chore: Delete OpenSSL (#2659)

I don't know if we used to use OpenSSL for more in the past, but right now we only use it for sha2, which is capably provided by the `sha2` crate instead. In the meantime every last problem I have had with the build system has been due to OpenSSL's inclusion. This PR removes the last vestiges of OpenSSL along with the build system hacks necessary to build it.

.github/workflows/e2e.yml

@@ -41,7 +41,6 @@ jobs:
           fetch-depth: 0
       - name: Setup environment variables
         run: |
-          echo "OPENSSL_STATIC=yes" >> $GITHUB_ENV
           echo "RUSTFLAGS=--remap-path-prefix=${GITHUB_WORKSPACE}=/builds/dfinity" >> $GITHUB_ENV
       - name: Cache Cargo
         uses: actions/cache@v2
@@ -58,17 +57,6 @@ jobs:
           toolchain: ${{ matrix.rust }}
           override: true
         if: contains(matrix.os, 'macos')
-      - name: Build static-linked openssl
-        run: |
-          # https://github.com/rust-lang/cargo/issues/713#issuecomment-59597433
-          git clone git://git.openssl.org/openssl.git
-          cd openssl
-          ./config -fPIC --prefix=/usr/local --openssldir=/usr/local/ssl
-          make
-          sudo make install
-          echo "OPENSSL_LIB_DIR=/usr/local/lib64" >> $GITHUB_ENV
-          echo "OPENSSL_INCLUDE_DIR=/usr/local/include" >> $GITHUB_ENV
-        if: contains(matrix.target, 'linux-gnu')
       - name: Build
         run: |
           cargo clean --target ${{ matrix.target }} --release

.github/workflows/publish.yml

@@ -47,7 +47,6 @@ jobs:
 
       - name: Setup environment variables
         run: |
-          echo "OPENSSL_STATIC=yes" >> $GITHUB_ENV
           echo "RUSTFLAGS=--remap-path-prefix=${GITHUB_WORKSPACE}=/builds/dfinity" >> $GITHUB_ENV
 
       # GITHUB_REF_NAME will be something link 2353/merge for branch builds, which isn't great as a dfx version
@@ -75,18 +74,6 @@ jobs:
           override: true
         if: contains(matrix.os, 'macos')
 
-      - name: Build static-linked openssl
-        run: |
-          # https://github.com/rust-lang/cargo/issues/713#issuecomment-59597433
-          git clone git://git.openssl.org/openssl.git
-          cd openssl
-          ./config -fPIC --prefix=/usr/local --openssldir=/usr/local/ssl
-          make
-          sudo make install
-          echo "OPENSSL_LIB_DIR=/usr/local/lib64" >> $GITHUB_ENV
-          echo "OPENSSL_INCLUDE_DIR=/usr/local/include" >> $GITHUB_ENV
-        if: contains(matrix.target, 'linux-gnu')
-
       - name: Build
         run: |
           cargo clean --target ${{ matrix.target }} --release

src/dfx/Cargo.toml

@@ -12,7 +12,7 @@ path = "src/main.rs"
 [build-dependencies]
 flate2 = "1.0.11"
 hex = "0.4.2"
-openssl = "0.10.32"
+sha2 = "0.10.6"
 tar = "0.4.26"
 walkdir = "2.3.2"
 
@@ -54,13 +54,12 @@ mime = "0.3.16"
 mime_guess = "2.0.4"
 net2 = "0.2.34"
 num-traits = "0.2"
-openssl = "0.10.32"
 pem = "1.0.2"
 petgraph = "0.6.0"
 rand = "0.8.5"
 regex = "1.5.5"
 ring = "0.16.11"
-reqwest = { version = "0.11.9", features = [ "blocking", "json", "rustls-tls" ] }
+reqwest = { version = "0.11.9", default-features = false, features = [ "blocking", "json", "rustls-tls", "native-tls-vendored" ] }
 rustls = "0.20.4"
 rust_decimal = "1.22.0"
 schemars = "0.8"
@@ -69,6 +68,7 @@ serde = "1.0"
 serde_bytes = "0.11.2"
 serde_cbor = "0.11.1"
 serde_json = "1.0.79"
+sha2 = "0.10.6"
 shell-words = "1.1.0"
 slog = { version = "2.5.2", features = ["max_level_trace"] }
 slog-async = "2.4.0"
@@ -107,6 +107,3 @@ env_logger = "0.9"
 proptest = "1.0"
 mockito = "0.31.0"
 tempfile = "3.1.0"
-
-[features]
-vendored-openssl = ["openssl/vendored"]

src/dfx/assets/build.rs

@@ -1,6 +1,6 @@
 use flate2::write::GzEncoder;
 use flate2::Compression;
-use openssl::sha::Sha256;
+use sha2::{Digest, Sha256};
 use std::fs::{read_to_string, File};
 use std::io::{BufRead, Read, Write};
 use std::path::{Path, PathBuf};
@@ -32,7 +32,7 @@ fn calculate_hash_of_inputs(project_root_path: &Path) -> String {
         sha256.update(&buffer);
     }
 
-    hex::encode(sha256.finish())
+    hex::encode(sha256.finalize())
 }
 
 fn get_project_root_path() -> PathBuf {

src/dfx/src/lib/nns_types/account_identifier.rs

@@ -7,8 +7,8 @@
 use anyhow::Context;
 use candid::CandidType;
 use candid::Principal;
-use openssl::sha::Sha224;
 use serde::{de, de::Error, Deserialize, Serialize};
+use sha2::{Digest, Sha224};
 use std::convert::{TryFrom, TryInto};
 use std::fmt::{Display, Formatter};
 use std::str::FromStr;
@@ -38,7 +38,7 @@ impl AccountIdentifier {
         hash.update(&sub_account.0[..]);
 
         AccountIdentifier {
-            hash: hash.finish(),
+            hash: hash.finalize().into(),
         }
     }
 

src/dfx/src/lib/operations/canister/install_canister.rs

@@ -23,7 +23,7 @@ use ic_utils::interfaces::management_canister::builders::{CanisterInstall, Insta
 use ic_utils::interfaces::ManagementCanister;
 use ic_utils::Argument;
 use itertools::Itertools;
-use openssl::sha::sha256;
+use sha2::{Digest, Sha256};
 use slog::info;
 use std::collections::HashSet;
 use std::io::stdin;
@@ -103,10 +103,10 @@ pub async fn install_canister(
     let wasm_path = canister_info.get_build_wasm_path();
     let wasm_module = std::fs::read(&wasm_path)
         .with_context(|| format!("Failed to read {}.", wasm_path.to_string_lossy()))?;
-    let new_hash = sha256(&wasm_module);
+    let new_hash = Sha256::digest(&wasm_module);
 
     if mode == InstallMode::Upgrade
-        && matches!(&installed_module_hash, Some(old_hash) if old_hash[..] == new_hash)
+        && matches!(&installed_module_hash, Some(old_hash) if old_hash[..] == new_hash[..])
         && !upgrade_unchanged
     {
         println!(
@@ -139,7 +139,7 @@ pub async fn install_canister(
             .await
         {
             Ok(reported_hash) => {
-                if reported_hash == new_hash {
+                if reported_hash[..] == new_hash[..] {
                     break;
                 } else if installed_module_hash
                     .as_deref()