aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-10-04 09:51:14 +0200
committerJakob Unterwurzacher2016-10-04 09:51:14 +0200
commit56c0b19612dd25b84474211c1a84897fe89ce7d4 (patch)
tree7eeaa30a90f9cbcc75b7c91853b759f4eb7c034a /internal
parenta00402cc47d245355c6556a17a1cacaf5102a31c (diff)
without_openssl: support compiling completely without openssl
Build helper script: build-without-openssl.bash
Diffstat (limited to 'internal')
-rw-r--r--internal/prefer_openssl/prefer.go2
-rw-r--r--internal/prefer_openssl/prefer_go1.5.go7
-rw-r--r--internal/prefer_openssl/prefer_go1.6.go7
-rw-r--r--internal/stupidgcm/locking.go2
-rw-r--r--internal/stupidgcm/stupidgcm.go5
-rw-r--r--internal/stupidgcm/without_openssl.go48
6 files changed, 70 insertions, 1 deletions
diff --git a/internal/prefer_openssl/prefer.go b/internal/prefer_openssl/prefer.go
index 0afe7d5..e06f0d5 100644
--- a/internal/prefer_openssl/prefer.go
+++ b/internal/prefer_openssl/prefer.go
@@ -11,7 +11,7 @@ import (
)
// filePreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
-// Go GCM is fastern when the CPU has AES instructions and Go is v1.6 or higher.
+// Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher.
//
// See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
// for benchmarks.
diff --git a/internal/prefer_openssl/prefer_go1.5.go b/internal/prefer_openssl/prefer_go1.5.go
index 51a07ab..7095314 100644
--- a/internal/prefer_openssl/prefer_go1.5.go
+++ b/internal/prefer_openssl/prefer_go1.5.go
@@ -3,7 +3,14 @@
package prefer_openssl
+import (
+ "github.com/rfjakob/gocryptfs/internal/stupidgcm"
+)
+
func PreferOpenSSL() bool {
+ if stupidgcm.BuiltWithoutOpenssl {
+ return false
+ }
// OpenSSL is always faster than Go GCM on old Go versions or on anything
// other than amd64
return true
diff --git a/internal/prefer_openssl/prefer_go1.6.go b/internal/prefer_openssl/prefer_go1.6.go
index 898db0c..a5a67fb 100644
--- a/internal/prefer_openssl/prefer_go1.6.go
+++ b/internal/prefer_openssl/prefer_go1.6.go
@@ -3,6 +3,10 @@
package prefer_openssl
+import (
+ "github.com/rfjakob/gocryptfs/internal/stupidgcm"
+)
+
// PreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.
// Go GCM is faster when the CPU has AES instructions and Go is v1.6 or higher
// on amd64.
@@ -10,5 +14,8 @@ package prefer_openssl
// See https://github.com/rfjakob/gocryptfs/issues/23#issuecomment-218286502
// for benchmarks.
func PreferOpenSSL() bool {
+ if stupidgcm.BuiltWithoutOpenssl {
+ return false
+ }
return filePreferOpenSSL("/proc/cpuinfo")
}
diff --git a/internal/stupidgcm/locking.go b/internal/stupidgcm/locking.go
index 88f0900..952d669 100644
--- a/internal/stupidgcm/locking.go
+++ b/internal/stupidgcm/locking.go
@@ -1,3 +1,5 @@
+// +build !without_openssl
+
package stupidgcm
// In general, OpenSSL is only threadsafe if you provide a locking function
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index 0f4e25d..db9e6ef 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -1,3 +1,5 @@
+// +build !without_openssl
+
// Package stupidgcm is a thin wrapper for OpenSSL's GCM encryption and
// decryption functions. It only support 32-byte keys and 16-bit IVs.
package stupidgcm
@@ -13,6 +15,9 @@ import (
)
const (
+ // Has openssl been disabled at compile-time?
+ BuiltWithoutOpenssl = false
+
keyLen = 32
ivLen = 16
tagLen = 16
diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go
new file mode 100644
index 0000000..0b3cf90
--- /dev/null
+++ b/internal/stupidgcm/without_openssl.go
@@ -0,0 +1,48 @@
+// +build without_openssl
+
+package stupidgcm
+
+import (
+ "os"
+
+ "github.com/rfjakob/gocryptfs/internal/tlog"
+)
+
+type stupidGCM struct{}
+
+const (
+ // Has openssl been disabled at compile-time?
+ BuiltWithoutOpenssl = true
+)
+
+func errExit() {
+ tlog.Fatal.Println("gocryptfs has been compiled without openssl support but you are still trying to use openssl")
+ os.Exit(2)
+}
+
+func New(_ []byte) stupidGCM {
+ errExit()
+ // This panic is never reached, but having it here stops the Go compiler
+ // from complaining about the missing return code.
+ panic("")
+}
+
+func (g stupidGCM) NonceSize() int {
+ errExit()
+ panic("")
+}
+
+func (g stupidGCM) Overhead() int {
+ errExit()
+ panic("")
+}
+
+func (g stupidGCM) Seal(_, _, _, _ []byte) []byte {
+ errExit()
+ panic("")
+}
+
+func (g stupidGCM) Open(_, _, _, _ []byte) ([]byte, error) {
+ errExit()
+ panic("")
+}