feat: Make OpenSSL a default feature

.github/workflows/ci.yml

@@ -15,8 +15,36 @@ on:
     - cron: "0 18 * * 1,4,6" # 1800 UTC every Monday, Thursday, Saturday
 
 jobs:
+  get-features:
+    name: Get features
+    runs-on: ubuntu-latest
+    outputs:
+      rust-native-features: ${{ steps.get-features.outputs.rust-native-features }}
+      openssl-features: ${{ steps.get-features.outputs.openssl-features }}
+      wasi-features: ${{ steps.get-features.outputs.wasi-features }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: stable
+
+      - name: Get all features
+        id: get-features
+        run: |
+          FEATURES=$(cargo metadata --format-version=1 | jq -r '[.packages[] | select(.name=="c2pa" or .name=="c2pa-c") | .features | keys | map(select(. != "default")) | .[]] | unique | join(" ")')
+          RUST_NATIVE_FEATURES=$(echo $FEATURES | sed 's/openssl//g')
+          OPENSSL_FEATURES=$(echo $FEATURES | sed 's/rust_native_crypto//g')
+          WASI_FEATURES=$(echo $RUST_NATIVE_FEATURES | sed 's/json_api//g')
+          echo "rust-native-features=$RUST_NATIVE_FEATURES" >> "$GITHUB_OUTPUT"
+          echo "openssl-features=$OPENSSL_FEATURES" >> "$GITHUB_OUTPUT"
+          echo "wasi-features=$WASI_FEATURES" >> "$GITHUB_OUTPUT"
+
   tests:
     name: Unit tests
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -48,10 +76,19 @@ jobs:
       - name: Install cargo-llvm-cov
         uses: taiki-e/install-action@cargo-llvm-cov
 
-      - name: Generate code coverage
+      - name: Generate code coverage for rust_native_crypto
+        env:
+          RUST_BACKTRACE: "1"
+          FEATURES: ${{needs.get-features.outputs.rust_native_crypto-features}}
+        run: |
+          cargo llvm-cov --lib --features "$FEATURES" --lcov --output-path lcov-rust_native_crypto.info
+
+      - name: Generate code coverage for openssl
         env:
           RUST_BACKTRACE: "1"
-        run: cargo llvm-cov --lib --all-features --lcov --output-path lcov.info
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
+        run: |
+          cargo llvm-cov --lib --features "$FEATURES" --lcov --output-path lcov-openssl.info
 
       # Tokens aren't available for PRs originating from forks,
       # so we don't attempt to upload code coverage in that case.
@@ -66,9 +103,11 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
           verbose: true
+          files: ./lcov-openssl.info,./lcov-rust_native_crypto.info
 
   tests-cli:
     name: Unit tests (c2patool)
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -103,7 +142,9 @@ jobs:
       - name: Generate code coverage
         env:
           RUST_BACKTRACE: "1"
-        run: cargo llvm-cov --bins --all-features --lcov --output-path lcov.info
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
+        run: |
+          cargo llvm-cov --bins --features "$FEATURES" --lcov --output-path lcov.info
 
       # Tokens aren't available for PRs originating from forks,
       # so we don't attempt to upload code coverage in that case.
@@ -118,9 +159,11 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
           verbose: true
+          files: lcov-*.info
 
   doc-tests:
     name: Doc tests (requires nightly Rust)
+    needs: get-features
     # TODO: Remove this once cargo-llvm-cov can run doc tests and generate
     # coverage. (This requires a bug fix that is only available in nightly Rust.)
     # Watch https://github.com/taiki-e/cargo-llvm-cov/issues/2
@@ -163,13 +206,17 @@ jobs:
       # doc tests.
 
       - name: Run doc tests (COVERAGE DISABLED)
-        run:
-          cargo test --workspace --all-features --doc
-
+        env:
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
+        run: |
+          cargo test --workspace --features "$FEATURES" --doc
+
       # - name: Generate code coverage
       #   env:
       #     RUST_BACKTRACE: "1"
-      #   run: cargo llvm-cov --workspace --all-features --lcov --doctests --output-path lcov.info
+      #     FEATURES: ${{needs.get-features.outputs.openssl-features}}
+      #   run: |
+      #   cargo llvm-cov --workspace --features "$FEATURES" --lcov --doctests --output-path lcov.info
 
       # Tokens aren't available for PRs originating from forks,
       # so we don't attempt to upload code coverage in that case.
@@ -208,9 +255,10 @@ jobs:
 
       - name: "`cargo check` with default features"
         run: cargo check
-        
+
   tests-cross:
     name: Unit tests
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -247,10 +295,14 @@ jobs:
       # environment. (A PR to fix this would be welcomed!)
 
       - name: Run unit tests (cross build)
-        run: cross test --all-targets --all-features --target ${{ matrix.target }}
+        env:
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
+        run: |
+          cross test --all-targets --features "$FEATURES" --target ${{ matrix.target }}
 
   tests-wasm:
     name: Unit tests (Wasm)
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -271,11 +323,12 @@ jobs:
         run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
 
       - name: Run Wasm tests
-        run: wasm-pack test --chrome --headless
+        run: wasm-pack test --chrome --headless --no-default-features --features rust_native_crypto
         working-directory: ./sdk
 
   tests-wasi:
     name: Unit tests (WASI)
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -311,7 +364,7 @@ jobs:
             ARCH="${RUNNER_ARCH}";
           fi
           wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-25/wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz
-          tar xvf wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz
+          tar xf wasi-sdk-25.0-${ARCH}-${RUNNER_OS}.tar.gz
           mv $(echo wasi-sdk-25.0-${ARCH}-${RUNNER_OS} | tr '[:upper:]' '[:lower:]') /opt/wasi-sdk
 
       - name: Add wasm32-wasip2 target
@@ -326,10 +379,13 @@ jobs:
           CC: /opt/wasi-sdk/bin/clang
           WASI_SDK_PATH: /opt/wasi-sdk
           RUST_MIN_STACK: 16777216
-        run: cargo +nightly-2025-05-14 test --target wasm32-wasip2 -p c2pa -p c2patool --all-features
+          FEATURES: ${{needs.get-features.outputs.wasi-features}}
+        run: |
+          cargo +nightly-2025-05-14 test --target wasm32-wasip2 -p c2pa -p c2patool --features "$FEATURES" --no-default-features
 
   test-direct-minimal-versions:
     name: Unit tests with minimum versions of direct dependencies
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -362,10 +418,14 @@ jobs:
         uses: Swatinem/rust-cache@v2
 
       - name: Run tests
-        run: cargo +nightly-2025-01-24 test -Z direct-minimal-versions --all-targets --all-features
+        env:
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
+        run: |
+          cargo +nightly-2025-01-24 test -Z direct-minimal-versions --all-targets --features "$FEATURES"
 
   clippy_check:
     name: Clippy
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -388,7 +448,10 @@ jobs:
         uses: Swatinem/rust-cache@v2
 
       - name: Run Clippy
-        run: cargo clippy --all-features --all-targets -- -Dwarnings
+        env:
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
+        run: |
+          cargo clippy --features "$FEATURES" --all-targets -- -Dwarnings
 
   cargo_fmt:
     name: Enforce Rust code format
@@ -415,6 +478,7 @@ jobs:
 
   docs_rs:
     name: Preflight docs.rs build
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -439,8 +503,9 @@ jobs:
         # environment. The goal is to fail PR validation
         # if the subsequent release would result in a failed
         # documentation build on docs.rs.
-        run: cargo +nightly doc --workspace --all-features --no-deps
+        run: cargo +nightly doc --workspace --features "$FEATURES" --no-deps
         env:
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
           RUSTDOCFLAGS: --cfg docsrs
           DOCS_RS: 1
 
@@ -476,6 +541,7 @@ jobs:
 
   unused_deps:
     name: Check for unused dependencies
+    needs: get-features
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
@@ -496,8 +562,10 @@ jobs:
         uses: dtolnay/rust-toolchain@nightly
 
       - name: Run cargo-udeps
+        env:
+          FEATURES: ${{needs.get-features.outputs.openssl-features}}
         run: |
           mv ./.github/temp-bin/cargo-udeps /home/runner/.cargo/bin/cargo-udeps
-          cargo udeps --all-targets --all-features
+          cargo udeps --all-targets --features "$FEATURES"
           # NOTE: Using pre-built binary as a workaround for
           # https://github.com/aig787/cargo-udeps-action/issues/6.

c_api/Cargo.toml

@@ -9,17 +9,18 @@ license = "MIT OR Apache-2.0"
 crate-type = ["cdylib"]
 
 [features]
-default = ["json_api",]
+default = ["json_api", "openssl"]
 json_api = ["c2pa/v1_api"]
+openssl = ["c2pa/openssl"]
+rust_native_crypto = ["c2pa/rust_native_crypto"]
 
 [dependencies]
 tokio = { version = "1.36", features = ["rt-multi-thread","rt"] }
 c2pa = { path = "../sdk", version = "0.53.0", features = [
     "file_io",
     "add_thumbnails",
     "fetch_remote_manifests",
-    "rust_native_crypto",
-] }
+], default-features = false }
 scopeguard = "1.2.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"

cli/Cargo.toml

@@ -15,6 +15,11 @@ edition = "2018"
 homepage = "https://contentauthenticity.org"
 repository = "https://github.com/contentauth/c2pa-rs/tree/main/cli"
 
+[features]
+default = ["openssl"]
+openssl = ["c2pa/openssl"]
+rust_native_crypto = ["c2pa/rust_native_crypto"]
+
 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(test)'] }
 # Workaround for https://github.com/est31/cargo-udeps/issues/293.
@@ -27,7 +32,7 @@ c2pa = { path = "../sdk", version = "0.53.0", features = [
 	"file_io",
 	"add_thumbnails",
 	"pdf"
-] }
+], default-features = false }
 clap = { version = "4.5.10", features = ["derive", "env"] }
 env_logger = "0.11.7"
 glob = "0.3.1"

export_schema/Cargo.toml

@@ -10,8 +10,13 @@ rust-version = "1.82.0"
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(test)'] }
 # Workaround for https://github.com/est31/cargo-udeps/issues/293.
 
+[features]
+default = ["openssl"]
+openssl = ["c2pa/openssl"]
+rust_native_crypto = ["c2pa/rust_native_crypto"]
+
 [dependencies]
 anyhow = "1.0.40"
-c2pa = { path = "../sdk", default-features = false, features = ["json_schema"] }
+c2pa = { path = "../sdk", features = ["json_schema"], default-features = false }
 schemars = "0.8.21"
 serde_json = "1.0.117"

make_test_images/Cargo.toml

@@ -16,7 +16,7 @@ required-features = ["default"]
 
 [dependencies]
 anyhow = "1.0.40"
-c2pa = { path = "../sdk" }
+c2pa = { path = "../sdk", default-features = false }
 env_logger = "0.11"
 log = "0.4.8"
 image = { version = "0.25.2", default-features = false, features = [
@@ -32,4 +32,6 @@ tempfile = "3.15.0"
 
 [features]
 # prevents these features from being always enabled in the workspace
-default = ["c2pa/file_io"]
+default = ["c2pa/file_io", "openssl"]
+openssl = ["c2pa/openssl"]
+rust_native_crypto = ["c2pa/rust_native_crypto"]

sdk/Cargo.toml

@@ -26,17 +26,23 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
 
 [features]
+default = ["openssl"]
 add_thumbnails = ["image"]
 file_io = []
 serialize_thumbnails = []
 no_interleaved_io = ["file_io"]
 fetch_remote_manifests = ["dep:wasi"]
 json_schema = ["dep:schemars"]
+openssl = ["dep:openssl"]
 pdf = ["dep:lopdf"]
 rust_native_crypto = [
     "dep:const-oid",
+    "dep:ecdsa",
     "dep:der",
     "dep:num-bigint-dig",
+    "dep:p256",
+    "dep:p384",
+    "dep:p521",
     "dep:pkcs1",
     "dep:rsa",
     "dep:spki",
@@ -97,7 +103,7 @@ conv = "0.3.3"
 coset = "0.3.8"
 extfmt = "0.1.1"
 der = { version = "0.7.9", optional = true }
-ecdsa = { version = "0.16.9", features = ["digest", "sha2"] }
+ecdsa = { version = "0.16.9", features = ["digest", "sha2"], optional = true }
 ed25519-dalek = { version = "2.1.1", features = ["alloc", "digest", "pem", "pkcs8", "rand_core"] }
 getrandom = { version = "0.2.7", features = ["js"] }
 hex = "0.4.3"
@@ -116,9 +122,9 @@ nom = "7.1.3"
 non-empty-string = { version = "=0.2.4", features = ["serde"] }
 nonempty-collections = { version = "0.2.9", features = ["serde"] }
 num-bigint-dig = { version = "0.8.4", optional = true }
-p256 = "0.13.2"
-p384 = "0.13.0"
-p521 = { version = "0.13.3", features = ["pkcs8", "digest", "ecdsa"] }
+p256 = { version = "0.13.2", optional = true }
+p384 = { version = "0.13.0", optional = true }
+p521 = { version = "0.13.3", features = ["pkcs8", "digest", "ecdsa"], optional = true }
 pem = "3.0.2"
 pkcs1 = { version = "0.7.5", optional = true }
 pkcs8 = "0.10.2"
@@ -168,7 +174,7 @@ spki = "0.7.3"
 tempfile = { version = "3.15", features = ["nightly"] }
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
-openssl = { version = "0.10.72", features = ["vendored"] }
+openssl = { version = "0.10.72", features = ["vendored"], optional = true }
 ureq = "2.4.0"
 url = "2.5.3"