3 files changed, 62 insertions, 52 deletions

diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider/0001-Fix-types-for-old-32-bit-systems.patch b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider/0001-Fix-types-for-old-32-bit-systems.patch
deleted file mode 100644
index 189a0e21b3..0000000000
--- a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider/0001-Fix-types-for-old-32-bit-systems.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 088f038de633b5de777fb0f95cd9598f320151f6 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Wed, 5 Jun 2024 11:22:35 -0400
-Subject: [PATCH] Fix types for old 32 bit systems
-
-On x86 CK_ULONG and size_t have different sizes, ensure we use
-compatible types on our helper functions.
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
-Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
----
-Upstream-Status: Backport [https://github.com/latchset/pkcs11-provider/commit/9fa16b7fd398b62f06cb10892fe93dc574d67399]
-
- src/asymmetric_cipher.c | 4 ++--
- src/util.h              | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/asymmetric_cipher.c b/src/asymmetric_cipher.c
-index 4d87b1c..3256fd2 100644
---- a/src/asymmetric_cipher.c
-+++ b/src/asymmetric_cipher.c
-@@ -251,12 +251,12 @@ static int p11prov_rsaenc_decrypt_init(void *ctx, void *provkey,
- static int
- p11prov_tls_constant_time_depadding(struct p11prov_rsaenc_ctx *encctx,
-                                     unsigned char *out, unsigned char *buf,
--                                    size_t *out_size, CK_ULONG *ret_cond)
-+                                    CK_ULONG *out_size, CK_ULONG *ret_cond)
- {
-     unsigned char randbuf[SSL_MAX_MASTER_KEY_LENGTH];
-     CK_ULONG ver_cond = 0;
-     CK_ULONG cond = 0;
--    size_t length = SSL_MAX_MASTER_KEY_LENGTH;
-+    CK_ULONG length = SSL_MAX_MASTER_KEY_LENGTH;
-     int err;
- 
-     /* always generate a random buffer, to constant_time swap in
-diff --git a/src/util.h b/src/util.h
-index bcbc2db..1b24666 100644
---- a/src/util.h
-+++ b/src/util.h
-@@ -120,7 +120,7 @@ static inline int constant_select_int(CK_ULONG cond, int a, int b)
-     return (int)((A & mask) | (B & ~mask));
- }
- 
--static inline void constant_select_buf(CK_ULONG cond, size_t size,
-+static inline void constant_select_buf(CK_ULONG cond, CK_ULONG size,
-                                        unsigned char *dst, unsigned char *a,
-                                        unsigned char *b)
- {
diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider/0001-meson-add-option-to-allow-override-default-default_p.patch b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider/0001-meson-add-option-to-allow-override-default-default_p.patch
new file mode 100644
index 0000000000..5181862f0c
--- /dev/null
+++ b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider/0001-meson-add-option-to-allow-override-default-default_p.patch
@@ -0,0 +1,53 @@
+From 5031b867f5406f14b23ed01f4d68bc9acb073491 Mon Sep 17 00:00:00 2001
+From: Ayoub Zaki <ayoub.zaki@embetrix.com>
+Date: Wed, 22 Jan 2025 13:36:36 +0100
+Subject: [PATCH] meson: add option to allow override default
+ default_pkcs11_module
+
+Upstream-Status: Submitted [https://github.com/latchset/pkcs11-provider/pull/511]
+Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
+---
+ meson.build       | 11 ++++++++---
+ meson_options.txt |  6 ++++++
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index b3912cb..e7cf2d3 100644
+--- a/meson.build
++++ b/meson.build
+@@ -67,10 +67,15 @@ if host_machine.endian() == 'big'
+ endif
+ 
+ p11_kit = dependency('p11-kit-1', required: false)
+-if p11_kit.found()
+-  default_pkcs11_module = p11_kit.get_variable(pkgconfig: 'proxy_module')
+-  conf.set_quoted('DEFAULT_PKCS11_MODULE', default_pkcs11_module)
++default_pkcs11_module = get_option('default_pkcs11_module')
++if default_pkcs11_module == 'no'
++  if p11_kit.found()
++    default_pkcs11_module = p11_kit.get_variable(pkgconfig: 'proxy_module')
++  else
++    error('default_pkcs11_module is empty')
++  endif
+ endif
++conf.set_quoted('DEFAULT_PKCS11_MODULE', default_pkcs11_module)
+ 
+ headers = [
+   'dlfcn.h',
+diff --git a/meson_options.txt b/meson_options.txt
+index 7e7b9be..1306639 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -2,3 +2,9 @@ option('preload_libasan',
+        type: 'string',
+        value: 'no',
+        description: 'Path to libasan.so to preload')
++
++
++option('default_pkcs11_module',
++    type : 'string',
++    value : 'no',
++    description : 'Path to the default PKCS11 module')
+-- 
+2.43.0
+
diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_0.5.bb b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_0.6.bb
index fcd8fe631e..1644335415 100644
--- a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_0.5.bb
+++ b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_0.6.bb
@@ -10,16 +10,22 @@ HOMEPAGE = "https://github.com/latchset/pkcs11-provider"
 SECTION = "libs"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b53b787444a60266932bd270d1cf2d45"
-DEPENDS = "openssl"
+DEPENDS = "\
+    openssl \
+    p11-kit \
+"
 
-SRCREV = "3a4fdd2a2e5643af2a0f857b66a19b9fa109d40f"
+SRCREV = "93bd41c505cf54dc1ecef6c963df347b9f4abf6d"
 
 SRC_URI = "git://github.com/latchset/${BPN}.git;branch=main;protocol=https \
-    file://0001-Fix-types-for-old-32-bit-systems.patch \
+    file://0001-meson-add-option-to-allow-override-default-default_p.patch \
 "
 
 S = "${WORKDIR}/git"
 
 inherit meson pkgconfig
 
+# Overwrite default pkcs11 module path
+#EXTRA_OEMESON += "-Ddefault_pkcs11_module=/path/to/mymodule.so"
+
 FILES:${PN} += "${libdir}/ossl-modules/pkcs11.so"