impl(common+storage): remove OpenSSL dependency on Windows

[teo-tsirpanis]

Fixes #13746

This PR reimplements the cryptography routines on top of Windows APIs, removing the dependency to OpenSSL on Windows¹.

Validated by successfully running the relevant tests locally. I also did some minor cleanups where applicable.

---

This change is 

Footnotes

1. At least for the REST client libraries; gRPC has its own dependency on OpenSSL. ↩

[devbww]

/gcbrun

[codecov]

Codecov Report

Attention: Patch coverage is 89.34426% with 13 lines in your changes are missing coverage. Please review.

Project coverage is 93.04%. Comparing base (4832108) to head (d2444bd).
Report is 3 commits behind head on main.

Files	Patch %	Lines
...internal/openssl/parse_service_account_p12_file.cc	79.03%	13 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #13785   +/-   ##
=======================================
  Coverage   93.04%   93.04%           
=======================================
  Files        2176     2178    +2     
  Lines      185186   185178    -8     
=======================================
- Hits       172308   172302    -6     
+ Misses      12878    12876    -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coryan]

First, thank you for preparing this PR. These are difficult APIs and the changes look good.

Second, I think we should take some time to refactor the code so these changes are easier to maintain in the future. Most of my comments below go along those lines.

Third, I think we need to think about the test coverage consequences. For example, our ASAN builds only run on Linux, and that makes sense because the code is (or was) largely identical on Linux, macOS and Windows. This change introduces a number of tricky allocations / deallocations that (to my eyes) look correct, but I would feel better if they were also tested by some dynamic analyzer. @scotthart our infrastructure cannot handle that at the moment, we should consider if (and how) we would support code that is more specialized for Windows.

@teo-tsirpanis you may want to hold off on making more changes until we had a chance to discuss this internally.

[coryan]

Thanks for being patient with us, and thanks for sending this PR. I think we really want to break the dependency on OpenSSL on Windows, and your changes are in the right direction.

I think we want to make some refactoring before making these changes. I will be doing the refactoring and CC you on the PRs so you can see where things are going. Feel free to rebase this PR or create a new PR at the end, whatever works for you.

The changes I have in mind include:

• Remove the duplicate implementation of SingUsingSha256 (see refactor(storage): de-duplicate SignWithPem() #13825).
• Rename google/cloud/internal/openssl_utils.h to something that does not speak to the library we use to implement these things, maybe google/cloud/internal/sign_using_sha256.{h,cc}.
• Split the google/cloud/storage/internal/openssl_utils.* into files by function, e.g., .../internal/base64.* and .../internal/md5.*

After you merge your changes I will probably reorganize the code to reduce the number of #ifdefs. I think we would prefer files that are only compiled when needed, or that have a single #ifdef for the whole file. Those changes are not as urgent, and require a deeper understanding of our build scripts, so we will make them. I just mention them because you may find the code changed after your PR.

Again, thanks for this contribution, and let me know how you would like to proceed.

[coryan]

@teo-tsirpanis more refactoring in #13826

[coryan]

It seems to be Bazel:

https://github.com/bazelbuild/bazel/blob/3ce7424e7f48780c659d63de40132dccf9e026c8/tools/cpp/windows_cc_toolchain_config.bzl#L662

[teo-tsirpanis]

Thanks for finding out. Is there a way to work around it?

[coryan]

/gcbrun

[teo-tsirpanis]

Running clang-format on this file caused all these changes. I initially did not commit them because they were unrelated, but the checkers CI job keeps failing.

No other file changed by this PR gets changed after running clang-format.

[coryan]

You probably have a slightly different version of clang-format. The checkers job is failing for other reasons, the diff is available at

https://github.com/googleapis/google-cloud-cpp/pull/13785/checks?check_run_id=23211048683

There are problems are (mostly) formatting of the CMake files.

[coryan]

You probably have a slightly different version of clang-format. The checkers job is failing for other reasons, the diff is available at

https://github.com/googleapis/google-cloud-cpp/pull/13785/checks?check_run_id=23211048683

There are problems are (mostly) formatting of the CMake files.

[teo-tsirpanis]

I installed cmake-format and formatted the files checkers complained about. checkers showed six files in its diff, and my latest commit (919fa1e) changed these six files.

[coryan]

LGTM. Let's wait for the CI robots before declaring success.

[coryan]

/gcbrun

[coryan]

I believe the build failures in https://github.com/googleapis/google-cloud-cpp/actions/runs/8472009569/job/23214103847?pr=13785 are fixed in #13836 . @teo-tsirpanis have you had a chance to rebase since #13836 got merged?

[coryan]

/gcbrun

[coryan]

Woo hoo! Thanks for this change. Not only did we remove the dependency on OpenSSL, I think the code is cleaner.

I will be merging the code once the last build succeeds.

[coryan]

Thanks again for the large contribution. We do appreciate it.