4 files changed, 48 insertions, 66 deletions

diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index 6f23490c87..f90088aab7 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -3,3 +3,4 @@ export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
 export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
 export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
 export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
+export BB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS SSL_CERT_DIR SSL_CERT_FILE OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch b/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch
new file mode 100644
index 0000000000..e398d1074a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch
@@ -0,0 +1,43 @@
+From 725b1530456545e8511adc9cbdd265309dffad53 Mon Sep 17 00:00:00 2001
+From: Hongren Zheng <i@zenithal.me>
+Date: Fri, 26 Apr 2024 06:03:43 +0000
+Subject: [PATCH] Implement riscv_vlen_asm for riscv32
+
+riscvcap.c: undefined reference to 'riscv_vlen_asm'
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/pull/24270]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ crypto/riscv32cpuid.pl | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/crypto/riscv32cpuid.pl b/crypto/riscv32cpuid.pl
+index 20694e7..ac1c043 100644
+--- a/crypto/riscv32cpuid.pl
++++ b/crypto/riscv32cpuid.pl
+@@ -84,5 +84,22 @@ OPENSSL_cleanse:
+ ___
+ }
+ 
++{
++my ($ret) = ('a0');
++$code .= <<___;
++################################################################################
++# size_t riscv_vlen_asm(void)
++# Return VLEN (i.e. the length of a vector register in bits).
++.p2align 3
++.globl riscv_vlen_asm
++.type riscv_vlen_asm,\@function
++riscv_vlen_asm:
++    csrr $ret, vlenb
++    slli $ret, $ret, 3
++    ret
++.size riscv_vlen_asm,.-riscv_vlen_asm
++___
++}
++
+ print $code;
+ close STDOUT or die "error closing STDOUT: $!";
+-- 
+2.45.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch
deleted file mode 100644
index 748576c30c..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/bti.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001
-From: Tom Cosgrove <tom.cosgrove@arm.com>
-Date: Tue, 26 Mar 2024 13:18:00 +0000
-Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
-
-In Arm systems where BTI is enabled but the Crypto extensions are not (more
-likely in FVPs than in real hardware), the bit-sliced assembler code will
-be used. However, this wasn't annotated with BTI instructions when BTI was
-enabled, so the moment libssl jumps into this code it (correctly) aborts.
-
-Solve this by adding the missing BTI landing pads.
-
-Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- crypto/aes/asm/bsaes-armv8.pl | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl
-index b3c97e439f..c3c5ff3e05 100644
---- a/crypto/aes/asm/bsaes-armv8.pl
-+++ b/crypto/aes/asm/bsaes-armv8.pl
-@@ -1018,6 +1018,7 @@ _bsaes_key_convert:
- //   Initialisation vector overwritten with last quadword of ciphertext
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_cbc_encrypt:
-+        AARCH64_VALID_CALL_TARGET
-         cmp     x2, #128
-         bhs     .Lcbc_do_bsaes
-         b       AES_cbc_encrypt
-@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt:
- //   Output text filled in
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_ctr32_encrypt_blocks:
--
-+        AARCH64_VALID_CALL_TARGET
-         cmp     x2, #8                      // use plain AES for
-         blo     .Lctr_enc_short             // small sizes
- 
-@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
- //   Output ciphertext filled in
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_xts_encrypt:
-+        AARCH64_VALID_CALL_TARGET
-         // Stack layout:
-         // sp ->
-         //        nrounds*128-96 bytes: key schedule
-@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt:
- //   Output plaintext filled in
- //   No output registers, usual AAPCS64 register preservation
- ossl_bsaes_xts_decrypt:
-+        AARCH64_VALID_CALL_TARGET
-         // Stack layout:
-         // sp ->
-         //        nrounds*128-96 bytes: key schedule
--- 
-2.34.1
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.3.0.bb b/meta/recipes-connectivity/openssl/openssl_3.3.1.bb
index 2cdaf4c75d..a8746842b2 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.3.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.3.1.bb
@@ -12,14 +12,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
            file://0001-Added-handshake-history-reporting-when-test-fails.patch \
-           file://bti.patch \
+           file://0001-Implement-riscv_vlen_asm-for-riscv32.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "53e66b043322a606abf0087e7699a0e033a37fa13feb9742df35c3a33b18fb02"
+SRC_URI[sha256sum] = "777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -136,16 +136,12 @@ do_configure () {
                 ;;
         esac
 
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi
         # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
         # environment variables set by bitbake. Adjust the environment variables instead.
         PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
         test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
         HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
-        perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
+        perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target
         perl ${B}/configdata.pm --dump
 }
 
@@ -181,7 +177,7 @@ do_install:append:class-native () {
 
 do_install:append:class-nativesdk () {
         mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
-        install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+        install -m 644 ${UNPACKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
         sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
 }