third_party/boringssl: Use CROS_EC/CROS_ZEPHYR define instead of TRUSTY
boringssl now has official support for the CROS_EC/CROS_ZEPHYR platform, so use that instead of pretending to be Trusty. BUG=b:273639386 TEST=make BOARD=bloonchipper -j TEST=zmake build bloonchipper Cq-Depend: chrome-internal:6840468 Change-Id: Ie137d91aeeaf4e323f68be202f15d79bfead923b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/5214666 Tested-by: Tom Hughes <tomhughes@chromium.org> Commit-Queue: Patryk Duda <patrykd@google.com> Reviewed-by: Yi Chou <yich@google.com> Code-Coverage: Patryk Duda <patrykd@google.com>
This commit is contained in:
parent
f14ac4155d
commit
14190fa637
|
@ -29,18 +29,9 @@ else()
|
|||
set(CMAKE_BUILD_TYPE Release)
|
||||
endif()
|
||||
|
||||
# TODO(b/273639386): Remove these workarounds when the upstream supports
|
||||
# better way to disable the filesystem, threads and locks usages.
|
||||
set(CMAKE_SYSTEM_NAME Linux)
|
||||
# TODO(b/273639386): Remove ANDROID when upstream is fixed.
|
||||
set(ANDROID TRUE)
|
||||
zephyr_compile_definitions(__TRUSTY__)
|
||||
|
||||
# Zephyr defines _XOPEN_SOURCE=600 when compiling 'posix' architecture,
|
||||
# but BoringSSL defines _XOPEN_SOURCE=700. Since redefining is not allowed
|
||||
# in compiler command line, undefine _XOPEN_SOURCE.
|
||||
if (DEFINED CONFIG_ARCH_POSIX)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -U_XOPEN_SOURCE")
|
||||
endif()
|
||||
zephyr_compile_definitions(CROS_ZEPHYR)
|
||||
|
||||
# We are not going to install BoringSSL, so don't generate install rules.
|
||||
set(CMAKE_SKIP_INSTALL_RULES YES)
|
||||
|
@ -62,7 +53,7 @@ add_subdirectory(${BORINGSSL_SOURCES} build EXCLUDE_FROM_ALL)
|
|||
# Link 'crypto' library into boringssl library.
|
||||
zephyr_library_link_libraries(crypto)
|
||||
|
||||
# Provide implementation of CRYPTO_sysrand() using Zephyr Entropy Device.
|
||||
# Provide implementation of getentropy() using Zephyr Entropy Device.
|
||||
zephyr_library_sources_ifdef(CONFIG_BORINGSSL_HARDWARE_ENTROPY
|
||||
common/sysrand_zephyr.c)
|
||||
|
||||
|
|
|
@ -4,18 +4,11 @@
|
|||
|
||||
set(CMAKE_BUILD_TYPE Release)
|
||||
|
||||
# TODO(b/273639386): Remove these workarounds when the upstream supports
|
||||
# better way to disable the filesystem, threads and locks usages.
|
||||
set(CMAKE_SYSTEM_NAME Linux)
|
||||
|
||||
set(CMAKE_TRY_COMPILE_PLATFORM_VARIABLES CROS_EC_REPO CROSS_COMPILE CC_NAME CXX_NAME)
|
||||
include("${CROS_EC_REPO}/cmake/toolchain-common.cmake")
|
||||
|
||||
# Pretend as "Trusty", an embedded platform.
|
||||
# TODO(b/273639386): Remove these workarounds when the upstream supports
|
||||
# better way to disable the filesystem, threads and locks usages.
|
||||
add_definitions(-D__TRUSTY__)
|
||||
set(ANDROID TRUE)
|
||||
# Specify our platform, which disables filesystem, threads, etc.
|
||||
add_definitions(-DCROS_EC)
|
||||
|
||||
# TODO(b/287661706): This can be removed once https://crrev.com/c/4610318 lands.
|
||||
if (CMAKE_SYSTEM_PROCESSOR STREQUAL armv7)
|
||||
|
|
|
@ -12,9 +12,6 @@
|
|||
|
||||
#include <unistd.h>
|
||||
|
||||
// We should define the getentropy for boringssl 24.
|
||||
#if BORINGSSL_API_VERSION >= 24
|
||||
|
||||
// We don't want to conflict with the linux getentropy.
|
||||
#if !defined(__linux__)
|
||||
int getentropy(void *buffer, size_t length)
|
||||
|
@ -35,20 +32,3 @@ int getentropy(void *buffer, size_t length)
|
|||
return 0;
|
||||
}
|
||||
#endif // !defined(__linux__)
|
||||
|
||||
// TDOD(b/273639386): Remove this after we uprev the boringssl.
|
||||
#else
|
||||
|
||||
void CRYPTO_sysrand(uint8_t *out, size_t requested)
|
||||
{
|
||||
trng_init();
|
||||
trng_rand_bytes(out, requested);
|
||||
trng_exit();
|
||||
}
|
||||
|
||||
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested)
|
||||
{
|
||||
return CRYPTO_sysrand(out, requested);
|
||||
}
|
||||
|
||||
#endif // BORINGSSL_API_VERSION >= 24
|
||||
|
|
|
@ -15,9 +15,6 @@
|
|||
|
||||
#define rng DEVICE_DT_GET(DT_CHOSEN(zephyr_entropy))
|
||||
|
||||
// We should define the getentropy for boringssl 24.
|
||||
#if BORINGSSL_API_VERSION >= 24
|
||||
|
||||
// We don't want to conflict with the linux getentropy.
|
||||
#if !defined(__linux__)
|
||||
int getentropy(void *buffer, size_t length)
|
||||
|
@ -50,27 +47,3 @@ int getentropy(void *buffer, size_t length)
|
|||
return 0;
|
||||
}
|
||||
#endif // !defined(__linux__)
|
||||
|
||||
// TDOD(b/273639386): Remove this after we uprev the boringssl.
|
||||
#else
|
||||
|
||||
void CRYPTO_sysrand(uint8_t *out, size_t requested)
|
||||
{
|
||||
/*
|
||||
* BoringSSL uses size_t to represent buffer size, but Zephyr uses
|
||||
* uint16_t. Crash the system if user requested more than UINT16_MAX
|
||||
* bytes.
|
||||
*/
|
||||
if (!device_is_ready(rng) || requested > UINT16_MAX)
|
||||
k_oops();
|
||||
|
||||
if (entropy_get_entropy(rng, out, (uint16_t)requested))
|
||||
k_oops();
|
||||
}
|
||||
|
||||
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested)
|
||||
{
|
||||
return CRYPTO_sysrand(out, requested);
|
||||
}
|
||||
|
||||
#endif // BORINGSSL_API_VERSION >= 24
|
||||
|
|
|
@ -100,9 +100,7 @@ CPPFLAGS += -I$(shell pwd)/third_party/boringssl/include
|
|||
|
||||
# Disable the unsupported features to prevent the usage of pthread & socket
|
||||
# related types in headers.
|
||||
# TODO(b/273639386): Remove these workarounds when the upstream supports
|
||||
# better way to disable the filesystem, threads and locks usages.
|
||||
CPPFLAGS += -D__TRUSTY__
|
||||
CPPFLAGS += -DCROS_EC
|
||||
|
||||
$(out)/RO/ec.RO.elf $(out)/RO/ec.RO_B.elf: LDFLAGS_EXTRA += $(BORINGSSL_LDFLAGS)
|
||||
$(out)/RO/ec.RO.elf $(out)/RO/ec.RO_B.elf: $(BORINGSSL_OUTDIR)/libcrypto.a
|
||||
|
|
|
@ -44,16 +44,17 @@ ZTEST(boringssl_crypto, test_rand)
|
|||
zassert_true(memcmp(buf1, buf2, sizeof(buf1)) != 0);
|
||||
}
|
||||
|
||||
ZTEST(boringssl_crypto, test_rand_too_big_request)
|
||||
ZTEST(boringssl_crypto, test_rand_large_request)
|
||||
{
|
||||
uint8_t *buffer = malloc(UINT16_MAX + 1);
|
||||
|
||||
/*
|
||||
* Requests bigger than UINT16_MAX causes k_oops() due to
|
||||
* Zephyr Entropy API limits.
|
||||
* Requests bigger than UINT16_MAX are not supported
|
||||
* by the Zephyr Entropy API. Make sure that BoringSSL can successfully
|
||||
* request more.
|
||||
*/
|
||||
expected_reason = K_ERR_KERNEL_OOPS;
|
||||
CRYPTO_sysrand(buffer, UINT16_MAX + 1);
|
||||
const int buf_size = UINT16_MAX + 1;
|
||||
uint8_t *buffer = calloc(buf_size, 1);
|
||||
uint8_t *zeroes = calloc(buf_size, 1);
|
||||
|
||||
ztest_test_fail();
|
||||
CRYPTO_sysrand(buffer, buf_size);
|
||||
zassert_true(memcmp(buffer, zeroes, buf_size) != 0);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue