feature gate each cryptographic algorithm

[AlexanderSchuetz97]

Good evening,

I am in a bit of a bind with a project using certkit.
Namely I need to be able to do some rather complex cross compilation.
This requires a pure rust solution without any C code or dependencies to C code.
Unfortunately the RSA crate somewhat directly depends on the libm C library.
I have raised this issue with the RSA crate and they are aware of it now, but it appears that this is not a priority for them.
So it may take a VERY LONG TIME until they fix this. (It is understandable they have security vulnerabilities to fix first)
A more pragmatic solution is to allow for selection of cryptographic algorithms in certkit.
This will allow me to disable RSA and use p384 instead in my application.
This is perfectly fine for my use case as I do not need RSA.

I could have done this with just making RSA feature gated, but I decided that I may as well make this for all cryptographic algorithms so that users of certkit can decide which algorithm they need. By default naturally all of them are enabled so nothing changes unless you set default-features=false. So this is "technically" not a breaking change.

I also added a shell script that tests some combinations of features to ensure that they compile.

Concerning the tests, most integration tests basically only used RSA and p256. Since I added feature gates I had to do some amount of minor restructuring to make it easier to feature gate the integration tests. But other than that I changed nothing in substance. If you run cargo test then the same thing happens as before.

I hope this finds your agreement and can be merged. I also once again took the liberty of bumping the version for you.

[nacardin]

Thanks! I'll look into the RSA upstream, though I'm not familiar with it.

[nacardin]

The libm crate seems to be pure rust. But feature gating regardless is a good idea

[AlexanderSchuetz97]

@nacardin
Thanks for merging, can you make a release on crates.io?

Also regarding libm your mistaken. I am 100% certain it is a C library,
because I am getting linker error since it tries to compile/link libm.a which for my scenario will not work.
libm is usually provided by the compiler for C programs.

See github.com/RustCrypto/RSA/issues/686

the RSA crate was also not aware of it and is not happy with it.

But anyways all that matters is that its feature gated and I can now disable RSA and solve my problems.

[nacardin]

@nacardin Thanks for merging, can you make a release on crates.io?

I have found a few other problems with the cert logic. I'll try to get the release out today or tomorrow.

Also regarding libm your mistaken. I am 100% certain it is a C library, because I am getting linker error since it tries to compile/link libm.a which for my scenario will not work. libm is usually provided by the compiler for C programs.

I'm not an expert on C interop, but I would expect to see cc as a dep if its a C lib being wrapped. https://crates.io/crates/libm states that the crate is "libm in pure Rust". Just out of curiosity, can you share any compile showing the C compilation?

[AlexanderSchuetz97]

I cannot reproduce the compiler error using certkit 0.1.1 from crates.io anymore, just spent 1-2 hours trying to reproduce it.
You are probably right that the libm crate is pure rust, however I swear I saw something trying to link libm.a...
A quick cargo-tree | grep libm lead me to certkit -> rsa...
It may have been a different dependency that used libm as in the actual C dependency.
No clue how this happened since libm is also the name of a bona fide C library.

I am just a bit dumbfounded as to what made my original problem go away, since apparently it wasn't certkit.
I for sure didn't spend the time making this PR for no reason...

At least I hope it is as you say, that perhaps someone will have value in not having all the algorithms active at all times.

As for your question regarding the "cc" dependency, at least that I can answer. That crate is not strictly necessary.
You can also just have linker arguments in your build script that links to a already compiled library that's expected to be present on the system. You only need (can use) the cc crate to compile C code on the fly as part of the rust build process.

Take all the time you need to make your release.
For my purposes version 0.1.1 appears to do the job.
I will just update whenever you had the time to make your other changes.

Sincerest apologies for bothering you with a non issue.