anon/gauth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix padding removal when decrypting a config file. (#36)

Browse Source 
OpenSSL uses PKCS#5 padding, and the decryption code was not removing it
correctly. In some cases, this causes the last line of the decrypted config to
be mangled and produces invalid results.

To support this:

- Move config loading to gauth.LoadConfigFile.
- Inject a hook to read the user's password.
- Add unit tests that decryption doesn't corrupt the result.
- Update module dependencies.
- Update Go versions in CI, and fix some config-check warnings.
This commit is contained in:
M. J. Fromberger
2020-10-26 18:42:15 -07:00
committed by GitHub
parent 9083b3c311
commit c57414b83b
8 changed files with 132 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
go.mod
View File

@ -3,7 +3,7 @@ module github.com/pcarrier/gauth
go 1.12
require (
github.com/creachadair/otp v0.1.0
golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5
golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2 // indirect
github.com/creachadair/otp v0.1.1
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
golang.org/x/sys v0.0.0-20201020230747-6e5568b54d1a // indirect
)