without_openssl: support compiling completely without openssl

Build helper script: build-without-openssl.bash

9 files changed, 86 insertions, 5 deletions

diff --git a/build-without-openssl.bash b/build-without-openssl.bash
new file mode 100755
index 0000000..670832a
--- /dev/null
+++ b/build-without-openssl.bash
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -eu
+
+cd "$(dirname "$0")"
+
+exec ./build.bash -tags without_openssl
diff --git a/build.bash b/build.bash
index b51fb2a..4090c71 100755
--- a/build.bash
+++ b/build.bash
@@ -35,10 +35,10 @@ V=$(go version | cut -d" " -f3 | cut -c3-5)
 
 if [ $V == "1.3" -o $V == "1.4" ]
 then
-	go build -ldflags="-X main.GitVersion $GITVERSION -X main.GitVersionFuse $GITVERSIONFUSE -X main.BuildTime $BUILDTIME"
+	go build -ldflags="-X main.GitVersion $GITVERSION -X main.GitVersionFuse $GITVERSIONFUSE -X main.BuildTime $BUILDTIME" $@
 else
 	# Go 1.5 wants an "=" here
-	go build -ldflags="-X main.GitVersion=$GITVERSION -X main.GitVersionFuse=$GITVERSIONFUSE -X main.BuildTime=$BUILDTIME"
+	go build -ldflags="-X main.GitVersion=$GITVERSION -X main.GitVersionFuse=$GITVERSIONFUSE -X main.BuildTime=$BUILDTIME" $@
 fi
 (cd gocryptfs-xray; go build)
 
diff --git a/internal/prefer_openssl/prefer.go b/internal/prefer_openssl/prefer.go
index 0afe7d5..e06f0d5 100644
--- a/internal/prefer_openssl/prefer.go
+++ b/internal/prefer_openssl/prefer.go
@@ -11,7 +11,7 @@ import (
 )
 
 // filePreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
-// Go GCM is fastern when the CPU has AES instructions and Go is v1.6 or higher.
+// Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher.
 //
 // See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
 // for benchmarks.
diff --git a/internal/prefer_openssl/prefer_go1.5.go b/internal/prefer_openssl/prefer_go1.5.go
index 51a07ab..7095314 100644
--- a/internal/prefer_openssl/prefer_go1.5.go
+++ b/internal/prefer_openssl/prefer_go1.5.go
@@ -3,7 +3,14 @@
 
 package prefer_openssl
 
+import (
+	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
+)
+
 func PreferOpenSSL() bool {
+	if stupidgcm.BuiltWithoutOpenssl {
+		return false
+	}
 	// OpenSSL is always faster than Go GCM on old Go versions or on anything
 	// other than amd64
 	return true
diff --git a/internal/prefer_openssl/prefer_go1.6.go b/internal/prefer_openssl/prefer_go1.6.go
index 898db0c..a5a67fb 100644
--- a/internal/prefer_openssl/prefer_go1.6.go
+++ b/internal/prefer_openssl/prefer_go1.6.go
@@ -3,6 +3,10 @@
 
 package prefer_openssl
 
+import (
+	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
+)
+
 // PreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
 // Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher
 // on amd64.
@@ -10,5 +14,8 @@ package prefer_openssl
 // See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
 // for benchmarks.
 func PreferOpenSSL() bool {
+	if stupidgcm.BuiltWithoutOpenssl {
+		return false
+	}
 	return filePreferOpenSSL("/proc/cpuinfo")
 }
diff --git a/internal/stupidgcm/locking.go b/internal/stupidgcm/locking.go
index 88f0900..952d669 100644
--- a/internal/stupidgcm/locking.go
+++ b/internal/stupidgcm/locking.go
@@ -1,3 +1,5 @@
+// +build !without_openssl
+
 package stupidgcm
 
 // In general, OpenSSL is only threadsafe if you provide a locking function
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index 0f4e25d..db9e6ef 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -1,3 +1,5 @@
+// +build !without_openssl
+
 // Package stupidgcm is a thin wrapper for OpenSSL's GCM encryption and
 // decryption functions. It only support 32-byte keys and 16-bit IVs.
 package stupidgcm
@@ -13,6 +15,9 @@ import (
 )
 
 const (
+	// Has openssl been disabled at compile-time?
+	BuiltWithoutOpenssl = false
+
 	keyLen = 32
 	ivLen  = 16
 	tagLen = 16
diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go
new file mode 100644
index 0000000..0b3cf90
--- /dev/null
+++ b/internal/stupidgcm/without_openssl.go
@@ -0,0 +1,48 @@
+// +build without_openssl
+
+package stupidgcm
+
+import (
+	"os"
+
+	"github.com/rfjakob/gocryptfs/internal/tlog"
+)
+
+type stupidGCM struct{}
+
+const (
+	// Has openssl been disabled at compile-time?
+	BuiltWithoutOpenssl = true
+)
+
+func errExit() {
+	tlog.Fatal.Println("gocryptfs has been compiled without openssl support but you are still trying to use openssl")
+	os.Exit(2)
+}
+
+func New(_ []byte) stupidGCM {
+	errExit()
+	// This panic is never reached, but having it here stops the Go compiler
+	// from complaining about the missing return code.
+	panic("")
+}
+
+func (g stupidGCM) NonceSize() int {
+	errExit()
+	panic("")
+}
+
+func (g stupidGCM) Overhead() int {
+	errExit()
+	panic("")
+}
+
+func (g stupidGCM) Seal(_, _, _, _ []byte) []byte {
+	errExit()
+	panic("")
+}
+
+func (g stupidGCM) Open(_, _, _, _ []byte) ([]byte, error) {
+	errExit()
+	panic("")
+}
diff --git a/main.go b/main.go
index 5f2ce73..a22dd08 100644
--- a/main.go
+++ b/main.go
@@ -25,6 +25,7 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/fusefrontend"
 	"github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse"
 	"github.com/rfjakob/gocryptfs/internal/readpassword"
+	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
 	"github.com/rfjakob/gocryptfs/internal/tlog"
 )
 
@@ -103,9 +104,13 @@ func printVersion() {
 		t := time.Unix(i, 0).UTC()
 		humanTime = fmt.Sprintf("%d-%02d-%02d", t.Year(), t.Month(), t.Day())
 	}
+	buildFlags := ""
+	if stupidgcm.BuiltWithoutOpenssl {
+		buildFlags = " without_openssl"
+	}
 	built := fmt.Sprintf("%s %s", humanTime, runtime.Version())
-	fmt.Printf("%s %s; go-fuse %s; %s\n",
-		tlog.ProgramName, GitVersion, GitVersionFuse, built)
+	fmt.Printf("%s %s%s; go-fuse %s; %s\n",
+		tlog.ProgramName, GitVersion, buildFlags, GitVersionFuse, built)
 }
 
 func main() {