third_party/boringssl: Use CROS_EC/CROS_ZEPHYR define instead of TRUSTY

boringssl now has official support for the CROS_EC/CROS_ZEPHYR platform,
so use that instead of pretending to be Trusty.

BUG=b:273639386
TEST=make BOARD=bloonchipper -j
TEST=zmake build bloonchipper

Cq-Depend: chrome-internal:6840468
Change-Id: Ie137d91aeeaf4e323f68be202f15d79bfead923b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/5270199
Tested-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-by: Craig Hesling <hesling@chromium.org>
Commit-Queue: Patryk Duda <patrykd@google.com>
Code-Coverage: Tom Hughes <tomhughes@chromium.org>

third_party/boringssl/CMakeLists.txt

@@ -37,18 +37,9 @@ else()
 	set(CMAKE_BUILD_TYPE Release)
 endif()
 
-# TODO(b/273639386): Remove these workarounds when the upstream supports
-# better way to disable the filesystem, threads and locks usages.
-set(CMAKE_SYSTEM_NAME Linux)
+# TODO(b/273639386): Remove ANDROID when upstream is fixed.
 set(ANDROID TRUE)
-zephyr_compile_definitions(__TRUSTY__)
-
-# Zephyr defines _XOPEN_SOURCE=600 when compiling 'posix' architecture,
-# but BoringSSL defines _XOPEN_SOURCE=700. Since redefining is not allowed
-# in compiler command line, undefine _XOPEN_SOURCE.
-if (DEFINED CONFIG_ARCH_POSIX)
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -U_XOPEN_SOURCE")
-endif()
+zephyr_compile_definitions(CROS_ZEPHYR)
 
 # We are not going to install BoringSSL, so don't generate install rules.
 set(CMAKE_SKIP_INSTALL_RULES YES)
@@ -70,7 +61,7 @@ add_subdirectory(${BORINGSSL_SOURCES} build EXCLUDE_FROM_ALL)
 # Link 'crypto' library into boringssl library.
 zephyr_library_link_libraries(crypto)
 
-# Provide implementation of CRYPTO_sysrand() using Zephyr Entropy Device.
+# Provide implementation of getentropy() using Zephyr Entropy Device.
 zephyr_library_sources_ifdef(CONFIG_BORINGSSL_HARDWARE_ENTROPY
 	common/sysrand_zephyr.c)
 

third_party/boringssl/boringssl-toolchain.cmake

@@ -4,18 +4,11 @@
 
 set(CMAKE_BUILD_TYPE Release)
 
-# TODO(b/273639386): Remove these workarounds when the upstream supports
-# better way to disable the filesystem, threads and locks usages.
-set(CMAKE_SYSTEM_NAME Linux)
-
 set(CMAKE_TRY_COMPILE_PLATFORM_VARIABLES CROS_EC_REPO CROSS_COMPILE CC_NAME CXX_NAME)
 include("${CROS_EC_REPO}/cmake/toolchain-common.cmake")
 
-# Pretend as "Trusty", an embedded platform.
-# TODO(b/273639386): Remove these workarounds when the upstream supports
-# better way to disable the filesystem, threads and locks usages.
-add_definitions(-D__TRUSTY__)
-set(ANDROID TRUE)
+# Specify our platform, which disables filesystem, threads, etc.
+add_definitions(-DCROS_EC)
 
 # TODO(b/287661706): This can be removed once https://crrev.com/c/4610318 lands.
 if (CMAKE_SYSTEM_PROCESSOR STREQUAL armv7)

third_party/boringssl/common/sysrand.c

@@ -12,9 +12,6 @@
 
 #include <unistd.h>
 
-// We should define the getentropy for boringssl 24.
-#if BORINGSSL_API_VERSION >= 24
-
 // We don't want to conflict with the linux getentropy.
 #if !defined(__linux__)
 int getentropy(void *buffer, size_t length)
@@ -35,20 +32,3 @@ int getentropy(void *buffer, size_t length)
 	return 0;
 }
 #endif // !defined(__linux__)
-
-// TDOD(b/273639386): Remove this after we uprev the boringssl.
-#else
-
-void CRYPTO_sysrand(uint8_t *out, size_t requested)
-{
-	trng_init();
-	trng_rand_bytes(out, requested);
-	trng_exit();
-}
-
-void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested)
-{
-	return CRYPTO_sysrand(out, requested);
-}
-
-#endif // BORINGSSL_API_VERSION >= 24

third_party/boringssl/common/sysrand_zephyr.c

@@ -15,9 +15,6 @@
 
 #define rng DEVICE_DT_GET(DT_CHOSEN(zephyr_entropy))
 
-// We should define the getentropy for boringssl 24.
-#if BORINGSSL_API_VERSION >= 24
-
 // We don't want to conflict with the linux getentropy.
 #if !defined(__linux__)
 int getentropy(void *buffer, size_t length)
@@ -50,27 +47,3 @@ int getentropy(void *buffer, size_t length)
 	return 0;
 }
 #endif // !defined(__linux__)
-
-// TDOD(b/273639386): Remove this after we uprev the boringssl.
-#else
-
-void CRYPTO_sysrand(uint8_t *out, size_t requested)
-{
-	/*
-	 * BoringSSL uses size_t to represent buffer size, but Zephyr uses
-	 * uint16_t. Crash the system if user requested more than UINT16_MAX
-	 * bytes.
-	 */
-	if (!device_is_ready(rng) || requested > UINT16_MAX)
-		k_oops();
-
-	if (entropy_get_entropy(rng, out, (uint16_t)requested))
-		k_oops();
-}
-
-void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested)
-{
-	return CRYPTO_sysrand(out, requested);
-}
-
-#endif // BORINGSSL_API_VERSION >= 24

third_party/rules.mk

@@ -100,9 +100,7 @@ CPPFLAGS += -I$(shell pwd)/third_party/boringssl/include
 
 # Disable the unsupported features to prevent the usage of pthread & socket
 # related types in headers.
-# TODO(b/273639386): Remove these workarounds when the upstream supports
-# better way to disable the filesystem, threads and locks usages.
-CPPFLAGS += -D__TRUSTY__
+CPPFLAGS += -DCROS_EC
 
 $(out)/RO/ec.RO.elf $(out)/RO/ec.RO_B.elf: LDFLAGS_EXTRA += $(BORINGSSL_LDFLAGS)
 $(out)/RO/ec.RO.elf $(out)/RO/ec.RO_B.elf: $(BORINGSSL_OUTDIR)/libcrypto.a

zephyr/test/boringssl/main.c

@@ -46,16 +46,17 @@ ZTEST(boringssl_crypto, test_rand)
 	zassert_true(memcmp(buf1, buf2, sizeof(buf1)) != 0);
 }
 
-ZTEST(boringssl_crypto, test_rand_too_big_request)
+ZTEST(boringssl_crypto, test_rand_large_request)
 {
-	uint8_t *buffer = malloc(UINT16_MAX + 1);
-
 	/*
-	 * Requests bigger than UINT16_MAX causes k_oops() due to
-	 * Zephyr Entropy API limits.
+	 * Requests bigger than UINT16_MAX are not supported
+	 * by the Zephyr Entropy API. Make sure that BoringSSL can successfully
+	 * request more.
 	 */
-	expected_reason = K_ERR_KERNEL_OOPS;
-	CRYPTO_sysrand(buffer, UINT16_MAX + 1);
+	const int buf_size = UINT16_MAX + 1;
+	uint8_t *buffer = calloc(buf_size, 1);
+	uint8_t *zeroes = calloc(buf_size, 1);
 
-	ztest_test_fail();
+	CRYPTO_sysrand(buffer, buf_size);
+	zassert_true(memcmp(buffer, zeroes, buf_size) != 0);
 }