aws · torben-hansen · Jan 24, 2025 · Jan 23, 2025
@@ -474,9 +474,7 @@ add_library(
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c
-  rand_extra/fuchsia.c
   rand_extra/rand_extra.c
-  rand_extra/trusty.c
   rand_extra/windows.c
   rc4/rc4.c
   refcount_c11.c

@@ -76,7 +76,6 @@
 #include "cpucap/cpu_aarch64_sysreg.c"
 #include "cpucap/cpu_aarch64_apple.c"
 #include "cpucap/cpu_aarch64_freebsd.c"
-#include "cpucap/cpu_aarch64_fuchsia.c"
 #include "cpucap/cpu_aarch64_linux.c"
 #include "cpucap/cpu_aarch64_openbsd.c"
 #include "cpucap/cpu_aarch64_win.c"

@@ -155,7 +155,7 @@ void CRYPTO_fork_detect_ignore_madv_wipeonfork_for_testing(void) {
   *g_ignore_madv_wipeonfork_bss_get() = 1;
 }
 
-#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY)
+#elif defined(OPENSSL_WINDOWS)
 
 // These platforms are guaranteed not to fork, and therefore do not require
 // fork detection support. Returning a constant non zero value makes BoringSSL

@@ -28,10 +28,6 @@ extern "C" {
 
 #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
 #define OPENSSL_RAND_DETERMINISTIC
-#elif defined(OPENSSL_FUCHSIA)
-#define OPENSSL_RAND_FUCHSIA
-#elif defined(OPENSSL_TRUSTY)
-#define OPENSSL_RAND_TRUSTY
 #elif defined(OPENSSL_WINDOWS)
 #define OPENSSL_RAND_WINDOWS
 #else

@@ -26,7 +26,7 @@
 
 #include <errno.h>
 
-#if defined(OPENSSL_MACOS) || defined(OPENSSL_FUCHSIA)
+#if defined(OPENSSL_MACOS)
 #include <sys/random.h>
 #endif
 

@@ -65,7 +65,7 @@ TEST(RandTest, NotObviouslyBroken) {
 }
 
 #if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_IOS) && \
-    !defined(OPENSSL_FUCHSIA) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
+    !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
 static bool ForkAndRand(bssl::Span<uint8_t> out, bool fork_unsafe_buffering) {
   int pipefds[2];
   if (pipe(pipefds) < 0) {
@@ -174,7 +174,7 @@ TEST(RandTest, Fork) {
   }
 }
 #endif  // !OPENSSL_WINDOWS && !OPENSSL_IOS &&
-        // !OPENSSL_FUCHSIA && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE
+        // !BORINGSSL_UNSAFE_DETERMINISTIC_MODE
 
 #if defined(OPENSSL_THREADS)
 static void RunConcurrentRands(size_t num_threads) {

@@ -58,11 +58,7 @@
 
 // TODO(fork): cleanup
 
-#if defined(OPENSSL_FUCHSIA)
-#define OPENSSLDIR "/config/ssl"
-#else
 #define OPENSSLDIR "/etc/ssl"
-#endif
 
 #define X509_CERT_AREA OPENSSLDIR
 #define X509_CERT_DIR OPENSSLDIR "/certs"

@@ -86,40 +86,22 @@
 #define OPENSSL_WINDOWS
 #endif
 
-// Trusty and Android baremetal aren't Linux but currently define __linux__.
+// Android baremetal aren't Linux but currently define __linux__.
 // As a workaround, we exclude them here.
 // We also exclude nanolibc/CrOS EC/Zephyr. nanolibc/CrOS EC/Zephyr
 // sometimes build for a non-Linux target (which should not define __linux__),
 // but also sometimes build for Linux. Although technically running in Linux
 // userspace, this lacks all the libc APIs we'd normally expect on Linux, so we
 // treat it as a non-Linux target.
 //
-// TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
 // TODO(b/291101350): Remove this workaround once Android baremetal no longer
 // defines it.
-#if defined(__linux__) && !defined(__TRUSTY__) && \
+#if defined(__linux__) && \
     !defined(ANDROID_BAREMETAL) && !defined(OPENSSL_NANOLIBC) && \
     !defined(CROS_EC) && !defined(CROS_ZEPHYR)
 #define OPENSSL_LINUX
 #endif
 
-#if defined(__Fuchsia__)
-#define OPENSSL_FUCHSIA
-#endif
-
-// Trusty is Android's TEE target. See
-// https://source.android.com/docs/security/features/trusty
-//
-// Defining this on any other platform is not supported. Other embedded
-// platforms must introduce their own defines.
-#if defined(__TRUSTY__)
-#define OPENSSL_TRUSTY
-#define OPENSSL_NO_FILESYSTEM
-#define OPENSSL_NO_POSIX_IO
-#define OPENSSL_NO_SOCK
-#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
-#endif
-
 // nanolibc is a particular minimal libc implementation. Defining this on any
 // other platform is not supported. Other embedded platforms must introduce
 // their own defines.

@@ -63,13 +63,7 @@
 namespace bssl {
 namespace acvp {
 
-#if defined(OPENSSL_TRUSTY)
-#include <trusty_log.h>
-#define LOG_ERROR(...) TLOGE(__VA_ARGS__)
-#define TLOG_TAG "modulewrapper"
-#else
 #define LOG_ERROR(...) fprintf(stderr, __VA_ARGS__)
-#endif  // OPENSSL_TRUSTY
 
 #define AES_GCM_NONCE_LENGTH 12