From 1ee79374727224129f47c56115b18dea4edbd553 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Thu, 27 Jan 2022 16:54:17 +0000 Subject: [PATCH] arm/trusted-firmware-m: set OpenSSL provider path imgtool from mcuboot uses python3-cryptography-native, and the latest python3-cryptography explicitly loads the legacy provider, which is a separate shared object in OpenSSL 3. The search path for providers is hard-coded into the library so the wrong path is searched and the module is not found. Set OPENSSL_MODULES so the right path, so that the legacy module is found. In the future we may be able to be removed this if the explict use of legacy algorithms is removed (https://github.com/pyca/cryptography/issues/6809). This also means we can remove the downgrades of python3-crytography that were being carried in meta-arm. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --- .../trusted-firmware-m/trusted-firmware-m_1.5.0.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.5.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.5.0.bb index 302fd2cd..c0eee5cc 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.5.0.bb +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.5.0.bb @@ -97,6 +97,10 @@ LDFLAGS[unexport] = "1" AS[unexport] = "1" LD[unexport] = "1" +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + # TF-M ships patches that it needs applied to mbedcrypto, so apply them # as part of do_patch. apply_local_patches() {