without_openssl: support compiling completely without openssl
Build helper script: build-without-openssl.bash
This commit is contained in:
parent
a00402cc47
commit
56c0b19612
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
exec ./build.bash -tags without_openssl
|
|
@ -35,10 +35,10 @@ V=$(go version | cut -d" " -f3 | cut -c3-5)
|
||||||
|
|
||||||
if [ $V == "1.3" -o $V == "1.4" ]
|
if [ $V == "1.3" -o $V == "1.4" ]
|
||||||
then
|
then
|
||||||
go build -ldflags="-X main.GitVersion $GITVERSION -X main.GitVersionFuse $GITVERSIONFUSE -X main.BuildTime $BUILDTIME"
|
go build -ldflags="-X main.GitVersion $GITVERSION -X main.GitVersionFuse $GITVERSIONFUSE -X main.BuildTime $BUILDTIME" $@
|
||||||
else
|
else
|
||||||
# Go 1.5 wants an "=" here
|
# Go 1.5 wants an "=" here
|
||||||
go build -ldflags="-X main.GitVersion=$GITVERSION -X main.GitVersionFuse=$GITVERSIONFUSE -X main.BuildTime=$BUILDTIME"
|
go build -ldflags="-X main.GitVersion=$GITVERSION -X main.GitVersionFuse=$GITVERSIONFUSE -X main.BuildTime=$BUILDTIME" $@
|
||||||
fi
|
fi
|
||||||
(cd gocryptfs-xray; go build)
|
(cd gocryptfs-xray; go build)
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// filePreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
|
// filePreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
|
||||||
// Go GCM is fastern when the CPU has AES instructions and Go is v1.6 or higher.
|
// Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher.
|
||||||
//
|
//
|
||||||
// See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
|
// See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
|
||||||
// for benchmarks.
|
// for benchmarks.
|
||||||
|
|
|
@ -3,7 +3,14 @@
|
||||||
|
|
||||||
package prefer_openssl
|
package prefer_openssl
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
|
||||||
|
)
|
||||||
|
|
||||||
func PreferOpenSSL() bool {
|
func PreferOpenSSL() bool {
|
||||||
|
if stupidgcm.BuiltWithoutOpenssl {
|
||||||
|
return false
|
||||||
|
}
|
||||||
// OpenSSL is always faster than Go GCM on old Go versions or on anything
|
// OpenSSL is always faster than Go GCM on old Go versions or on anything
|
||||||
// other than amd64
|
// other than amd64
|
||||||
return true
|
return true
|
||||||
|
|
|
@ -3,6 +3,10 @@
|
||||||
|
|
||||||
package prefer_openssl
|
package prefer_openssl
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
|
||||||
|
)
|
||||||
|
|
||||||
// PreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
|
// PreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
|
||||||
// Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher
|
// Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher
|
||||||
// on amd64.
|
// on amd64.
|
||||||
|
@ -10,5 +14,8 @@ package prefer_openssl
|
||||||
// See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
|
// See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
|
||||||
// for benchmarks.
|
// for benchmarks.
|
||||||
func PreferOpenSSL() bool {
|
func PreferOpenSSL() bool {
|
||||||
|
if stupidgcm.BuiltWithoutOpenssl {
|
||||||
|
return false
|
||||||
|
}
|
||||||
return filePreferOpenSSL("/proc/cpuinfo")
|
return filePreferOpenSSL("/proc/cpuinfo")
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
// +build !without_openssl
|
||||||
|
|
||||||
package stupidgcm
|
package stupidgcm
|
||||||
|
|
||||||
// In general, OpenSSL is only threadsafe if you provide a locking function
|
// In general, OpenSSL is only threadsafe if you provide a locking function
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
// +build !without_openssl
|
||||||
|
|
||||||
// Package stupidgcm is a thin wrapper for OpenSSL's GCM encryption and
|
// Package stupidgcm is a thin wrapper for OpenSSL's GCM encryption and
|
||||||
// decryption functions. It only support 32-byte keys and 16-bit IVs.
|
// decryption functions. It only support 32-byte keys and 16-bit IVs.
|
||||||
package stupidgcm
|
package stupidgcm
|
||||||
|
@ -13,6 +15,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
// Has openssl been disabled at compile-time?
|
||||||
|
BuiltWithoutOpenssl = false
|
||||||
|
|
||||||
keyLen = 32
|
keyLen = 32
|
||||||
ivLen = 16
|
ivLen = 16
|
||||||
tagLen = 16
|
tagLen = 16
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
// +build without_openssl
|
||||||
|
|
||||||
|
package stupidgcm
|
||||||
|
|
||||||
|
import (
|
||||||
|
"os"
|
||||||
|
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
||||||
|
)
|
||||||
|
|
||||||
|
type stupidGCM struct{}
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Has openssl been disabled at compile-time?
|
||||||
|
BuiltWithoutOpenssl = true
|
||||||
|
)
|
||||||
|
|
||||||
|
func errExit() {
|
||||||
|
tlog.Fatal.Println("gocryptfs has been compiled without openssl support but you are still trying to use openssl")
|
||||||
|
os.Exit(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
func New(_ []byte) stupidGCM {
|
||||||
|
errExit()
|
||||||
|
// This panic is never reached, but having it here stops the Go compiler
|
||||||
|
// from complaining about the missing return code.
|
||||||
|
panic("")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g stupidGCM) NonceSize() int {
|
||||||
|
errExit()
|
||||||
|
panic("")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g stupidGCM) Overhead() int {
|
||||||
|
errExit()
|
||||||
|
panic("")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g stupidGCM) Seal(_, _, _, _ []byte) []byte {
|
||||||
|
errExit()
|
||||||
|
panic("")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g stupidGCM) Open(_, _, _, _ []byte) ([]byte, error) {
|
||||||
|
errExit()
|
||||||
|
panic("")
|
||||||
|
}
|
9
main.go
9
main.go
|
@ -25,6 +25,7 @@ import (
|
||||||
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
|
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
|
||||||
"github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse"
|
"github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse"
|
||||||
"github.com/rfjakob/gocryptfs/internal/readpassword"
|
"github.com/rfjakob/gocryptfs/internal/readpassword"
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
|
||||||
"github.com/rfjakob/gocryptfs/internal/tlog"
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -103,9 +104,13 @@ func printVersion() {
|
||||||
t := time.Unix(i, 0).UTC()
|
t := time.Unix(i, 0).UTC()
|
||||||
humanTime = fmt.Sprintf("%d-%02d-%02d", t.Year(), t.Month(), t.Day())
|
humanTime = fmt.Sprintf("%d-%02d-%02d", t.Year(), t.Month(), t.Day())
|
||||||
}
|
}
|
||||||
|
buildFlags := ""
|
||||||
|
if stupidgcm.BuiltWithoutOpenssl {
|
||||||
|
buildFlags = " without_openssl"
|
||||||
|
}
|
||||||
built := fmt.Sprintf("%s %s", humanTime, runtime.Version())
|
built := fmt.Sprintf("%s %s", humanTime, runtime.Version())
|
||||||
fmt.Printf("%s %s; go-fuse %s; %s\n",
|
fmt.Printf("%s %s%s; go-fuse %s; %s\n",
|
||||||
tlog.ProgramName, GitVersion, GitVersionFuse, built)
|
tlog.ProgramName, GitVersion, buildFlags, GitVersionFuse, built)
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
Loading…
Reference in New Issue