openssl: modify patch to load pkcs11 engine instead of cryptochip engine

The previous patch was outdated, but now that we have a working PKCS11 engine and the cryptochip supports it, update the patch with the new engine info. https://jira.digi.com/browse/DEL-6835 Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
2019-11-12 12:01:23 +01:00 · 2019-11-12 12:01:23 +01:00 · f6697af5d1
parent 3e8321b63c
commit f6697af5d1
3 changed files with 41 additions and 42 deletions
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-Modify-openssl.cnf-to-automatically-load-the-cryptoc.patch
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-Modify-openssl.cnf-to-automatically-load-the-cryptoc.patch
@ -1,41 +0,0 @@
-From: Arturo Buzarra <arturo.buzarra@digi.com>
-Date: Thu, 31 Jan 2019 18:01:02 +0100
-Subject: [PATCH] Modify openssl.cnf to automatically load the cryptochip
- engine
-
-https://jira.digi.com/browse/DEL-5592
-
-Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
-Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
- apps/openssl.cnf | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 6df2878d50..762582f4d0 100644
--- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -3,6 +3,8 @@
- # This is mostly being used for generation of certificate requests.
- #
-
-+openssl_conf = openssl_init
-+
- # Note that you can include other files from the main configuration
- # file using the .include directive.
- #.include filename
-@@ -348,3 +350,14 @@ ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
- 				# (optional, default: no)
- ess_cert_id_alg		= sha1	# algorithm to compute certificate
- 				# identifier (optional, default: sha1)
-+
-+[ openssl_init ]
-+engines = engine_section
-+
-+[ engine_section ]
-+ateccx08 = ateccx08_config
-+
-+[ ateccx08_config ]
-+engine_id = ateccx08
-+dynamic_path = /usr/lib/ssl/engines/libateccssl.so
-+init = 0
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-Modify-openssl.cnf-to-automatically-load-the-pkcs11-.patch
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl/0001-Modify-openssl.cnf-to-automatically-load-the-pkcs11-.patch
@ -0,0 +1,40 @@
+From: Gabriel Valcazar <gabriel.valcazar@digi.com>
+Date: Tue, 12 Nov 2019 12:00:07 +0100
+Subject: [PATCH] Modify openssl.cnf to automatically load the pkcs11 engine
+
+https://jira.digi.com/browse/DEL-6835
+
+Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
+---
+ apps/openssl.cnf | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/apps/openssl.cnf b/apps/openssl.cnf
+index 4acca4b..2261048 100644
+--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
+@@ -7,6 +7,8 @@
+ # file using the .include directive.
+ #.include filename
+ 
+openssl_conf = openssl_init
+
+ # This definition stops the following lines choking if HOME isn't
+ # defined.
+ HOME			= .
+@@ -348,3 +350,15 @@ ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+ 				# (optional, default: no)
+ ess_cert_id_alg		= sha1	# algorithm to compute certificate
+ 				# identifier (optional, default: sha1)
+
+[ openssl_init ]
+engines = engine_section
+
+[ engine_section ]
+pkcs11 = pkcs11_config
+
+[ pkcs11_config ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines-1.1/pkcs11.so
+MODULE_PATH = /usr/lib/libcryptoauth.so.2018.10.26
+init = 0
--- a/meta-digi-dey/recipes-connectivity/openssl/openssl_%.bbappend
+++ b/meta-digi-dey/recipes-connectivity/openssl/openssl_%.bbappend
@ -3,7 +3,7 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"

 CRYPTOCHIP_COMMON_PATCHES = " \
-    file://0001-Modify-openssl.cnf-to-automatically-load-the-cryptoc.patch \
+    file://0001-Modify-openssl.cnf-to-automatically-load-the-pkcs11-.patch \
 "

 SRC_URI_remove = " \