Adding wolfprovider recipes and a usage example/test, also added a README for wolfprovider.

README.md

@@ -359,6 +359,10 @@ to add a DNS server to /etc/resolv.conf like such with root perms
 echo "nameserver 8.8.8.8" >> /etc/resolv.conf
 ```
 
+wolfProvider
+------------
+To build wolfProvider view the instructions in this [README](recipes-wolfssl/wolfprovider/README.md)
+
 FIPS-READY
 ----------
 For building FIPS-Ready for wolfSSL view the instruction in this [README](recipes-wolfssl/wolfssl/fips-ready/README.md)

conf/layer.conf

@@ -91,6 +91,16 @@ BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
                                  '', d)}"
 
 
+BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
+                                 'wolfprovider', \
+                                 '${LAYERDIR}/recipes-wolfssl/wolfprovider/*.bb ${LAYERDIR}/recipes-wolfssl/wolfprovider/*.bbappend', \
+                                 '', d)}"
+
+BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
+                                 'wolfprovidertest', \
+                                 '${LAYERDIR}/recipes-examples/wolfprovider/wolfprovidertest/*.bb', \
+                                 '', d)}"
+
 
 # Uncomment if building bind with wolfSSL.
 #BBFILES += "${LAYERDIR}/recipes-connectivity/bind/*.bbappend"

recipes-examples/wolfprovider/wolfprovidertest/files/wolfproviderenv.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Setup for libwolfprov.so
+mkdir -p /usr/lib/ssl-3/modules
+if [ ! -L /usr/lib/ssl-3/modules/libwolfprov.so ]; then
+    ln -s /usr/lib/libwolfprov.so.0.0.0 /usr/lib/ssl-3/modules/libwolfprov.so
+fi
+
+# Environment variables
+export OPENSSL_MODULES=/usr/lib/ssl-3/modules
+export LD_LIBRARY_PATH=/usr/lib:/lib:$LD_LIBRARY_PATH
+
+# Configuration for wolfprovider
+mkdir -p /opt/wolfprovider-configs
+cat > /opt/wolfprovider-configs/wolfprovider.conf <<EOF
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+libwolfprov = libwolfprov_sect
+
+[libwolfprov_sect]
+activate = 1
+EOF
+
+export OPENSSL_CONF="/opt/wolfprovider-configs/wolfprovider.conf"
+
+# Execute the test program, assuming it's located in the same directory as this script
+# Adjust the path as necessary depending on where the binary ends up
+echo "Programmatic Test"
+if wolfprovidertest; then
+    echo "Passed!"
+else
+    echo "Failed!"
+    exit 1
+fi
+
+echo "OpenSSL Conf Test"
+openssl list -providers -verbose 
+
+echo "Environment and configuration setup is complete. Tests executed."

recipes-examples/wolfprovider/wolfprovidertest/files/wolfprovidertest.c

@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/provider.h>
+#include <openssl/err.h>
+
+int main(void) {
+    OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, "libwolfprov");
+    if (!prov) {
+        ERR_print_errors_fp(stderr);
+        exit(EXIT_FAILURE);
+    }
+    printf("Custom provider 'libwolfprov' loaded successfully.\n");
+    OSSL_PROVIDER_unload(prov);
+    return 0;
+}

recipes-examples/wolfprovider/wolfprovidertest/wolfprovidertest.bb

@@ -0,0 +1,46 @@
+SUMMARY = "Test program for custom OpenSSL provider 'libwolfprov'"
+DESCRIPTION = "Compiles and runs a test program to verify the functionality of the custom OpenSSL provider libwolfprov."
+HOMEPAGE = "https://www.wolfssl.com"
+SECTION = "examples"
+LICENSE = "CLOSED"
+LIC_FILES_CHKSUM = ""
+
+DEPENDS = "openssl pkgconfig-native wolfssl wolfprovider"
+PROVIDES += "wolfprovidertest"
+RPROVIDES_${PN} = "wolfprovidertest"
+
+
+SRC_URI = "file://wolfprovidertest.c \
+           file://wolfproviderenv.sh \
+          "
+
+S = "${WORKDIR}"
+
+inherit pkgconfig
+
+do_compile() {
+    ${CC} ${WORKDIR}/wolfprovidertest.c -o wolfprovidertest \
+        ${CFLAGS} ${LDFLAGS} $(pkg-config --cflags --libs openssl) -ldl -lwolfssl -lwolfprov
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 0755 ${WORKDIR}/wolfprovidertest ${D}${bindir}/wolfprovidertest
+    install -m 0755 ${WORKDIR}/wolfproviderenv.sh ${D}${bindir}/wolfproviderenv
+}
+
+FILES_${PN} += "${bindir}/wolfprovidertest \
+                ${bindir}/wolfproviderenv \
+               "
+
+# Dynamic RDEPENDS adjustment for bash
+python() {
+    distro_version = d.getVar('DISTRO_VERSION', True)
+    pn = d.getVar('PN', True)
+
+    rdepends_var_name = 'RDEPENDS_' + pn if (distro_version.startswith('2.') or distro_version.startswith('3.')) else 'RDEPENDS:' + pn
+
+    current_rdepends = d.getVar(rdepends_var_name, True) or ""
+    new_rdepends = current_rdepends + " bash"
+    d.setVar(rdepends_var_name, new_rdepends)
+}

recipes-wolfssl/wolfprovider/README.md

@@ -0,0 +1,71 @@
+# wolfProvider
+
+The `wolfprovider` recipe enables the integration of wolfSSL's cryptographic functionalities into OpenSSL through a custom provider mechanism. This integration allows applications using OpenSSL to leverage wolfSSL's advanced cryptographic algorithms, combining wolfSSL's lightweight and performance-optimized cryptography with OpenSSL's extensive API and capabilities. `wolfprovider` is designed for easy integration into Yocto-based systems, ensuring a seamless blend of security and performance ideal for embedded and constrained environments.
+
+## Getting Started
+
+### Prerequisites
+
+- A functioning Yocto Project environment (Kirkstone or later recommended)
+- OpenSSL 3.0 or later, supporting the provider interface (Come by default with Kirkstone or later)
+- Access to the `meta-wolfssl` repository
+
+### Integrating wolfprovider with Yocto
+
+1. **Clone the meta-wolfssl repository**:
+
+    Clone the `meta-wolfssl` repository into your Yocto project's sources directory if not already included in your project.
+
+    ```sh
+    git clone https://github.com/wolfSSL/meta-wolfssl.git
+    ```
+
+2. **Include meta-wolfssl in your bblayers.conf**:
+
+    Add `meta-wolfssl` to your `bblayers.conf` file to incorporate it into your build environment.
+
+    ```bitbake
+    BBLAYERS ?= " \
+      ...
+      /path/to/meta-wolfssl \
+      ...
+    "
+    ```
+
+3. **Add wolfprovider to your image**:
+
+    Modify your image recipe or `local.conf` file to include `wolfprovider`, `wolfssl`, `openssl`, `openssl-bin`, and `wolfprovidertest`. You will only need `openssl-bin` and `wolfprovidertest` if you want to use and test with our included example and conf file.
+
+    ```bitbake
+    IMAGE_INSTALL += "wolfprovider wolfssl openssl openssl-bin wolfprovidertest"
+    ```
+
+4. **Build Your Image**:
+
+    With the `meta-wolfssl` layer added and the necessary packages included in your image configuration, proceed to build your Yocto image as usual.
+
+    ```sh
+    bitbake <your_image_recipe_name>
+    ```
+
+### Testing wolfprovider
+
+After building and deploying your image to the target device, you can test `wolfprovider` functionality through the `wolfproviderenv` script.
+
+1. **Execute the wolfproviderenv Script**:
+
+    `wolfproviderenv` is located in `/usr/bin`, so just execute the script upon entering into your terminal.
+
+    ```sh
+    wolfproviderenv
+    ```
+
+    The script performs necessary setup actions, executes `wolfprovidertest` to validate the integration, and lists available OpenSSL providers to confirm `wolfprovider` is active and correctly configured.
+
+2. **Expected Output**:
+
+    Look for messages indicating a successful environment setup, execution of `wolfprovidertest` with a custom provider loaded successfully, and `libwolfprovider` listed among active OpenSSL providers.
+
+### Documentation and Support
+
+For further information about `wolfprovider` and `wolfssl`, visit the [wolfSSL Documentation](https://www.wolfssl.com/docs/) and the [wolfProvider Github](https://www.github.com/wolfSSL/wolfprovider). If you encounter issues or require support regarding the integration of `wolfprovider` with Yocto, feel free to reach out through [wolfSSL Support](support@wolfssl.com).

recipes-wolfssl/wolfprovider/openssl_3.%.bbappend

@@ -0,0 +1,2 @@
+EXTRA_OECONF += " no-fips shared "
+

recipes-wolfssl/wolfprovider/wolfprovider_0.0.1.bb

@@ -0,0 +1,40 @@
+SUMMARY = "wolfSSL Lightweight Embedded SSL/TLS Library"
+DESCRIPTION = "wolfSSL is a lightweight SSL/TLS library written in C and optimized for embedded and RTOS environments. It supports a full TLS client and server, up to TLS 1.3."
+HOMEPAGE = "https://www.wolfssl.com/products/wolfssl/"
+BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues"
+SECTION = "libs"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+DEPENDS += "util-linux-native"
+
+PROVIDES += "wolfprovider"
+RPROVIDES_${PN} = "wolfprovider"
+
+SRC_URI = "git://github.com/wolfssl/wolfProvider.git;protocol=https;branch=master"
+SRCREV = "${AUTOREV}"
+S = "${WORKDIR}/git"
+
+DEPENDS += " wolfssl \
+            openssl \
+            "
+
+inherit autotools pkgconfig
+
+OPENSSL_YOCTO_DIR = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/openssl/usr"
+
+# Approach: Use Python to dynamically set function content based on Yocto version
+python() {
+    distro_version = d.getVar('DISTRO_VERSION', True)
+    autogen_command = "cd ${S}; ./autogen.sh"
+    if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
+        # For Dunfell and earlier
+        d.appendVar('do_configure_prepend', autogen_command)
+    else:
+        # For Kirkstone and later
+        d.appendVar('do_configure:prepend', autogen_command)
+}
+
+CFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
+CXXFLAGS += " -I${S}/include  -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
+LDFLAGS += " -Wl,--build-id=none"
+EXTRA_OECONF += " --with-openssl=${OPENSSL_YOCTO_DIR}"

recipes-wolfssl/wolfprovider/wolfssl_%.bbappend

@@ -0,0 +1,2 @@
+EXTRA_OECONF += " --enable-opensslcoexist --enable-cmac --enable-keygen --enable-sha --enable-des3 --enable-aesctr --enable-aesccm --enable-x963kdf --enable-compkey --enable-certgen --enable-aeskeywrap --enable-enckeys --enable-base16 "
+CPPFLAGS += " -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DHAVE_PUBLIC_FFDHE -DWOLFSSL_DH_EXTRA -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER "