to pointer receivers
...
What the key slice does not get copied around
will make it possible to check if the key has been wiped.
2018-02-17 15:02:01 +01:00
Jakob Unterwurzacher
e4b5005bcc
stupidgcm: Open: if "dst" is big enough, use it as the output buffer
...
This means we won't need any allocation for the plaintext.
2017-06-30 23:24:12 +02:00
Jakob Unterwurzacher
0cc6f53496
stupidgcm: use "dst" as the output buffer it is big enough
...
This saves an allocation of the ciphertext block.
2017-06-29 18:52:33 +02:00
Jakob Unterwurzacher
3409ade272
forcedecode: tighten checks
...
...and fix a few golint issues and print a scary warning message on mount.
Also, force the fs to ro,noexec.
2017-04-24 00:25:02 +02:00
danim7
f1945c4daa
Add -forcedecode
...
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.
Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-04-23 23:11:56 +02:00
Jakob Unterwurzacher
c9f4400e6d
Replace all calls to naked panic() with log.Panic()
...
We want all panics to show up in the syslog.
2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher
a4956fa6bf
A few more lint fixes
2016-10-04 23:30:05 +02:00
Valient Gough
b764917cd5
lint fixes
2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
56c0b19612
without_openssl: support compiling completely without openssl
...
Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
b4d45554f2
Revert "stupidgcm: print openssl error stack before panicing"
...
This did not help in debugging the openssl <= 1.0.1c issue at all
and makes the code more complex. Keep it simple.
2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
508a949d9d
stupidgcm: reorder calls to support openssl <= 1.0.1c
...
This fixes the test failures on Travis CI.
Quoting from 07a4ff79d2
/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
* required the tag before any AAD or ciphertext */
2016-05-05 00:08:25 +02:00
Jakob Unterwurzacher
d0945b73d2
stupidgcm: print openssl error stack before panicing
2016-05-04 20:50:13 +02:00
Jakob Unterwurzacher
6c010c3080
stupidgcm: fix copy-paste error in panic message
...
Also, print the openssl version in Travis CI
2016-05-04 20:15:11 +02:00
Jakob Unterwurzacher
c92190bf07
stupidgcm: add our own thin wrapper around openssl gcm
...
...complete with tests and benchmark.
This will allow us to get rid of the dependency to spacemonkeygo/openssl
that causes problems on Arch Linux
( https://github.com/rfjakob/gocryptfs/issues/21 )
2016-05-04 19:56:07 +02:00