Make *ring* optional

It is a default feature. Taking it away disables all the signature algorithms, and therefore most of the tests.
rustls · Jul 28, 2023 · 205f5d7 · 205f5d7
1 parent d013769
commit 205f5d7
Show file tree

Hide file tree

Showing 10 changed files with 613 additions and 578 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -43,6 +43,7 @@ include = [
     "src/name/verify.rs",
     "src/name/name.rs",
     "src/signed_data.rs",
+    "src/ring_algs.rs",
     "src/time.rs",
     "src/trust_anchor.rs",
     "src/x509.rs",
@@ -62,12 +63,13 @@ rustdoc-args = ["--cfg", "docsrs"]
 name = "webpki"
 
 [features]
-default = ["std"]
+default = ["std", "ring"]
+ring = ["dep:ring"]
 alloc = ["ring/alloc"]
 std = ["alloc"]
 
 [dependencies]
-ring = { version = "0.16.19", default-features = false }
+ring = { version = "0.16.19", default-features = false, optional = true }
 untrusted = "0.7.1"
 
 [dev-dependencies]

diff --git a/src/lib.rs b/src/lib.rs
@@ -23,6 +23,7 @@
 //! | ------- | ----------- |
 //! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
 //! | `std` | Enable features that require libstd. Implies `alloc`. |
+//! | `ring` | Enable use of the *ring* crate for cryptography. |
 
 #![cfg_attr(not(feature = "std"), no_std)]
 #![warn(unreachable_pub)]
@@ -49,6 +50,8 @@ mod calendar;
 mod cert;
 mod end_entity;
 mod error;
+#[cfg(feature = "ring")]
+mod ring_algs;
 mod signed_data;
 mod subject_name;
 mod time;
@@ -63,10 +66,7 @@ pub use {
     crl::{BorrowedCertRevocationList, BorrowedRevokedCert, CertRevocationList, RevocationReason},
     end_entity::EndEntityCert,
     error::Error,
-    signed_data::{
-        alg_id, InvalidSignature, SignatureVerificationAlgorithm, ECDSA_P256_SHA256,
-        ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
-    },
+    signed_data::{alg_id, InvalidSignature, SignatureVerificationAlgorithm},
     subject_name::{
         AddrParseError, DnsNameRef, InvalidDnsNameError, InvalidSubjectNameError, IpAddrRef,
         SubjectNameRef,
@@ -76,13 +76,23 @@ pub use {
     verify_cert::KeyUsage,
 };
 
+#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
 #[cfg(feature = "alloc")]
 pub use {
     crl::{OwnedCertRevocationList, OwnedRevokedCert},
-    signed_data::{
-        RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
-        RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
-        RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
-    },
     subject_name::{DnsName, IpAddr},
 };
+
+#[cfg_attr(docsrs, doc(cfg(feature = "ring")))]
+#[cfg(feature = "ring")]
+pub use ring_algs::{
+    ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
+};
+
+#[cfg_attr(docsrs, doc(cfg(all(feature = "ring", feature = "alloc"))))]
+#[cfg(all(feature = "ring", feature = "alloc"))]
+pub use ring_algs::{
+    RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
+    RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
+    RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
+};