diff options
| author | David Benjamin <davidben@google.com> | 2023-07-14 16:30:43 -0400 |
|---|---|---|
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-07-18 19:46:50 +0000 |
| commit | 5ba5db1a29ef54dc3ee2efbc5bdb3d95b77fc928 (patch) | |
| tree | f8591cde74a9e6c302fa400b5bc734814d2b2736 /decrepit | |
| parent | cb974884b68b7b2001dfcd8f46c446c0ff8c6336 (diff) | |
| download | boringssl-5ba5db1a29ef54dc3ee2efbc5bdb3d95b77fc928.zip boringssl-5ba5db1a29ef54dc3ee2efbc5bdb3d95b77fc928.tar.gz boringssl-5ba5db1a29ef54dc3ee2efbc5bdb3d95b77fc928.tar.bz2 | |
Support Android's "baremetal" target
This corresponds to the libcrypto_baremetal build target in Android,
which is an embedded-style platform that uses a subset of the bionic
libc. It will also, eventually, use getentropy for its PRNG.
As part of this, generalize the OPENSSL_TRUSTY exclusion for file BIOs
to OPENSSL_NO_FILESYSTEM. Upstream OpenSSL uses OPENSSL_NO_STDIO, but
that excludes all of FILE entirely. We already require FILE in quite a
few places (urandom.c, self_test.c) for writing to stderr, and FILE is
part of C standard library. So, let's tentatively say that we require
you have FILE and stderr.
Instead, OPENSSL_NO_FILESYSTEM is saying you don't have fopen. You're
still required to have the three std{in,out,err} FILEs, and given a
FILE, you need to allow the standard operations on it. (Possibly in
forms that always fail.)
To keep us honest, whenever a function is excluded, I've dropped it from
the header too, and followed callers up the chain. I have not attempted
to make the tests work when these are excluded. Later CLs in this series
will do the same for NO_SOCK and NO_POSIX_IO. This was a little tedious,
but not too bad.
(I assume we'll end up changing our minds on this a lot. For now, let's
try this.)
I haven't yet restored OPENSSL_RAND_TRUSTY or removed the OPENSSL_TRUSTY
ifdef on file.c. Having a separate CL makes it a bit easier to revert if
something goes wrong.
This depends on
https://android-review.googlesource.com/c/platform/bionic/+/2659335,
which fixes the header bionic uses for getentropy.
Bug: 629, b:291102972
Change-Id: Idd839cd3fa4253128de54bd1be7da261dbcdeb7c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61726
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Diffstat (limited to 'decrepit')
| -rw-r--r-- | decrepit/ssl/ssl_decrepit.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/decrepit/ssl/ssl_decrepit.c b/decrepit/ssl/ssl_decrepit.c index a155c0f..c6df9a1 100644 --- a/decrepit/ssl/ssl_decrepit.c +++ b/decrepit/ssl/ssl_decrepit.c @@ -110,7 +110,8 @@ #include <openssl/ssl.h> -#if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_PNACL) +#if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_PNACL) && \ + !defined(OPENSSL_NO_FILESYSTEM) #include <dirent.h> #include <errno.h> @@ -162,4 +163,4 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, return ret; } -#endif // !WINDOWS && !PNACL +#endif // !WINDOWS && !PNACL && !OPENSSL_NO_FILESYSTEM |