refactor: Remove openssl feature flag (#940)

refactor: Remove openssl features from sdk

Moving cryptography to c2pa-crypto made the `openssl` and `openssl_sign`
flags defunct.

Makefile

@@ -31,10 +31,12 @@ test-wasm:
 test-wasm-web:
 	cd sdk && wasm-pack test --chrome --headless -- --features="serialize_thumbnails"
 
-# WASI testing requires the WASI SDK https://github.com/WebAssembly/wasi-sdk installed in /opt,
-# wasmtime, and the target wasm32-wasip2 on the nightly toolchain
+# WASI testing requires upstream llvm clang (not XCode), wasmtime, and the target wasm32-wasip2 on the nightly toolchain
 test-wasi:
-	CC=/opt/wasi-sdk/bin/clang CARGO_TARGET_WASM32_WASIP2_RUNNER="wasmtime -S cli -S http --dir ." cargo +nightly test --target wasm32-wasip2 -p c2pa -p c2pa-crypto --all-features
+ifeq ($(PLATFORM),mac)
+	$(eval CC := /opt/homebrew/opt/llvm/bin/clang)
+endif
+	CC=$(CC) CARGO_TARGET_WASM32_WASIP2_RUNNER="wasmtime -S cli -S http --dir ." cargo +nightly test --target wasm32-wasip2 -p c2pa -p c2pa-crypto --all-features
 	rm -r sdk/Users
 
 # Full local validation, build and test all features including wasm

cawg_identity/Cargo.toml

@@ -30,7 +30,7 @@ v1_api = ["c2pa/v1_api"]
 [dependencies]
 async-trait = "0.1.78"
 base64 = "0.22.1"
-c2pa = { path = "../sdk", version = "0.46.0", features = ["openssl"] }
+c2pa = { path = "../sdk", version = "0.46.0" }
 c2pa-crypto = { path = "../internal/crypto", version = "0.6.2" }
 c2pa-status-tracker = { path = "../internal/status-tracker", version = "0.5.0" }
 chrono = { version = "0.4.38", features = ["serde"] }

make_test_images/Cargo.toml

@@ -32,4 +32,4 @@ tempfile = "3.15.0"
 
 [features]
 # prevents these features from being always enabled in the workspace
-default = ["c2pa/openssl_sign", "c2pa/file_io"]
+default = ["c2pa/file_io"]

sdk/Cargo.toml

@@ -27,12 +27,10 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [features]
 add_thumbnails = ["image"]
-file_io = ["openssl_sign"]
+file_io = []
 serialize_thumbnails = []
 no_interleaved_io = ["file_io"]
 fetch_remote_manifests = ["dep:wasi"]
-openssl = []
-openssl_sign = ["openssl"]
 json_schema = ["dep:schemars", "c2pa-crypto/json_schema"]
 pdf = ["dep:lopdf"]
 v1_api = []

sdk/examples/client/main.rs

@@ -15,10 +15,8 @@ use anyhow::Result;
 // This example is not designed to work with a wasm build
 // so we provide this shell to avoid testing errors
 
-#[cfg(feature = "openssl")]
 mod client;
 fn main() -> Result<()> {
-    #[cfg(feature = "openssl")]
     client::main()?;
     Ok(())
 }

sdk/examples/data_hash.rs

@@ -14,30 +14,30 @@
 // Example code (in unit test) for how you might use client DataHash values.  This allows clients
 // to perform the manifest embedding and optionally the hashing
 
-#[cfg(any(feature = "openssl_sign", feature = "file_io"))]
+#[cfg(feature = "file_io")]
 use std::{
     io::{Cursor, Read, Seek, Write},
     path::{Path, PathBuf},
 };
 
-#[cfg(any(feature = "openssl_sign", feature = "file_io"))]
+#[cfg(feature = "file_io")]
 use c2pa::{
     assertions::{
         c2pa_action, labels::*, Action, Actions, CreativeWork, DataHash, Exif, SchemaDotOrgPerson,
     },
     create_signer, hash_stream_by_alg, Builder, ClaimGeneratorInfo, HashRange, Ingredient, Reader,
     Relationship, Result,
 };
-#[cfg(any(feature = "openssl_sign", feature = "file_io"))]
+#[cfg(feature = "file_io")]
 use c2pa_crypto::raw_signature::SigningAlg;
 
 fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
     println!("DataHash demo");
 
-    #[cfg(all(feature = "openssl_sign", feature = "file_io"))]
+    #[cfg(feature = "file_io")]
     user_data_hash_with_sdk_hashing()?;
     println!("Done with SDK hashing1");
-    #[cfg(all(feature = "openssl_sign", feature = "file_io"))]
+    #[cfg(feature = "file_io")]
     user_data_hash_with_user_hashing()?;
     println!("Done with SDK hashing2");
     Ok(())
@@ -86,7 +86,7 @@ fn builder_from_source<S: AsRef<Path>>(source: S) -> Result<Builder> {
     Ok(builder)
 }
 
-#[cfg(all(feature = "openssl_sign", feature = "file_io"))]
+#[cfg(feature = "file_io")]
 fn user_data_hash_with_sdk_hashing() -> Result<()> {
     // You will often implement your own Signer trait to perform on device signing
     let signcert_path = "sdk/tests/fixtures/certs/es256.pub";
@@ -146,7 +146,7 @@ fn user_data_hash_with_sdk_hashing() -> Result<()> {
     Ok(())
 }
 
-#[cfg(all(feature = "openssl_sign", feature = "file_io"))]
+#[cfg(feature = "file_io")]
 fn user_data_hash_with_user_hashing() -> Result<()> {
     // You will often implement your own Signer trait to perform on device signing
     let signcert_path = "sdk/tests/fixtures/certs/es256.pub";

sdk/examples/show.rs

@@ -15,7 +15,6 @@
 use anyhow::Result;
 use c2pa::Reader;
 
-#[cfg(feature = "openssl")]
 fn main() -> Result<()> {
     let args: Vec<String> = std::env::args().collect();
     if args.len() > 1 {

sdk/examples/v2api.rs

@@ -160,7 +160,6 @@ fn main() -> Result<()> {
     Ok(())
 }
 
-// #[cfg(feature = "openssl")]
 // use openssl::{error::ErrorStack, pkey::PKey};
 // #[cfg(feature = "openssl")]
 // fn ed_sign(data: &[u8], pkey: &[u8]) -> std::result::Result<Vec<u8>, ErrorStack> {
@@ -171,14 +170,14 @@ fn main() -> Result<()> {
 
 #[cfg(test)]
 mod tests {
-    #[cfg(target_arch = "wasm32")]
+    #[cfg(all(target_arch = "wasm32", not(target_os = "wasi")))]
     use wasm_bindgen_test::*;
 
     use super::*;
 
     #[cfg_attr(not(target_arch = "wasm32"), actix::test)]
     #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)]
-    #[cfg_attr(not(any(target_arch = "wasm32", feature = "openssl")), ignore)]
+    #[cfg_attr(target_os = "wasi", wstd::test)]
     async fn test_v2_api() -> Result<()> {
         main()
     }

sdk/examples/v2show.rs

@@ -14,12 +14,12 @@
 //! Example App that generates a manifest store listing for a given file
 
 use anyhow::Result;
-#[cfg(any(not(feature = "openssl"), target_arch = "wasm32"))]
+#[cfg(target_arch = "wasm32")]
 fn main() -> Result<()> {
     Ok(())
 }
 
-#[cfg(all(feature = "openssl", not(target_arch = "wasm32")))]
+#[cfg(not(target_arch = "wasm32"))]
 fn main() -> Result<()> {
     use std::io::Read;
 

sdk/src/assertions/bmff_hash.rs

@@ -1259,7 +1259,6 @@ pub mod tests {
     //use super::*;
     use crate::utils::test::fixture_path;
 
-    #[cfg(feature = "openssl")]
     #[test]
     fn test_fragemented_mp4() {
         use crate::{

sdk/src/asset_handlers/bmff_io.rs

@@ -1847,7 +1847,7 @@ pub mod tests {
         io_utils::tempdirectory,
         test::{fixture_path, temp_dir_path},
     };
-    #[cfg(all(feature = "openssl", feature = "file_io"))]
+    #[cfg(all(feature = "v1_api", feature = "file_io"))]
     #[test]
     fn test_read_mp4() {
         use c2pa_status_tracker::DetailedStatusTracker;

sdk/src/builder.rs

@@ -1116,9 +1116,9 @@ mod tests {
     use wasm_bindgen_test::*;
 
     use super::*;
-    #[cfg(any(feature = "openssl_sign", target_arch = "wasm32"))]
-    use crate::{assertions::BoxHash, asset_handlers::jpeg_io::JpegIO};
     use crate::{
+        assertions::BoxHash,
+        asset_handlers::jpeg_io::JpegIO,
         hash_stream_by_alg,
         utils::{test::write_jpeg_placeholder_stream, test_signer::test_signer},
         validation_results::ValidationState,
@@ -1190,7 +1190,7 @@ mod tests {
         .to_string()
     }
 
-    #[cfg(any(feature = "file_io", feature = "openssl_sign"))]
+    #[cfg(feature = "file_io")]
     const TEST_IMAGE_CLEAN: &[u8] = include_bytes!("../tests/fixtures/IMG_0003.jpg");
     const TEST_IMAGE: &[u8] = include_bytes!("../tests/fixtures/CA.jpg");
     const TEST_THUMBNAIL: &[u8] = include_bytes!("../tests/fixtures/thumbnail.jpg");
@@ -1290,7 +1290,6 @@ mod tests {
     }
 
     #[test]
-    #[cfg_attr(not(any(target_arch = "wasm32", feature = "openssl_sign")), ignore)]
     fn test_builder_sign() {
         #[derive(Serialize, Deserialize)]
         struct TestAssertion {
@@ -1459,7 +1458,6 @@ mod tests {
         all(target_arch = "wasm32", not(target_os = "wasi")),
         wasm_bindgen_test
     )]
-    #[cfg_attr(not(any(target_arch = "wasm32", feature = "openssl_sign")), ignore)]
     #[cfg_attr(target_os = "wasi", wstd::test)]
     async fn test_builder_remote_sign() {
         let format = "image/jpeg";
@@ -1498,7 +1496,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "openssl_sign")]
+    #[cfg(feature = "file_io")]
     fn test_builder_remote_url() {
         let mut source = Cursor::new(TEST_IMAGE_CLEAN);
         let mut dest = Cursor::new(Vec::new());
@@ -1531,7 +1529,6 @@ mod tests {
     }
 
     #[test]
-    #[cfg_attr(not(any(target_arch = "wasm32", feature = "openssl_sign")), ignore)]
     fn test_builder_data_hashed_embeddable() {
         const CLOUD_IMAGE: &[u8] = include_bytes!("../tests/fixtures/cloud.jpg");
         let mut input_stream = Cursor::new(CLOUD_IMAGE);
@@ -1596,10 +1593,7 @@ mod tests {
         wasm_bindgen_test
     )]
     #[cfg_attr(target_os = "wasi", wstd::test)]
-    #[cfg(any(
-        target_arch = "wasm32",
-        all(feature = "openssl_sign", feature = "file_io")
-    ))]
+    #[cfg(any(target_arch = "wasm32", feature = "file_io"))]
     async fn test_builder_box_hashed_embeddable() {
         use crate::asset_io::{CAIWriter, HashBlockObjectType};
         const BOX_HASH_IMAGE: &[u8] = include_bytes!("../tests/fixtures/boxhash.jpg");
@@ -1704,7 +1698,6 @@ mod tests {
         );
     }
 
-    #[cfg(feature = "openssl_sign")]
     const MANIFEST_JSON: &str = r#"{
         "claim_generator": "test",
         "claim_generator_info": [
@@ -1835,7 +1828,6 @@ mod tests {
     }"#;
 
     #[test]
-    #[cfg(feature = "openssl_sign")]
     /// tests and illustrates how to add assets to a non-file based manifest by using a stream
     fn from_json_with_stream_full_resources() {
         use crate::assertions::Relationship;

sdk/src/claim.rs

@@ -2845,7 +2845,6 @@ pub(crate) fn check_ocsp_status(
     }
 }
 
-#[cfg(feature = "openssl")]
 #[cfg(test)]
 pub mod tests {
     #![allow(clippy::expect_used)]

sdk/src/cose_sign.rs

@@ -268,12 +268,11 @@ mod tests {
     use c2pa_crypto::raw_signature::SigningAlg;
 
     use super::sign_claim;
-    #[cfg(all(any(feature = "openssl_sign", target_os = "wasi"), feature = "file_io"))]
+    #[cfg(feature = "file_io")]
     use crate::utils::test_signer::async_test_signer;
     use crate::{claim::Claim, utils::test_signer::test_signer, Result, Signer};
 
     #[test]
-    #[cfg_attr(not(any(target_arch = "wasm32", feature = "openssl_sign")), ignore)]
     fn test_sign_claim() {
         let mut claim = Claim::new("extern_sign_test", Some("contentauth"), 1);
         claim.build().unwrap();
@@ -288,7 +287,7 @@ mod tests {
         assert_eq!(cose_sign1.len(), box_size);
     }
 
-    #[cfg(all(any(feature = "openssl_sign", target_os = "wasi"), feature = "file_io"))]
+    #[cfg(feature = "file_io")]
     #[cfg_attr(not(target_arch = "wasm32"), actix::test)]
     #[cfg_attr(target_os = "wasi", wstd::test)]
     async fn test_sign_claim_async() {
@@ -357,7 +356,6 @@ mod tests {
 
         let _cose_sign1 = sign_claim(&claim_bytes, &signer, box_size);
 
-        #[cfg(any(feature = "openssl", target_os = "wasi"))] // there is no verify on sign when openssl is disabled
         assert!(_cose_sign1.is_err());
     }
 }

sdk/src/cose_validator.rs

@@ -178,7 +178,6 @@ pub(crate) fn get_signing_info(
 
 #[allow(unused_imports)]
 #[allow(clippy::unwrap_used)]
-#[cfg(feature = "openssl_sign")]
 #[cfg(test)]
 pub mod tests {
     use c2pa_crypto::raw_signature::SigningAlg;
@@ -214,7 +213,6 @@ pub mod tests {
         assert_eq!(signing_time, None);
     }
     #[test]
-    #[cfg(feature = "openssl_sign")]
     fn test_stapled_ocsp() {
         use c2pa_crypto::{
             raw_signature::{signer_from_cert_chain_and_private_key, RawSigner, RawSignerError},