diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2022-12-15 18:04:52 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-01-05 16:56:05 +0100 |
commit | b7e1b0e5a23923bce97f91fdab16a32d80453876 (patch) | |
tree | 7a7e90769b0a79560c76fcc0a50d5897ba3261c0 | |
parent | f4d4c9804a29d69ad7b88147c07f5d2639fb7d88 (diff) |
Don't select a cryptograhic backend in non-leaf crates.
- This way, only the leaf package has to concern itself with the
selection of a cryptographic backend for Sequoia. Notably, we
don't have to repeat all of sequoia-openpgp's features in all
crates that use sequoia-openpgp.
- Enable the new feature resolver which allows for this method.
- A complication arises because we want to make `cargo test` work by
default for the intermediate crates without developers having to
select a cryptographic backend. To make that work, we implicitly
select a backend in the dev dependencies which are enabled when
compiling the tests. To make it even more convenient, we select
the most convenient backend, which is CNG for Windows and Nettle,
our default, for every other platform.
- Now that we have implicitly selected CNG on Windows for running
the tests, when the user wants to use Nettle on Windows, and does
`cargo test --features sequoia-openpgp/crypto-nettle`, then two
backends are selected: the implicitly selected CNG and the
explicitly selected Nettle. In this case, we detect that an
implicit selection has been made, and ignore the implicitly
selected backend. Now, this has already been compiled by
cargo (remember that we cannot influence the set of dependencies
at the time the build script is run), but we can still ignore the
implicit backend using conditional compilation (i.e. it will not
be included in the resulting binary). The same happens on
non-Windows platforms where Nettle is the implicit default for
tests when the user explicitly requests a different backend. In
both cases, Nettle and CNG are slim wrappers around native
libraries, so the wasted compilation time is low.
-rw-r--r-- | Cargo.toml | 1 | ||||
-rw-r--r-- | autocrypt/Cargo.toml | 18 | ||||
-rw-r--r-- | ipc/Cargo.toml | 18 | ||||
-rw-r--r-- | net/Cargo.toml | 18 | ||||
-rw-r--r-- | openpgp/Cargo.toml | 1 | ||||
-rw-r--r-- | openpgp/build.rs | 11 | ||||
-rw-r--r-- | openpgp/src/crypto/backend.rs | 44 |
7 files changed, 81 insertions, 30 deletions
@@ -1,4 +1,5 @@ [workspace] +resolver = "2" members = [ "autocrypt", "buffered-reader", diff --git a/autocrypt/Cargo.toml b/autocrypt/Cargo.toml index b0e2fc0a..cca5041a 100644 --- a/autocrypt/Cargo.toml +++ b/autocrypt/Cargo.toml @@ -28,10 +28,14 @@ base64 = ">=0.12" [lib] bench = false -[features] -default = ["sequoia-openpgp/default"] -crypto-nettle = ["sequoia-openpgp/crypto-nettle"] -crypto-cng = ["sequoia-openpgp/crypto-cng"] -compression = ["sequoia-openpgp/compression"] -compression-deflate = ["sequoia-openpgp/compression-deflate"] -compression-bzip2 = ["sequoia-openpgp/compression-bzip2"] +# Enables a crypto backend for the tests: +[target.'cfg(not(windows))'.dev-dependencies] +sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false, features = ["crypto-nettle", "__implicit-crypto-backend-for-tests"] } + +# Enables a crypto backend for the tests: +[target.'cfg(windows)'.dev-dependencies] +sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false, features = ["crypto-cng", "__implicit-crypto-backend-for-tests"] } + +# Enables a crypto backend for the docs.rs generation: +[package.metadata.docs.rs] +features = ["sequoia-openpgp/default"] diff --git a/ipc/Cargo.toml b/ipc/Cargo.toml index 038b1a7e..dfe652ae 100644 --- a/ipc/Cargo.toml +++ b/ipc/Cargo.toml @@ -55,10 +55,14 @@ tokio = { version = "1", features = [ "macros" ] } [lib] bench = false -[features] -default = ["sequoia-openpgp/default"] -crypto-nettle = ["sequoia-openpgp/crypto-nettle"] -crypto-cng = ["sequoia-openpgp/crypto-cng"] -compression = ["sequoia-openpgp/compression"] -compression-deflate = ["sequoia-openpgp/compression-deflate"] -compression-bzip2 = ["sequoia-openpgp/compression-bzip2"] +# Enables a crypto backend for the tests: +[target.'cfg(not(windows))'.dev-dependencies] +sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false, features = ["crypto-nettle", "__implicit-crypto-backend-for-tests"] } + +# Enables a crypto backend for the tests: +[target.'cfg(windows)'.dev-dependencies] +sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false, features = ["crypto-cng", "__implicit-crypto-backend-for-tests"] } + +# Enables a crypto backend for the docs.rs generation: +[package.metadata.docs.rs] +features = ["sequoia-openpgp/default"] diff --git a/net/Cargo.toml b/net/Cargo.toml index 845dad79..724130fa 100644 --- a/net/Cargo.toml +++ b/net/Cargo.toml @@ -48,10 +48,14 @@ hyper = { version = "0.14", features = [ "server" ] } [lib] bench = false -[features] -default = ["sequoia-openpgp/default"] -crypto-nettle = ["sequoia-openpgp/crypto-nettle"] -crypto-cng = ["sequoia-openpgp/crypto-cng"] -compression = ["sequoia-openpgp/compression"] -compression-deflate = ["sequoia-openpgp/compression-deflate"] -compression-bzip2 = ["sequoia-openpgp/compression-bzip2"] +# Enables a crypto backend for the tests: +[target.'cfg(not(windows))'.dev-dependencies] +sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false, features = ["crypto-nettle", "__implicit-crypto-backend-for-tests"] } + +# Enables a crypto backend for the tests: +[target.'cfg(windows)'.dev-dependencies] +sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false, features = ["crypto-cng", "__implicit-crypto-backend-for-tests"] } + +# Enables a crypto backend for the docs.rs generation: +[package.metadata.docs.rs] +features = ["sequoia-openpgp/default"] diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml index 74f9319b..85874b7b 100644 --- a/openpgp/Cargo.toml +++ b/openpgp/Cargo.toml @@ -109,6 +109,7 @@ crypto-rust = [ ] crypto-cng = ["eax", "winapi", "win-crypto-ng", "ed25519-dalek", "num-bigint-dig"] crypto-openssl = ["openssl", "openssl-sys", "foreign-types-shared"] +__implicit-crypto-backend-for-tests = [] # Experimental and variable-time cryptographic backends opt-ins allow-experimental-crypto = [] diff --git a/openpgp/build.rs b/openpgp/build.rs index 9de8fb76..60f07620 100644 --- a/openpgp/build.rs +++ b/openpgp/build.rs @@ -63,13 +63,20 @@ fn crypto_backends_sanity_check() { } let backends = vec![ - (cfg!(feature = "crypto-nettle"), + (cfg!(all(feature = "crypto-nettle", + not(all(feature = "__implicit-crypto-backend-for-tests", + any(feature = "crypto-openssl", + feature = "crypto-rust"))))), Backend { name: "Nettle", production_ready: true, constant_time: true, }), - (cfg!(feature = "crypto-cng"), + (cfg!(all(feature = "crypto-cng", + not(all(feature = "__implicit-crypto-backend-for-tests", + any(feature = "crypto-nettle", + feature = "crypto-openssl", + feature = "crypto-rust"))))), Backend { name: "Windows CNG", production_ready: true, diff --git a/openpgp/src/crypto/backend.rs b/openpgp/src/crypto/backend.rs index 780b0bb1..28fcfe14 100644 --- a/openpgp/src/crypto/backend.rs +++ b/openpgp/src/crypto/backend.rs @@ -3,21 +3,51 @@ pub(crate) mod sha1cd; -#[cfg(feature = "crypto-nettle")] +// Nettle is the default backend, but on Windows targets we instead +// enable CNG for running the tests in non-leaf crates that depend on +// sequoia-openpgp. This creates a conflict, and makes `cargo test` +// fail. To mitigate this, only enable the Nettle backend if we are +// not compiling the tests and have a different backend selected. +// +// Note: If you add a new crypto backend, add it to the expression, +// and also synchronize the expression to `build.rs`. +#[cfg(all(feature = "crypto-nettle", + not(all(feature = "__implicit-crypto-backend-for-tests", + any(feature = "crypto-openssl", + feature = "crypto-rust")))))] mod nettle; -#[cfg(feature = "crypto-nettle")] +#[cfg(all(feature = "crypto-nettle", + not(all(feature = "__implicit-crypto-backend-for-tests", + any(feature = "crypto-openssl", + feature = "crypto-rust")))))] pub use self::nettle::*; +// Nettle is the default backend, but on Windows targets we instead +// enable CNG for running the tests in non-leaf crates that depend on +// sequoia-openpgp. This creates a conflict, and makes `cargo test` +// fail. To mitigate this, only enable the CNG backend if we are +// not compiling the tests and have a different backend selected. +// +// Note: If you add a new crypto backend, add it to the expression, +// and also synchronize the expression to `build.rs`. +#[cfg(all(feature = "crypto-cng", + not(all(feature = "__implicit-crypto-backend-for-tests", + any(feature = "crypto-nettle", + feature = "crypto-openssl", + feature = "crypto-rust")))))] +mod cng; +#[cfg(all(feature = "crypto-cng", + not(all(feature = "__implicit-crypto-backend-for-tests", + any(feature = "crypto-nettle", + feature = "crypto-openssl", + feature = "crypto-rust")))))] +pub use self::cng::*; + #[cfg(feature = "crypto-rust")] mod rust; #[cfg(feature = "crypto-rust")] pub use self::rust::*; -#[cfg(feature = "crypto-cng")] -mod cng; -#[cfg(feature = "crypto-cng")] -pub use self::cng::*; - #[cfg(feature = "crypto-openssl")] mod openssl; #[cfg(feature = "crypto-openssl")] |