diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 23729d579c..4bc2678683 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -474,9 +474,7 @@ add_library( rand_extra/deterministic.c rand_extra/entropy_passive.c rand_extra/forkunsafe.c - rand_extra/fuchsia.c rand_extra/rand_extra.c - rand_extra/trusty.c rand_extra/windows.c rc4/rc4.c refcount_c11.c diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 6c610cbf34..31eabded4c 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -76,7 +76,6 @@ #include "cpucap/cpu_aarch64_sysreg.c" #include "cpucap/cpu_aarch64_apple.c" #include "cpucap/cpu_aarch64_freebsd.c" -#include "cpucap/cpu_aarch64_fuchsia.c" #include "cpucap/cpu_aarch64_linux.c" #include "cpucap/cpu_aarch64_openbsd.c" #include "cpucap/cpu_aarch64_win.c" diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_fuchsia.c b/crypto/fipsmodule/cpucap/cpu_aarch64_fuchsia.c deleted file mode 100644 index 4757015a8a..0000000000 --- a/crypto/fipsmodule/cpucap/cpu_aarch64_fuchsia.c +++ /dev/null @@ -1,57 +0,0 @@ -/* Copyright (c) 2018, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include "internal.h" - -#if defined(OPENSSL_AARCH64) && defined(OPENSSL_FUCHSIA) && \ - !defined(OPENSSL_STATIC_ARMCAP) - -#include -#include -#include - -#include - - -void OPENSSL_cpuid_setup(void) { - uint32_t hwcap; - zx_status_t rc = zx_system_get_features(ZX_FEATURE_KIND_CPU, &hwcap); - if (rc != ZX_OK || (hwcap & ZX_ARM64_FEATURE_ISA_ASIMD) == 0) { - // If NEON/ASIMD is missing, don't report other features either. This - // matches OpenSSL, and the other features depend on SIMD registers. - return; - } - - OPENSSL_armcap_P |= ARMV7_NEON; - - if (hwcap & ZX_ARM64_FEATURE_ISA_AES) { - OPENSSL_armcap_P |= ARMV8_AES; - } - if (hwcap & ZX_ARM64_FEATURE_ISA_PMULL) { - OPENSSL_armcap_P |= ARMV8_PMULL; - } - if (hwcap & ZX_ARM64_FEATURE_ISA_SHA1) { - OPENSSL_armcap_P |= ARMV8_SHA1; - } - if (hwcap & ZX_ARM64_FEATURE_ISA_SHA256) { - OPENSSL_armcap_P |= ARMV8_SHA256; - } - if (hwcap & ZX_ARM64_FEATURE_ISA_SHA512) { - OPENSSL_armcap_P |= ARMV8_SHA512; - } - - OPENSSL_cpucap_initialized = 1; -} - -#endif // OPENSSL_AARCH64 && OPENSSL_FUCHSIA && !OPENSSL_STATIC_ARMCAP diff --git a/crypto/fipsmodule/rand/fork_detect.c b/crypto/fipsmodule/rand/fork_detect.c index e600a786d7..536737ebd3 100644 --- a/crypto/fipsmodule/rand/fork_detect.c +++ b/crypto/fipsmodule/rand/fork_detect.c @@ -155,7 +155,7 @@ void CRYPTO_fork_detect_ignore_madv_wipeonfork_for_testing(void) { *g_ignore_madv_wipeonfork_bss_get() = 1; } -#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) +#elif defined(OPENSSL_WINDOWS) // These platforms are guaranteed not to fork, and therefore do not require // fork detection support. Returning a constant non zero value makes BoringSSL diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index aec460203b..ab8fbd3d07 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -28,10 +28,6 @@ extern "C" { #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) #define OPENSSL_RAND_DETERMINISTIC -#elif defined(OPENSSL_FUCHSIA) -#define OPENSSL_RAND_FUCHSIA -#elif defined(OPENSSL_TRUSTY) -#define OPENSSL_RAND_TRUSTY #elif defined(OPENSSL_WINDOWS) #define OPENSSL_RAND_WINDOWS #else diff --git a/crypto/rand_extra/fuchsia.c b/crypto/rand_extra/fuchsia.c deleted file mode 100644 index 99c8500563..0000000000 --- a/crypto/rand_extra/fuchsia.c +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright (c) 2017, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#if !defined(_DEFAULT_SOURCE) -#define _DEFAULT_SOURCE // Needed for getentropy on musl and glibc -#endif - -#include - -#include "../fipsmodule/rand/internal.h" - -#if defined(OPENSSL_RAND_FUCHSIA) - -#include -#include - -#include - -void CRYPTO_sysrand(uint8_t *out, size_t requested) { - zx_cprng_draw(out, requested); -} - -void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { - CRYPTO_sysrand(out, requested); -} - -#endif // OPENSSL_RAND_FUCHSIA diff --git a/crypto/rand_extra/getentropy_test.cc b/crypto/rand_extra/getentropy_test.cc index 7f0c43ac7c..a2d5fd26ec 100644 --- a/crypto/rand_extra/getentropy_test.cc +++ b/crypto/rand_extra/getentropy_test.cc @@ -26,7 +26,7 @@ #include -#if defined(OPENSSL_MACOS) || defined(OPENSSL_FUCHSIA) +#if defined(OPENSSL_MACOS) #include #endif diff --git a/crypto/rand_extra/rand_test.cc b/crypto/rand_extra/rand_test.cc index 8c3246218d..aa48bdc948 100644 --- a/crypto/rand_extra/rand_test.cc +++ b/crypto/rand_extra/rand_test.cc @@ -65,7 +65,7 @@ TEST(RandTest, NotObviouslyBroken) { } #if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_IOS) && \ - !defined(OPENSSL_FUCHSIA) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) + !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) static bool ForkAndRand(bssl::Span out, bool fork_unsafe_buffering) { int pipefds[2]; if (pipe(pipefds) < 0) { @@ -174,7 +174,7 @@ TEST(RandTest, Fork) { } } #endif // !OPENSSL_WINDOWS && !OPENSSL_IOS && - // !OPENSSL_FUCHSIA && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE + // !BORINGSSL_UNSAFE_DETERMINISTIC_MODE #if defined(OPENSSL_THREADS) static void RunConcurrentRands(size_t num_threads) { diff --git a/crypto/rand_extra/trusty.c b/crypto/rand_extra/trusty.c deleted file mode 100644 index d5b82e95b3..0000000000 --- a/crypto/rand_extra/trusty.c +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright (c) 2023, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#include - -#include "../fipsmodule/rand/internal.h" - -#if defined(OPENSSL_RAND_TRUSTY) -#include -#include - -#include -#include - -#include - -void CRYPTO_sysrand(uint8_t *out, size_t requested) { - if (trusty_rng_hw_rand(out, requested) != NO_ERROR) { - abort(); - } -} - -void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { - CRYPTO_sysrand(out, requested); -} - -#endif // OPENSSL_RAND_TRUSTY diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c index 1721da5d99..ebce685914 100644 --- a/crypto/x509/x509_def.c +++ b/crypto/x509/x509_def.c @@ -58,11 +58,7 @@ // TODO(fork): cleanup -#if defined(OPENSSL_FUCHSIA) -#define OPENSSLDIR "/config/ssl" -#else #define OPENSSLDIR "/etc/ssl" -#endif #define X509_CERT_AREA OPENSSLDIR #define X509_CERT_DIR OPENSSLDIR "/certs" diff --git a/include/openssl/target.h b/include/openssl/target.h index 35f1add1aa..eb794f8a5a 100644 --- a/include/openssl/target.h +++ b/include/openssl/target.h @@ -86,7 +86,7 @@ #define OPENSSL_WINDOWS #endif -// Trusty and Android baremetal aren't Linux but currently define __linux__. +// Android baremetal aren't Linux but currently define __linux__. // As a workaround, we exclude them here. // We also exclude nanolibc/CrOS EC/Zephyr. nanolibc/CrOS EC/Zephyr // sometimes build for a non-Linux target (which should not define __linux__), @@ -94,32 +94,14 @@ // userspace, this lacks all the libc APIs we'd normally expect on Linux, so we // treat it as a non-Linux target. // -// TODO(b/169780122): Remove this workaround once Trusty no longer defines it. // TODO(b/291101350): Remove this workaround once Android baremetal no longer // defines it. -#if defined(__linux__) && !defined(__TRUSTY__) && \ +#if defined(__linux__) && \ !defined(ANDROID_BAREMETAL) && !defined(OPENSSL_NANOLIBC) && \ !defined(CROS_EC) && !defined(CROS_ZEPHYR) #define OPENSSL_LINUX #endif -#if defined(__Fuchsia__) -#define OPENSSL_FUCHSIA -#endif - -// Trusty is Android's TEE target. See -// https://source.android.com/docs/security/features/trusty -// -// Defining this on any other platform is not supported. Other embedded -// platforms must introduce their own defines. -#if defined(__TRUSTY__) -#define OPENSSL_TRUSTY -#define OPENSSL_NO_FILESYSTEM -#define OPENSSL_NO_POSIX_IO -#define OPENSSL_NO_SOCK -#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED -#endif - // nanolibc is a particular minimal libc implementation. Defining this on any // other platform is not supported. Other embedded platforms must introduce // their own defines. diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index e558f633a3..8f7d684cda 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -65,13 +65,7 @@ namespace bssl { namespace acvp { -#if defined(OPENSSL_TRUSTY) -#include -#define LOG_ERROR(...) TLOGE(__VA_ARGS__) -#define TLOG_TAG "modulewrapper" -#else #define LOG_ERROR(...) fprintf(stderr, __VA_ARGS__) -#endif // OPENSSL_TRUSTY #define AES_GCM_NONCE_LENGTH 12