Adding wolfEngine and README's

README.md

@@ -363,6 +363,10 @@ wolfProvider
 ------------
 To build wolfProvider view the instructions in this [README](recipes-wolfssl/wolfprovider/README.md)
 
+wolfEngine
+------------
+To build wolfEngine view the instructions in this [README](recipes-wolfssl/wolfengine/README.md)
+
 FIPS-READY
 ----------
 For building FIPS-Ready for wolfSSL view the instruction in this [README](recipes-wolfssl/wolfssl/fips-ready/README.md)

conf/layer.conf

@@ -101,6 +101,17 @@ BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
                                  '${LAYERDIR}/recipes-examples/wolfprovider/wolfprovidertest/*.bb', \
                                  '', d)}"
 
+BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
+                                 'wolfengine', \
+                                 '${LAYERDIR}/recipes-wolfssl/wolfengine/*.bb ${LAYERDIR}/recipes-wolfssl/wolfengine/*.bbappend', \
+                                 '', d)}"
+
+BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
+                                 'wolfenginetest', \
+                                 '${LAYERDIR}/recipes-examples/wolfengine/wolfenginetest/*.bb ${LAYERDIR}/recipes-examples/wolfengine/wolfenginetest/*.bbappend', \
+                                 '', d)}"
+
+
 
 # Uncomment if building bind with wolfSSL.
 #BBFILES += "${LAYERDIR}/recipes-connectivity/bind/*.bbappend"
@@ -169,6 +180,10 @@ BBFILES += "${@bb.utils.contains('WOLFTPM_TYPE', \
                                  '${LAYERDIR}/recipes-wolfssl/wolftpm/commercial/*.bbappend ${LAYERDIR}/recipes-wolfssl/wolftpm/commercial/commercial-details/*.bbappend', \
                                  '', d)}"
 
+BBFILES += "${@bb.utils.contains('WOLFENGINE_TYPE', \
+                                 'commercial', \
+                                 '${LAYERDIR}/recipes-wolfssl/wolfengine/commercial/*.bbappend ${LAYERDIR}/recipes-wolfssl/wolfengine/commercial/commercial-details/*.bbappend', \
+                                 '', d)}"
 
 # Versions of OpenEmbedded-Core which layer has been tested against
 LAYERSERIES_COMPAT_wolfssl = "sumo thud warrior zeus hardknott gatesgarth dunfell kirkstone nanbield"

recipes-examples/wolfengine/wolfenginetest/files/wolfengineenv.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Setup for libwolfprov.so
+mkdir -p /usr/lib/ssl-1.1/engines
+if [ ! -L /usr/lib/ssl-1.1/engines/libwolfprov.so ]; then
+    ln -s /usr/lib/libwolfengine.so.1.0.4 /usr/lib/ssl-1.1/engines/libwolfengine.so
+fi
+
+# Environment variables
+export OPENSSL_ENGINES=/usr/lib/ssl-1.1/engines
+export LD_LIBRARY_PATH=/usr/lib:/lib:$LD_LIBRARY_PATH
+
+echo "Programmatic Test"
+if wolfenginetest; then
+    echo "Passed!"
+else
+    echo "Failed!"
+    exit 1
+fi
+
+echo "Environment and configuration setup is complete. Tests executed."

recipes-examples/wolfengine/wolfenginetest/files/wolfenginetest.c

@@ -0,0 +1,138 @@
+/* engine_by_id_example.c
+ *
+ * Copyright (C) 2019-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfengine.
+ *
+ * wolfengine is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfengine is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <stdio.h>
+
+#include <openssl/engine.h>
+
+/* From https://www.openssl.org/docs/man3.0/man3/EVP_MD_CTX_new.html:
+ *
+ * The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to
+ * EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    #define EVP_MD_CTX_new  EVP_MD_CTX_create
+    #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
+int main()
+{
+    ENGINE* wolfEngine = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    const char* engineID = "libwolfengine";
+#else
+    const char* engineID = "wolfengine";
+#endif
+    unsigned char someData[] = {0xDE, 0xAD, 0xBE, 0xEF};
+    unsigned char digest[SHA256_DIGEST_LENGTH];
+    unsigned int digestBufLen = sizeof(digest);
+    EVP_MD_CTX *ctx;
+    const EVP_MD* sha256 = EVP_sha256();
+    const EVP_MD* md5 = EVP_md5();
+
+    /*
+     * Load OpenSSL's "dynamic" engine. This is an engine that loads other
+     * engines at runtime. It's used implicitly below to load wolfEngine.
+     */
+    ENGINE_load_dynamic();
+
+    /* 
+     * Load wolfEngine. libwolfengine.so must be located in the directory
+     * pointed to by environment variable OPENSSL_ENGINES for this to succeed.
+     * For example, if you just ran "make" in the wolfEngine source code
+     * directory, .libs/ should contain libwolfengine.so.
+     */
+    wolfEngine = ENGINE_by_id(engineID);
+    if (wolfEngine == NULL) {
+        fprintf(stderr, "ENGINE_by_id failed.\n");
+        return -1;
+    }
+
+    /*
+     * Turn on wolfEngine debug messages. These will print to stderr.
+     */
+    if (ENGINE_ctrl_cmd(wolfEngine, "enable_debug", 1, NULL, NULL, 0) != 1) {
+        fprintf(stderr, "ENGINE_ctrl_cmd enable_debug failed.\n");
+        return -1;
+    }
+
+    /* 
+     * Make wolfEngine the default engine for all algorithms it supports.
+     */
+    ENGINE_set_default(wolfEngine, ENGINE_METHOD_ALL);
+
+    /*
+     * Compute a digest/hash over the data in the "someData" buffer. wolfEngine
+     * provides SHA-256, and since it's the default engine for everything it
+     * provides, we should see wolfEngine debug messages print out. If you
+     * don't see those messages, make sure wolfEngine was built with
+     * --enable-debug (-DWOLFENGINE_DEBUG).
+     */
+    if ((ctx = EVP_MD_CTX_new()) == NULL) {
+        fprintf(stderr, "EVP_MD_CTX_new SHA-256 failed.\n");
+        return -1;
+    }
+    if (EVP_DigestInit(ctx, sha256) != 1) {
+        fprintf(stderr, "EVP_DigestInit SHA-256 failed.\n");
+        return -1;
+    }
+    if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) {
+        fprintf(stderr, "EVP_DigestUpdate SHA-256 failed.\n");
+        return -1;
+    }
+    if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) {
+        fprintf(stderr, "EVP_DigestFinal_ex SHA-256 failed.\n");
+        return -1;
+    }
+
+    EVP_MD_CTX_free(ctx);
+
+    /*
+     * MD5 is not considered a secure hash algorithm and isn't FIPS-approved.
+     * wolfEngine doesn't provide support for it. The digest computation below
+     * shouldn't print any wolfEngine debug messages. It will be handled by
+     * OpenSSL's non-FIPS-verified MD5 implementation.
+     */
+    if ((ctx = EVP_MD_CTX_new()) == NULL) {
+        fprintf(stderr, "EVP_MD_CTX_new MD5 failed.\n");
+        return -1;
+    }
+    if (EVP_DigestInit(ctx, md5) != 1) {
+        fprintf(stderr, "EVP_DigestInit MD5 failed.\n");
+        return -1;
+    }
+    if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) {
+        fprintf(stderr, "EVP_DigestUpdate MD5 failed.\n");
+        return -1;
+    }
+    if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) {
+        fprintf(stderr, "EVP_DigestFinal_ex MD5 failed.\n");
+        return -1;
+    }
+
+    EVP_MD_CTX_free(ctx);
+
+    ENGINE_free(wolfEngine);
+
+    printf("Everything worked!\n");
+
+    return 0;
+}

recipes-examples/wolfengine/wolfenginetest/wolfengine_%.bbappend

@@ -0,0 +1 @@
+EXTRA_OECONF += " --enable-debug "

recipes-examples/wolfengine/wolfenginetest/wolfenginetest.bb

@@ -0,0 +1,56 @@
+SUMMARY = "Test program for custom OpenSSL engine "
+DESCRIPTION = "Compiles and runs a test program to verify the functionality of the custom OpenSSL engine."
+HOMEPAGE = "https://www.wolfssl.com"
+SECTION = "examples"
+LICENSE = "CLOSED"
+LIC_FILES_CHKSUM = ""
+
+DEPENDS = "openssl pkgconfig-native wolfssl wolfengine"
+PROVIDES += "wolfenginetest"
+
+WOLFENGINE_TEST = "${bindir}/wolfenginetest"
+WOLFENGINE_ENV = "${bindir}/wolfenginetest"
+
+SRC_URI = "file://wolfenginetest.c \
+           file://wolfengineenv.sh \
+          "
+
+S = "${WORKDIR}"
+
+inherit pkgconfig
+
+do_compile() {
+    ${CC} ${WORKDIR}/wolfenginetest.c -o wolfenginetest \
+        ${CFLAGS} ${LDFLAGS} $(pkg-config --cflags --libs openssl) -ldl -lwolfssl -lwolfengine
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 0755 ${WORKDIR}/wolfenginetest ${D}${bindir}/wolfenginetest
+    install -m 0755 ${WORKDIR}/wolfengineenv.sh ${D}${bindir}/wolfengineenv
+    
+}
+
+
+python() {
+    distro_version = d.getVar('DISTRO_VERSION', True)
+    wolfengine_test = d.getVar('WOLFENGINE_TEST', True)    
+    wolfengine_env = d.getVar('WOLFENGINE_ENV', True)    
+    pn = d.getVar('PN', True)
+    if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
+        files_var_name = 'FILES_' + pn
+    else:
+        files_var_name = 'FILES:' + pn
+    
+       
+    current_files = d.getVar(files_var_name, True) or ""
+    new_files = current_files + ' ' + wolfengine_test + ' ' + wolfengine_env
+    d.setVar(files_var_name, new_files)
+
+    rdepends_var_name = 'RDEPENDS_' + pn if (distro_version.startswith('2.') or distro_version.startswith('3.')) else 'RDEPENDS:' + pn
+
+    current_rdepends = d.getVar(rdepends_var_name, True) or ""
+    new_rdepends = current_rdepends + " bash"
+    d.setVar(rdepends_var_name, new_rdepends) 
+
+}

recipes-wolfssl/wolfengine/README.md

@@ -0,0 +1,71 @@
+# wolfEngine
+
+The `wolfengine` recipe enables the integration of wolfSSL's cryptographic functionalities into OpenSSL through a custom engine mechanism. This integration allows applications using OpenSSL to leverage wolfSSL's advanced cryptographic algorithms, combining wolfSSL's lightweight and performance-optimized cryptography with OpenSSL's extensive API and capabilities. `wolfengine` is designed for easy integration into Yocto-based systems, ensuring a seamless blend of security and performance ideal for embedded and constrained environments.
+
+## Getting Started
+
+### Prerequisites
+
+- A functioning Yocto Project environment (Dunfell or earlier recommended)
+- OpenSSL versions 1.x.x, supporting the engine interface (Come by default with Dunfell or earlier)
+- Access to the `meta-wolfssl` repository
+
+### Integrating wolfengine with Yocto
+
+1. **Clone the meta-wolfssl repository**:
+
+    Clone the `meta-wolfssl` repository into your Yocto project's sources directory if not already included in your project.
+
+    ```sh
+    git clone https://github.com/wolfSSL/meta-wolfssl.git
+    ```
+
+2. **Include meta-wolfssl in your bblayers.conf**:
+
+    Add `meta-wolfssl` to your `bblayers.conf` file to incorporate it into your build environment.
+
+    ```bitbake
+    BBLAYERS ?= " \
+      ...
+      /path/to/meta-wolfssl \
+      ...
+    "
+    ```
+
+3. **Add wolfengine to your image**:
+
+    Modify your image recipe or `local.conf` file to include `wolfengine`, `wolfssl`, `openssl`, `openssl-bin`, and `wolfenginetest`. You will only need `openssl-bin` and `wolfenginetest` if you want to use and test with our included example and conf file.
+
+    ```bitbake
+    IMAGE_INSTALL += "wolfengine wolfssl openssl openssl-bin wolfenginetest"
+    ```
+
+4. **Build Your Image**:
+
+    With the `meta-wolfssl` layer added and the necessary packages included in your image configuration, proceed to build your Yocto image as usual.
+
+    ```sh
+    bitbake <your_image_recipe_name>
+    ```
+
+### Testing wolfengine
+
+After building and deploying your image to the target device, you can test `wolfengine` functionality through the `wolfengineenv` script.
+
+1. **Execute the wolfengineenv Script**:
+
+    `wolfengineenv` is located in `/usr/bin`, so just execute the script upon entering into your terminal.
+
+    ```sh
+    wolfengineenv
+    ```
+
+    The script performs necessary setup actions, executes `wolfenginetest` to validate the integration.
+
+2. **Expected Output**:
+
+    Look for messages indicating a successful environment setup, and execution of `wolfenginetest`.
+
+### Documentation and Support
+
+For further information about `wolfengine` and `wolfssl`, visit the [wolfSSL Documentation](https://www.wolfssl.com/docs/) and the [wolfEngine Github](https://www.github.com/wolfSSL/wolfengine). If you encounter issues or require support regarding the integration of `wolfengine` with Yocto, feel free to reach out through [wolfSSL Support](support@wolfssl.com).

recipes-wolfssl/wolfengine/commercial/commercial-details/wolfengine_%.bbappend

@@ -0,0 +1,14 @@
+#Adjust these as needed
+WOLFENGINE_VERSION=""
+
+WOLF_LICENSE="WolfSSL_LicenseAgmt_JAN-2022.pdf"
+WOLF_LICENSE_MD5="be28609dc681e98236c52428fadf04dd"
+WOLF_SRC=""
+WOLF_SRC_SHA=""
+WOLF_SRC_PASS=""
+
+#Do not adjust these variables
+PR = "commercial"
+PV = "${WOLFENGINE_VERSION}"
+
+BBFILE_PRIORITY='1'

recipes-wolfssl/wolfengine/commercial/files/README.md

@@ -0,0 +1,12 @@
+# Directory for Commerical wolfEngine 7Zip Archives
+
+## Overview
+
+This directory is designated for storing commercially licensed 7Zip archives of wolfEngine.
+
+## Contact Information
+
+For questions regarding obtaining a licensed version of wolfEngine,
+please contact wolfSSL Inc. directly at:
+
+Email: support@wolfssl.com

recipes-wolfssl/wolfengine/commercial/wolfengine_%.bbappend

@@ -0,0 +1,30 @@
+BBFILE_PRIORITY='2'
+COMMERCIAL_CONFIG_DIR := "${@os.path.dirname(d.getVar('FILE', True))}"
+LICENSE="Proprietary"                                                           
+LIC_FILES_CHKSUM="file://${WOLF_LICENSE};md5=${WOLF_LICENSE_MD5}"
+
+SRC_URI="file://${COMMERCIAL_CONFIG_DIR}/files/${WOLF_SRC}.7z"
+SRC_URI[sha256sum]="${WOLF_SRC_SHA}"
+
+DEPENDS += "p7zip-native"
+
+S = "${WORKDIR}/${WOLF_SRC}"
+
+do_unpack[depends] += "p7zip-native:do_populate_sysroot"
+
+do_unpack() {
+    cp -f "${FILE_DIRNAME}/commercial/files/${WOLF_SRC}.7z" "${WORKDIR}"
+    7za x "${WORKDIR}/${WOLF_SRC}.7z" -p"${WOLF_SRC_PASS}" -o"${WORKDIR}" -aoa
+}
+
+
+python() {
+    distro_version = d.getVar('DISTRO_VERSION', True)
+    autogen_create = 'echo -e "#!/bin/sh\nexit 0" > ${S}/autogen.sh && chmod +x ${S}/autogen.sh'
+    if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
+        # For Dunfell and earlier
+        d.appendVar('do_configure_prepend', autogen_create)
+    else:
+        # For Kirkstone and later
+        d.appendVar('do_configure:prepend', autogen_create)
+}

recipes-wolfssl/wolfengine/openssl_1.%.bbappend

@@ -0,0 +1 @@
+EXTRA_OECONF += " shared "

recipes-wolfssl/wolfengine/wolfengine_1.4.0.bb

@@ -0,0 +1,42 @@
+SUMMARY = "wolfEngine is a cryptography engine for openSSL versions 1.X.X"
+DESCRIPTION = "wolfEngine is an OpenSSL 1.X.X engine backed by wolfSSL's wolfCrypt cryptography library."
+HOMEPAGE = "https://github.com/wolfSSL/wolfEngine"
+BUGTRACKER = "https://github.com/wolfSSL/wolfEngine/issues"
+SECTION = "libs"
+LICENSE = "GPL-3.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+DEPENDS += "util-linux-native"
+
+PROVIDES += "wolfengine"
+
+SRC_URI = "git://github.com/wolfssl/wolfengine.git;nobranch=1;protocol=https;rev=02c18e78d59c1e5a029c171a3879e99a145737ca"
+
+
+S = "${WORKDIR}/git"
+
+DEPENDS += " wolfssl \
+            openssl \
+            "
+
+inherit autotools pkgconfig
+
+OPENSSL_YOCTO_DIR = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/openssl/usr"
+WOLFSSL_YOCTO_DIR = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/wolfssl/usr"
+
+
+# Approach: Use Python to dynamically set function content based on Yocto version
+python() {
+    distro_version = d.getVar('DISTRO_VERSION', True)
+    autogen_command = "cd ${S}; ./autogen.sh"
+    if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
+        # For Dunfell and earlier
+        d.appendVar('do_configure_prepend', autogen_command)
+    else:
+        # For Kirkstone and later
+        d.appendVar('do_configure:prepend', autogen_command)
+}
+
+CFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
+CXXFLAGS += " -I${S}/include  -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
+LDFLAGS += " -Wl,--build-id=none"
+EXTRA_OECONF += " --with-openssl=${OPENSSL_YOCTO_DIR} --with-wolfssl=${WOLFSSL_YOCTO_DIR} "

recipes-wolfssl/wolfengine/wolfssl_%.bbappend

@@ -0,0 +1,13 @@
+
+python() {
+    # Get the package revision (PR) for wolfssl
+    wolfssl_pr = d.getVar('PR', True)
+
+    # Based on the revision, conditionally append to EXTRA_OECONF
+    if wolfssl_pr == 'commerical.fips':
+        d.appendVar('EXTRA_OECONF', ' --enable-engine=fips-v5')
+    elif wolfssl_pr == 'fipsReady':
+        d.appendVar('EXTRA_OECONF', ' --enable-engine=fips-ready')
+    else:
+        d.appendVar('EXTRA_OECONF', ' --enable-engine=no-fips')
+}

recipes-wolfssl/wolfprovider/wolfprovider_0.0.1.bb

@@ -1,9 +1,9 @@
-SUMMARY = "wolfSSL Lightweight Embedded SSL/TLS Library"
-DESCRIPTION = "wolfSSL is a lightweight SSL/TLS library written in C and optimized for embedded and RTOS environments. It supports a full TLS client and server, up to TLS 1.3."
-HOMEPAGE = "https://www.wolfssl.com/products/wolfssl/"
-BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues"
+SUMMARY = "wolfProvider is a Proivder designed for Openssl 3.X.X"
+DESCRIPTION = "wolfProvider is a library that can be used as an Provider in OpenSSL"
+HOMEPAGE = "https://github.com/wolfSSL/wolfProvider"
+BUGTRACKER = "https://github.com/wolfSSL/wolfProvider/issues"
 SECTION = "libs"
-LICENSE = "GPL-2.0-only"
+LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 DEPENDS += "util-linux-native"