feat: consume openssl from openssl-sys (#275)

* feat: consume openssl from openssl-sys

Signed-off-by: James Mayclin <[email protected]>

* add separate feature for vendored openssl

Signed-off-by: James Mayclin <[email protected]>

* forgot to commit Cargo.toml

Signed-off-by: James Mayclin <[email protected]>

* add ci for vendored_openssl feature

Signed-off-by: James Mayclin <[email protected]>

* skip windows

Signed-off-by: James Mayclin <[email protected]>

---------

Signed-off-by: James Mayclin <[email protected]>

Author: jmayclin

.github/workflows/ci.yml

@@ -84,6 +84,12 @@ jobs:
       - name: Cargo test --no-default-features --features non_portable,kems,sigs,std
         run: cargo test --no-default-features --features non_portable,kems,sigs,std --manifest-path oqs/Cargo.toml
 
+      # skip windows, because the default image doesn't include several of the
+      # system dependencies (e.g. Perl) required for the openssl-sys/vendored
+      - name: Cargo test --features vendored_openssl
+        if: matrix.os != 'windows-latest'
+        run: cargo test --features vendored_openssl --manifest-path oqs/Cargo.toml
+
       - name: Cargo fmt
         run: cargo fmt --all -- --check
 

oqs-sys/Cargo.toml

@@ -16,6 +16,7 @@ include = ["README.md", "build.rs", "src/**", "liboqs/.CMake/**", "liboqs/src/**
 
 [dependencies]
 libc = "0.2"
+openssl-sys = { version = "0.9", features = ["vendored"], optional = true }
 
 [build-dependencies]
 pkg-config = "0.3"
@@ -26,6 +27,7 @@ build-deps = "0.1"
 [features]
 default = ["openssl", "kems", "sigs"]
 openssl = []
+vendored_openssl = ["openssl", "vendored", "dep:openssl-sys"]
 docs = []
 non_portable = []
 vendored = []

oqs-sys/build.rs

@@ -88,24 +88,35 @@ fn build_from_source() -> PathBuf {
         config.define("CMAKE_SYSTEM_VERSION", "10.0");
     }
 
-    if cfg!(feature = "openssl") {
+    // link the openssl libcrypto
+    if cfg!(any(feature = "openssl", feature = "vendored_openssl")) {
         config.define("OQS_USE_OPENSSL", "Yes");
         if cfg!(windows) {
             // Windows doesn't prefix with lib
             println!("cargo:rustc-link-lib=libcrypto");
         } else {
             println!("cargo:rustc-link-lib=crypto");
         }
+    } else {
+        config.define("OQS_USE_OPENSSL", "No");
+    }
 
+    // let the linker know where to search for openssl libcrypto
+    if cfg!(feature = "vendored_openssl") {
+        // DEP_OPENSSL_ROOT is set by openssl-sys if a vendored build was used.
+        // We point CMake towards this so that the vendored openssl is preferred
+        // over the system openssl.
+        let vendored_openssl_root = std::env::var("DEP_OPENSSL_ROOT")
+            .expect("The `vendored_openssl` feature was enabled, but DEP_OPENSSL_ROOT was not set");
+        config.define("OPENSSL_ROOT_DIR", vendored_openssl_root);
+    } else if cfg!(feature = "openssl") {
         println!("cargo:rerun-if-env-changed=OPENSSL_ROOT_DIR");
         if let Ok(dir) = std::env::var("OPENSSL_ROOT_DIR") {
             let dir = Path::new(&dir).join("lib");
             println!("cargo:rustc-link-search={}", dir.display());
         } else if cfg!(target_os = "windows") || cfg!(target_os = "macos") {
             println!("cargo:warning=You may need to specify OPENSSL_ROOT_DIR or disable the default `openssl` feature.");
         }
-    } else {
-        config.define("OQS_USE_OPENSSL", "No");
     }
 
     let permit_unsupported = "OQS_PERMIT_UNSUPPORTED_ARCHITECTURE";
@@ -125,8 +136,10 @@ fn build_from_source() -> PathBuf {
         );
     }
 
-    // lib is installed to $outdir/lib
+    // lib is installed to $outdir/lib or lib64, depending on CMake conventions
     let libdir = outdir.join("lib");
+    let libdir64 = outdir.join("lib64");
+
     if cfg!(windows) {
         // Static linking doesn't work on Windows
         println!("cargo:rustc-link-lib=oqs");
@@ -135,6 +148,7 @@ fn build_from_source() -> PathBuf {
         println!("cargo:rustc-link-lib=static=oqs");
     }
     println!("cargo:rustc-link-search=native={}", libdir.display());
+    println!("cargo:rustc-link-search=native={}", libdir64.display());
 
     outdir
 }

oqs/Cargo.toml

@@ -24,6 +24,7 @@ default = ["oqs-sys/openssl", "kems", "sigs", "std"]
 std = []
 non_portable = ["oqs-sys/non_portable"]
 vendored = ["oqs-sys/vendored"]
+vendored_openssl = ["oqs-sys/vendored_openssl"]
 
 # algorithms: KEMs
 kems = ["oqs-sys/kems", "classic_mceliece", "frodokem", "hqc", "kyber", "ml_kem", "ntruprime"]