Remove remaining support for Trusty and Fuchsia operating systems (#2136

) These operating systems are unused, untested, and not a priority for us. Remove remnants of them
aws · Jan 24, 2025 · 81f138a · 81f138a
1 parent 1b13cd1
commit 81f138a
Show file tree

Hide file tree

Showing 12 changed files with 6 additions and 174 deletions.
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
@@ -474,9 +474,7 @@ add_library(
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c
-  rand_extra/fuchsia.c
   rand_extra/rand_extra.c
-  rand_extra/trusty.c
   rand_extra/windows.c
   rc4/rc4.c
   refcount_c11.c

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
@@ -76,7 +76,6 @@
 #include "cpucap/cpu_aarch64_sysreg.c"
 #include "cpucap/cpu_aarch64_apple.c"
 #include "cpucap/cpu_aarch64_freebsd.c"
-#include "cpucap/cpu_aarch64_fuchsia.c"
 #include "cpucap/cpu_aarch64_linux.c"
 #include "cpucap/cpu_aarch64_openbsd.c"
 #include "cpucap/cpu_aarch64_win.c"

diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_fuchsia.c b/crypto/fipsmodule/cpucap/cpu_aarch64_fuchsia.c
diff --git a/crypto/fipsmodule/rand/fork_detect.c b/crypto/fipsmodule/rand/fork_detect.c
@@ -155,7 +155,7 @@ void CRYPTO_fork_detect_ignore_madv_wipeonfork_for_testing(void) {
   *g_ignore_madv_wipeonfork_bss_get() = 1;
 }
 
-#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY)
+#elif defined(OPENSSL_WINDOWS)
 
 // These platforms are guaranteed not to fork, and therefore do not require
 // fork detection support. Returning a constant non zero value makes BoringSSL

diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h
@@ -28,10 +28,6 @@ extern "C" {
 
 #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
 #define OPENSSL_RAND_DETERMINISTIC
-#elif defined(OPENSSL_FUCHSIA)
-#define OPENSSL_RAND_FUCHSIA
-#elif defined(OPENSSL_TRUSTY)
-#define OPENSSL_RAND_TRUSTY
 #elif defined(OPENSSL_WINDOWS)
 #define OPENSSL_RAND_WINDOWS
 #else

diff --git a/crypto/rand_extra/fuchsia.c b/crypto/rand_extra/fuchsia.c
diff --git a/crypto/rand_extra/getentropy_test.cc b/crypto/rand_extra/getentropy_test.cc
@@ -26,7 +26,7 @@
 
 #include <errno.h>
 
-#if defined(OPENSSL_MACOS) || defined(OPENSSL_FUCHSIA)
+#if defined(OPENSSL_MACOS)
 #include <sys/random.h>
 #endif
 

diff --git a/crypto/rand_extra/rand_test.cc b/crypto/rand_extra/rand_test.cc
@@ -65,7 +65,7 @@ TEST(RandTest, NotObviouslyBroken) {
 }
 
 #if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_IOS) && \
-    !defined(OPENSSL_FUCHSIA) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
+    !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
 static bool ForkAndRand(bssl::Span<uint8_t> out, bool fork_unsafe_buffering) {
   int pipefds[2];
   if (pipe(pipefds) < 0) {
@@ -174,7 +174,7 @@ TEST(RandTest, Fork) {
   }
 }
 #endif  // !OPENSSL_WINDOWS && !OPENSSL_IOS &&
-        // !OPENSSL_FUCHSIA && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE
+        // !BORINGSSL_UNSAFE_DETERMINISTIC_MODE
 
 #if defined(OPENSSL_THREADS)
 static void RunConcurrentRands(size_t num_threads) {

diff --git a/crypto/rand_extra/trusty.c b/crypto/rand_extra/trusty.c
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
@@ -58,11 +58,7 @@
 
 // TODO(fork): cleanup
 
-#if defined(OPENSSL_FUCHSIA)
-#define OPENSSLDIR "/config/ssl"
-#else
 #define OPENSSLDIR "/etc/ssl"
-#endif
 
 #define X509_CERT_AREA OPENSSLDIR
 #define X509_CERT_DIR OPENSSLDIR "/certs"

diff --git a/include/openssl/target.h b/include/openssl/target.h
@@ -86,40 +86,22 @@
 #define OPENSSL_WINDOWS
 #endif
 
-// Trusty and Android baremetal aren't Linux but currently define __linux__.
+// Android baremetal aren't Linux but currently define __linux__.
 // As a workaround, we exclude them here.
 // We also exclude nanolibc/CrOS EC/Zephyr. nanolibc/CrOS EC/Zephyr
 // sometimes build for a non-Linux target (which should not define __linux__),
 // but also sometimes build for Linux. Although technically running in Linux
 // userspace, this lacks all the libc APIs we'd normally expect on Linux, so we
 // treat it as a non-Linux target.
 //
-// TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
 // TODO(b/291101350): Remove this workaround once Android baremetal no longer
 // defines it.
-#if defined(__linux__) && !defined(__TRUSTY__) && \
+#if defined(__linux__) && \
     !defined(ANDROID_BAREMETAL) && !defined(OPENSSL_NANOLIBC) && \
     !defined(CROS_EC) && !defined(CROS_ZEPHYR)
 #define OPENSSL_LINUX
 #endif
 
-#if defined(__Fuchsia__)
-#define OPENSSL_FUCHSIA
-#endif
-
-// Trusty is Android's TEE target. See
-// https://source.android.com/docs/security/features/trusty
-//
-// Defining this on any other platform is not supported. Other embedded
-// platforms must introduce their own defines.
-#if defined(__TRUSTY__)
-#define OPENSSL_TRUSTY
-#define OPENSSL_NO_FILESYSTEM
-#define OPENSSL_NO_POSIX_IO
-#define OPENSSL_NO_SOCK
-#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
-#endif
-
 // nanolibc is a particular minimal libc implementation. Defining this on any
 // other platform is not supported. Other embedded platforms must introduce
 // their own defines.

diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -65,13 +65,7 @@
 namespace bssl {
 namespace acvp {
 
-#if defined(OPENSSL_TRUSTY)
-#include <trusty_log.h>
-#define LOG_ERROR(...) TLOGE(__VA_ARGS__)
-#define TLOG_TAG "modulewrapper"
-#else
 #define LOG_ERROR(...) fprintf(stderr, __VA_ARGS__)
-#endif  // OPENSSL_TRUSTY
 
 #define AES_GCM_NONCE_LENGTH 12