WolfSSL
/
meta-wolfssl
mirror of https://github.com/wolfSSL/meta-wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Adding wolfprovider recipes and a usage example/test, also added a README for wolfprovider.

pull/83/head
msi-debian 2024-03-23 22:15:06 -06:00 committed by night1rider
parent 0636b25a6e
commit 6cd42f1457
9 changed files with 233 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -359,6 +359,10 @@ to add a DNS server to /etc/resolv.conf like such with root perms
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
```
wolfProvider
------------
To build wolfProvider view the instructions in this [README](recipes-wolfssl/wolfprovider/README.md)
FIPS-READY
----------
For building FIPS-Ready for wolfSSL view the instruction in this [README](recipes-wolfssl/wolfssl/fips-ready/README.md)

10
conf/layer.conf
View File

@ -91,6 +91,16 @@ BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'', d)}"
BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'wolfprovider', \
'${LAYERDIR}/recipes-wolfssl/wolfprovider/*.bb ${LAYERDIR}/recipes-wolfssl/wolfprovider/*.bbappend', \
'', d)}"
BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'wolfprovidertest', \
'${LAYERDIR}/recipes-examples/wolfprovider/wolfprovidertest/*.bb', \
'', d)}"
# Uncomment if building bind with wolfSSL.
#BBFILES += "${LAYERDIR}/recipes-connectivity/bind/*.bbappend"

43
recipes-examples/wolfprovider/wolfprovidertest/files/wolfproviderenv.sh 100644
View File

@ -0,0 +1,43 @@
#!/bin/bash
# Setup for libwolfprov.so
mkdir -p /usr/lib/ssl-3/modules
if [ ! -L /usr/lib/ssl-3/modules/libwolfprov.so ]; then
ln -s /usr/lib/libwolfprov.so.0.0.0 /usr/lib/ssl-3/modules/libwolfprov.so
fi
# Environment variables
export OPENSSL_MODULES=/usr/lib/ssl-3/modules
export LD_LIBRARY_PATH=/usr/lib:/lib:$LD_LIBRARY_PATH
# Configuration for wolfprovider
mkdir -p /opt/wolfprovider-configs
cat > /opt/wolfprovider-configs/wolfprovider.conf <<EOF
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
libwolfprov = libwolfprov_sect
[libwolfprov_sect]
activate = 1
EOF
export OPENSSL_CONF="/opt/wolfprovider-configs/wolfprovider.conf"
# Execute the test program, assuming it's located in the same directory as this script
# Adjust the path as necessary depending on where the binary ends up
echo "Programmatic Test"
if wolfprovidertest; then
echo "Passed!"
else
echo "Failed!"
exit 1
fi
echo "OpenSSL Conf Test"
openssl list -providers -verbose
echo "Environment and configuration setup is complete. Tests executed."

15
recipes-examples/wolfprovider/wolfprovidertest/files/wolfprovidertest.c 100644
View File

@ -0,0 +1,15 @@
#include <stdio.h>
#include <stdlib.h>
#include <openssl/provider.h>
#include <openssl/err.h>
int main(void) {
OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, "libwolfprov");
if (!prov) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
printf("Custom provider 'libwolfprov' loaded successfully.\n");
OSSL_PROVIDER_unload(prov);
return 0;
}

46
recipes-examples/wolfprovider/wolfprovidertest/wolfprovidertest.bb 100644
View File

@ -0,0 +1,46 @@
SUMMARY = "Test program for custom OpenSSL provider 'libwolfprov'"
DESCRIPTION = "Compiles and runs a test program to verify the functionality of the custom OpenSSL provider libwolfprov."
HOMEPAGE = "https://www.wolfssl.com"
SECTION = "examples"
LICENSE = "CLOSED"
LIC_FILES_CHKSUM = ""
DEPENDS = "openssl pkgconfig-native wolfssl wolfprovider"
PROVIDES += "wolfprovidertest"
RPROVIDES_${PN} = "wolfprovidertest"
SRC_URI = "file://wolfprovidertest.c \
file://wolfproviderenv.sh \
"
S = "${WORKDIR}"
inherit pkgconfig
do_compile() {
${CC} ${WORKDIR}/wolfprovidertest.c -o wolfprovidertest \
${CFLAGS} ${LDFLAGS} $(pkg-config --cflags --libs openssl) -ldl -lwolfssl -lwolfprov
}
do_install() {
install -d ${D}${bindir}
install -m 0755 ${WORKDIR}/wolfprovidertest ${D}${bindir}/wolfprovidertest
install -m 0755 ${WORKDIR}/wolfproviderenv.sh ${D}${bindir}/wolfproviderenv
}
FILES_${PN} += "${bindir}/wolfprovidertest \
${bindir}/wolfproviderenv \
"
# Dynamic RDEPENDS adjustment for bash
python() {
distro_version = d.getVar('DISTRO_VERSION', True)
pn = d.getVar('PN', True)
rdepends_var_name = 'RDEPENDS_' + pn if (distro_version.startswith('2.') or distro_version.startswith('3.')) else 'RDEPENDS:' + pn
current_rdepends = d.getVar(rdepends_var_name, True) or ""
new_rdepends = current_rdepends + " bash"
d.setVar(rdepends_var_name, new_rdepends)
}

71
recipes-wolfssl/wolfprovider/README.md 100644
View File

@ -0,0 +1,71 @@
# wolfProvider
The `wolfprovider` recipe enables the integration of wolfSSL's cryptographic functionalities into OpenSSL through a custom provider mechanism. This integration allows applications using OpenSSL to leverage wolfSSL's advanced cryptographic algorithms, combining wolfSSL's lightweight and performance-optimized cryptography with OpenSSL's extensive API and capabilities. `wolfprovider` is designed for easy integration into Yocto-based systems, ensuring a seamless blend of security and performance ideal for embedded and constrained environments.
## Getting Started
### Prerequisites
- A functioning Yocto Project environment (Kirkstone or later recommended)
- OpenSSL 3.0 or later, supporting the provider interface (Come by default with Kirkstone or later)
- Access to the `meta-wolfssl` repository
### Integrating wolfprovider with Yocto
1. **Clone the meta-wolfssl repository**:
Clone the `meta-wolfssl` repository into your Yocto project's sources directory if not already included in your project.
```sh
git clone https://github.com/wolfSSL/meta-wolfssl.git
```
2. **Include meta-wolfssl in your bblayers.conf**:
Add `meta-wolfssl` to your `bblayers.conf` file to incorporate it into your build environment.
```bitbake
BBLAYERS ?= " \
...
/path/to/meta-wolfssl \
...
"
```
3. **Add wolfprovider to your image**:
Modify your image recipe or `local.conf` file to include `wolfprovider`, `wolfssl`, `openssl`, `openssl-bin`, and `wolfprovidertest`. You will only need `openssl-bin` and `wolfprovidertest` if you want to use and test with our included example and conf file.
```bitbake
IMAGE_INSTALL += "wolfprovider wolfssl openssl openssl-bin wolfprovidertest"
```
4. **Build Your Image**:
With the `meta-wolfssl` layer added and the necessary packages included in your image configuration, proceed to build your Yocto image as usual.
```sh
bitbake <your_image_recipe_name>
```
### Testing wolfprovider
After building and deploying your image to the target device, you can test `wolfprovider` functionality through the `wolfproviderenv` script.
1. **Execute the wolfproviderenv Script**:
`wolfproviderenv` is located in `/usr/bin`, so just execute the script upon entering into your terminal.
```sh
wolfproviderenv
```
The script performs necessary setup actions, executes `wolfprovidertest` to validate the integration, and lists available OpenSSL providers to confirm `wolfprovider` is active and correctly configured.
2. **Expected Output**:
Look for messages indicating a successful environment setup, execution of `wolfprovidertest` with a custom provider loaded successfully, and `libwolfprovider` listed among active OpenSSL providers.
### Documentation and Support
For further information about `wolfprovider` and `wolfssl`, visit the [wolfSSL Documentation](https://www.wolfssl.com/docs/) and the [wolfProvider Github](https://www.github.com/wolfSSL/wolfprovider). If you encounter issues or require support regarding the integration of `wolfprovider` with Yocto, feel free to reach out through [wolfSSL Support](support@wolfssl.com).

2
recipes-wolfssl/wolfprovider/openssl_3.%.bbappend 100644
View File

@ -0,0 +1,2 @@
EXTRA_OECONF += " no-fips shared "

40
recipes-wolfssl/wolfprovider/wolfprovider_0.0.1.bb 100644
View File

@ -0,0 +1,40 @@
SUMMARY = "wolfSSL Lightweight Embedded SSL/TLS Library"
DESCRIPTION = "wolfSSL is a lightweight SSL/TLS library written in C and optimized for embedded and RTOS environments. It supports a full TLS client and server, up to TLS 1.3."
HOMEPAGE = "https://www.wolfssl.com/products/wolfssl/"
BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues"
SECTION = "libs"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
DEPENDS += "util-linux-native"
PROVIDES += "wolfprovider"
RPROVIDES_${PN} = "wolfprovider"
SRC_URI = "git://github.com/wolfssl/wolfProvider.git;protocol=https;branch=master"
SRCREV = "${AUTOREV}"
S = "${WORKDIR}/git"
DEPENDS += " wolfssl \
openssl \
"
inherit autotools pkgconfig
OPENSSL_YOCTO_DIR = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/openssl/usr"
# Approach: Use Python to dynamically set function content based on Yocto version
python() {
distro_version = d.getVar('DISTRO_VERSION', True)
autogen_command = "cd ${S}; ./autogen.sh"
if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
# For Dunfell and earlier
d.appendVar('do_configure_prepend', autogen_command)
else:
# For Kirkstone and later
d.appendVar('do_configure:prepend', autogen_command)
}
CFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
CXXFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
LDFLAGS += " -Wl,--build-id=none"
EXTRA_OECONF += " --with-openssl=${OPENSSL_YOCTO_DIR}"

2
recipes-wolfssl/wolfprovider/wolfssl_%.bbappend 100644
View File

@ -0,0 +1,2 @@
EXTRA_OECONF += " --enable-opensslcoexist --enable-cmac --enable-keygen --enable-sha --enable-des3 --enable-aesctr --enable-aesccm --enable-x963kdf --enable-compkey --enable-certgen --enable-aeskeywrap --enable-enckeys --enable-base16 "
CPPFLAGS += " -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DHAVE_PUBLIC_FFDHE -DWOLFSSL_DH_EXTRA -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER "