openpgp: Add features to opt-in to experimental crypto backends.

1 files changed, 42 insertions, 0 deletions

diff --git a/openpgp/build.rs b/openpgp/build.rs
index bc0f09a7..210483e5 100644
--- a/openpgp/build.rs
+++ b/openpgp/build.rs
@@ -96,4 +96,46 @@ See https://crates.io/crates/sequoia-openpgp#crypto-backends",
             exit(1);
         },
     }
+
+    // We now have exactly one backend.
+    assert_eq!(backends.len(), 1);
+    let backend = &backends[0];
+
+    // Check its properties.
+    if ! (backend.production_ready
+          || cfg!(feature = "allow-experimental-crypto"))
+    {
+        eprintln!("
+The cryptographic backend {} is not considered production ready.
+
+If you know what you are doing, you can opt-in to using experimental
+cryptographic backends using the feature flag
+
+    allow-experimental-crypto
+
+See https://crates.io/crates/sequoia-openpgp#crypto-backends",
+                  backend.name);
+        exit(1);
+    }
+
+    if ! (backend.constant_time
+          || cfg!(feature = "allow-variable-time-crypto"))
+    {
+        eprintln!("
+The cryptographic backend {} does not provide constant-time
+operations.  This has the potential of leaking cryptographic secrets,
+enable attackers to forge signatures, or cause other mayhem.
+
+If you are not using Sequoia in an interactive setting, using
+variable-time cryptographic operations is probably safe.
+
+If you know what you are doing, you can opt-in to using variable-time
+cryptographic operations using the feature flag
+
+    allow-variable-time-crypto
+
+See https://crates.io/crates/sequoia-openpgp#crypto-backends",
+                  backend.name);
+        exit(1);
+    }
 }