Wolfprovider: enable replace-default builds and other cleanup

padelsbach · padelsbach · commit 1757f109571c · 2025-11-07T09:36:59.000-08:00
diff --git a/conf/layer.conf b/conf/layer.conf
@@ -101,6 +101,9 @@ BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
 # Uncomment if building OpenSSH with wolfSSL.
 #BBFILES += "${LAYERDIR}/recipes-connectivity/openssh/*.bbappend"
 
+# Uncomment if building OpenSSL with wolfProvider.
+BBFILES += "${LAYERDIR}/recipes-connectivity/openssl/*.bbappend"
+
 # Uncomment if building rsyslog with wolfSSL.
 #BBFILES += "${LAYERDIR}/recipes-extended/rsyslog/*.bbappend"
 
diff --git a/recipes-connectivity/openssl/openssl_%.bbappend b/recipes-connectivity/openssl/openssl_%.bbappend
@@ -0,0 +1,28 @@
+
+# Apply wolfProvider metadata to the OpenSSL version
+do_configure:prepend() {
+    echo "Injecting BUILD_METADATA into VERSION.dat"
+    sed -i 's/BUILD_METADATA=.*/BUILD_METADATA=wolfProvider/g' ${S}/VERSION.dat
+    if echo "${IMAGE_FEATURES}" | grep -qw "fips"; then
+        sed -i 's/BUILD_METADATA=.*/BUILD_METADATA=wolfProvider-fips/g' ${S}/VERSION.dat
+    fi
+    sed -i "s/RELEASE_DATE=.*/RELEASE_DATE=$(date --iso-8601=minutes)/g" ${OPENSSL_SOURCE_DIR}/VERSION.dat
+}
+
+# This patched version of openssl requires that libwolfprov is also in the build
+# Target-only; do not affect -native or -nativesdk
+RDEPENDS:libcrypto3:append:class-target = " libwolfprov"
+
+# Apply the replace-default patch
+SRC_URI:append = " \
+    git://github.com/wolfSSL/wolfProvider.git;protocol=https;nobranch=1;rev=v1.1.0;destsuffix=git/wolfProvider \
+"
+
+python do_patch:append() {
+    import subprocess
+    bb.note("Applying wolfProvider patch (Python form)")
+    subprocess.run(
+        ["patch", "-d", d.getVar("S"), "-p1",
+         "-i", f"{d.getVar('WORKDIR')}/git/wolfProvider/patches/openssl3-replace-default.patch"],
+        check=True)
+}
diff --git a/recipes-wolfssl/wolfprovider/wolfprovider_1.1.0.bb b/recipes-wolfssl/wolfprovider/wolfprovider_1.1.0.bb
@@ -1,5 +1,5 @@
-SUMMARY = "wolfProvider is a Proivder designed for Openssl 3.X.X"
-DESCRIPTION = "wolfProvider is a library that can be used as an Provider in OpenSSL"
+SUMMARY = "wolfProvider is a Provider designed for Openssl 3.X.X"
+DESCRIPTION = "wolfProvider is a crypto backend interface for use as an OpenSSL Provider"
 HOMEPAGE = "https://github.com/wolfSSL/wolfProvider"
 BUGTRACKER = "https://github.com/wolfSSL/wolfProvider/issues"
 SECTION = "libs"
@@ -10,7 +10,7 @@ DEPENDS += "util-linux-native"
 PROVIDES += "wolfprovider"
 RPROVIDES_${PN} = "wolfprovider"
 
-SRC_URI = "git://github.com/wolfssl/wolfProvider.git;nobranch=1;protocol=https;rev=22f358498eadb4f91b2ce8d23045dafec6bcbb38"
+SRC_URI = "git://github.com/wolfssl/wolfProvider.git;nobranch=1;protocol=https;rev=v1.1.0"
 
 DEPENDS += " wolfssl \
             openssl \
diff --git a/recipes-wolfssl/wolfprovider/wolfssl_%.bbappend b/recipes-wolfssl/wolfprovider/wolfssl_%.bbappend
@@ -1,3 +1,3 @@
 EXTRA_OECONF += " --enable-opensslcoexist --enable-cmac --enable-keygen --enable-sha --enable-des3 --enable-aesctr --enable-aesccm --enable-x963kdf --enable-compkey --enable-certgen --enable-aeskeywrap --enable-enckeys --enable-base16 "
-CPPFLAGS += " -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DHAVE_PUBLIC_FFDHE -DWOLFSSL_DH_EXTRA -DRSA_MIN_SIZE=1024"
-CPPFLAGS += " ${@'-DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER' if d.getVar('WOLFSSL_TYPE') not in ("fips", "fips-ready") else ''}"
+CFLAGS += " -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DHAVE_PUBLIC_FFDHE -DWOLFSSL_DH_EXTRA -DRSA_MIN_SIZE=1024"
+CFLAGS += " ${@'-DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER' if d.getVar('WOLFSSL_TYPE') not in ("fips", "fips-ready") else ''}"
