without_openssl: support compiling completely without openssl

Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00 · 2016-10-04 09:51:14 +02:00 · 56c0b19612
parent a00402cc47
commit 56c0b19612
9 changed files with 86 additions and 5 deletions
--- a/build-without-openssl.bash
+++ b/build-without-openssl.bash
@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -eu
+
+cd "$(dirname "$0")"
+
+exec ./build.bash -tags without_openssl
--- a/build.bash
+++ b/build.bash
@ -35,10 +35,10 @@ V=$(go version | cut -d" " -f3 | cut -c3-5)

 if [ $V == "1.3" -o $V == "1.4" ]
 then
-	go build -ldflags="-X main.GitVersion $GITVERSION -X main.GitVersionFuse $GITVERSIONFUSE -X main.BuildTime $BUILDTIME"
+	go build -ldflags="-X main.GitVersion $GITVERSION -X main.GitVersionFuse $GITVERSIONFUSE -X main.BuildTime $BUILDTIME" $@
 else
 	# Go 1.5 wants an "=" here
-	go build -ldflags="-X main.GitVersion=$GITVERSION -X main.GitVersionFuse=$GITVERSIONFUSE -X main.BuildTime=$BUILDTIME"
+	go build -ldflags="-X main.GitVersion=$GITVERSION -X main.GitVersionFuse=$GITVERSIONFUSE -X main.BuildTime=$BUILDTIME" $@
 fi
 (cd gocryptfs-xray; go build)

--- a/internal/prefer_openssl/prefer.go
+++ b/internal/prefer_openssl/prefer.go
@ -11,7 +11,7 @@ import (
 )

 // filePreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
-// Go GCM is fastern when the CPU has AES instructions and Go is v1.6 or higher.
+// Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher.
 //
 // See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
 // for benchmarks.
--- a/internal/prefer_openssl/prefer_go1.5.go
+++ b/internal/prefer_openssl/prefer_go1.5.go
@ -3,7 +3,14 @@

 package prefer_openssl

+import (
+	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
+)
+
 func PreferOpenSSL() bool {
+	if stupidgcm.BuiltWithoutOpenssl {
+		return false
+	}
 	// OpenSSL is always faster than Go GCM on old Go versions or on anything
 	// other than amd64
 	return true
--- a/internal/prefer_openssl/prefer_go1.6.go
+++ b/internal/prefer_openssl/prefer_go1.6.go
@ -3,6 +3,10 @@

 package prefer_openssl

+import (
+	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
+)
+
 // PreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
 // Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher
 // on amd64.
@ -10,5 +14,8 @@ package prefer_openssl
 // See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
 // for benchmarks.
 func PreferOpenSSL() bool {
+	if stupidgcm.BuiltWithoutOpenssl {
+		return false
+	}
 	return filePreferOpenSSL("/proc/cpuinfo")
 }
--- a/internal/stupidgcm/locking.go
+++ b/internal/stupidgcm/locking.go
@ -1,3 +1,5 @@
+// +build !without_openssl
+
 package stupidgcm

 // In general, OpenSSL is only threadsafe if you provide a locking function
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@ -1,3 +1,5 @@
+// +build !without_openssl
+
 // Package stupidgcm is a thin wrapper for OpenSSL's GCM encryption and
 // decryption functions. It only support 32-byte keys and 16-bit IVs.
 package stupidgcm
@ -13,6 +15,9 @@ import (
 )

 const (
+	// Has openssl been disabled at compile-time?
+	BuiltWithoutOpenssl = false
+
 	keyLen = 32
 	ivLen  = 16
 	tagLen = 16
--- a/internal/stupidgcm/without_openssl.go
+++ b/internal/stupidgcm/without_openssl.go
@ -0,0 +1,48 @@
+// +build without_openssl
+
+package stupidgcm
+
+import (
+	"os"
+
+	"github.com/rfjakob/gocryptfs/internal/tlog"
+)
+
+type stupidGCM struct{}
+
+const (
+	// Has openssl been disabled at compile-time?
+	BuiltWithoutOpenssl = true
+)
+
+func errExit() {
+	tlog.Fatal.Println("gocryptfs has been compiled without openssl support but you are still trying to use openssl")
+	os.Exit(2)
+}
+
+func New(_ []byte) stupidGCM {
+	errExit()
+	// This panic is never reached, but having it here stops the Go compiler
+	// from complaining about the missing return code.
+	panic("")
+}
+
+func (g stupidGCM) NonceSize() int {
+	errExit()
+	panic("")
+}
+
+func (g stupidGCM) Overhead() int {
+	errExit()
+	panic("")
+}
+
+func (g stupidGCM) Seal(_, _, _, _ []byte) []byte {
+	errExit()
+	panic("")
+}
+
+func (g stupidGCM) Open(_, _, _, _ []byte) ([]byte, error) {
+	errExit()
+	panic("")
+}
--- a/main.go
+++ b/main.go
@ -25,6 +25,7 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/fusefrontend"
 	"github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse"
 	"github.com/rfjakob/gocryptfs/internal/readpassword"
+	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
 	"github.com/rfjakob/gocryptfs/internal/tlog"
 )

@ -103,9 +104,13 @@ func printVersion() {
 		t := time.Unix(i, 0).UTC()
 		humanTime = fmt.Sprintf("%d-%02d-%02d", t.Year(), t.Month(), t.Day())
 	}
+	buildFlags := ""
+	if stupidgcm.BuiltWithoutOpenssl {
+		buildFlags = " without_openssl"
+	}
 	built := fmt.Sprintf("%s %s", humanTime, runtime.Version())
-	fmt.Printf("%s %s; go-fuse %s; %s\n",
-		tlog.ProgramName, GitVersion, GitVersionFuse, built)
+	fmt.Printf("%s %s%s; go-fuse %s; %s\n",
+		tlog.ProgramName, GitVersion, buildFlags, GitVersionFuse, built)
 }

 func main() {