Skip to content

WIP: crypto: Add a native feature flag #3520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
smalis-msft wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

WIP: crypto: Add a native feature flag #3520

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5075323
crypto: Add a native feature flag
smalis-msft May 19, 2026
c083fc5
list backends
smalis-msft May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions openvmm/openvmm_entry/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ pcie_remote_resources.workspace = true

clap_dyn_complete.workspace = true
console_relay.workspace = true
crypto = { workspace = true, optional = true }
crypto = { workspace = true, features = ["native"] }
guid.workspace = true
inspect.workspace = true
inspect_proto.workspace = true
Expand Down Expand Up @@ -122,5 +122,5 @@ build_rs_guest_arch.workspace = true
workspace = true

[package.metadata.xtask.unused-deps]
# keep the crypto dep so we can specify the vendored feature
# keep the crypto dep so we can specify the vendored and backend features
ignored = ["crypto"]
3 changes: 3 additions & 0 deletions support/crypto/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ rust-version.workspace = true
# If the chosen backend is not natively available and can't be vendored, this will trigger a compile error.
vendored = ["openssl?/vendored"]

# Use a native backend, or OpenSSL on Linux.
native = []

# Use OpenSSL instead of any native backend.
openssl = ["dep:openssl", "dep:openssl_kdf"]

Expand Down
22 changes: 18 additions & 4 deletions support/crypto/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
#![expect(missing_docs)]

fn main() {
println!("cargo::rerun-if-env-changed=CARGO_FEATURE_NATIVE");
println!("cargo::rerun-if-env-changed=CARGO_FEATURE_OPENSSL");
println!("cargo::rerun-if-env-changed=CARGO_FEATURE_RUST");
println!("cargo::rerun-if-env-changed=CARGO_FEATURE_SYMCRYPT");
Expand All @@ -15,22 +16,35 @@ fn main() {
println!("cargo::rustc-check-cfg=cfg(rust)");
println!("cargo::rustc-check-cfg=cfg(symcrypt)");

let native = std::env::var_os("CARGO_FEATURE_NATIVE").is_some();
let openssl = std::env::var_os("CARGO_FEATURE_OPENSSL").is_some();
let rust = std::env::var_os("CARGO_FEATURE_RUST").is_some();
let symcrypt = std::env::var_os("CARGO_FEATURE_SYMCRYPT").is_some();
let vendored = std::env::var_os("CARGO_FEATURE_VENDORED").is_some();
let linux = std::env::var("CARGO_CFG_TARGET_OS").unwrap() == "linux";

let all_features = openssl && rust && symcrypt && vendored;
let backend_count = openssl as u8 + rust as u8 + symcrypt as u8;
let all_features = native && openssl && rust && symcrypt && vendored;
let backend_count = native as u8 + openssl as u8 + rust as u8 + symcrypt as u8;

// If we see multiple backends enabled that's an error. However if we see every
// backend, and vendoring, enabled, it's likely we're in an --all-features session.
// Since this is a common rust-analyzer configuration, allow it and fall back to
// platform defaults.
if backend_count > 1 && !all_features {
panic!("Multiple crypto backends enabled, but only one can be selected");
} else if backend_count == 0 || all_features {
let enabled = [
("native", native),
("openssl", openssl),
("rust", rust),
("symcrypt", symcrypt),
]
.iter()
.filter_map(|(n, e)| e.then_some(*n))
.collect::<Vec<_>>()
.join(", ");
panic!("Multiple crypto backends enabled, but only one can be selected: {enabled}");
} else if backend_count == 0 {
panic!("No crypto backend enabled, but one must be selected");
} else if native || all_features {
// Default to openssl on linux, the dependencies are also marked
// non-optional and there is no native backend available
if linux {
Expand Down
3 changes: 2 additions & 1 deletion vm/devices/firmware/firmware_uefi/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ vmcore.workspace = true

async-trait.workspace = true
bitfield-struct.workspace = true
crypto.workspace = true
# TODO: Should probably be the rust backend
Comment thread
smalis-msft marked this conversation as resolved.
crypto = { workspace = true, features = ["native"] }
der = { workspace = true, features = ["derive", "alloc", "oid"] }
getrandom.workspace = true
guid.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion vm/vmgs/vmgs_lib/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ rust-version.workspace = true
crate-type = ["cdylib"]

[dependencies]
crypto = { workspace = true, features = ["vendored"] }
crypto = { workspace = true, features = ["native", "vendored"] }
disk_backend.workspace = true
disk_vhd1.workspace = true
futures.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion vm/vmgs/vmgstool/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ rust-version.workspace = true
[features]
default = []

encryption = ["vmgs/encryption", "crypto/vendored"]
encryption = ["vmgs/encryption", "crypto/vendored", "crypto/native"]

test_helpers = ["vmgs/test_helpers", "getrandom", "dep:resource_dll_parser"]

Expand Down
Loading