WolfSSL
/
meta-wolfssl
mirror of https://github.com/wolfSSL/meta-wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #83 from night1rider/wolfprovider 

Adding wolfprovider/engine recipes and a usage example/test
pull/84/head
JacobBarthelmeh 2024-04-23 10:03:05 -06:00 committed by GitHub
parent 0636b25a6e 7e6bef3ba0
commit 8bcfb2eab3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
21 changed files with 3133 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -359,6 +359,14 @@ to add a DNS server to /etc/resolv.conf like such with root perms
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
```
wolfProvider
------------
To build wolfProvider view the instructions in this [README](recipes-wolfssl/wolfprovider/README.md)
wolfEngine
------------
To build wolfEngine view the instructions in this [README](recipes-wolfssl/wolfengine/README.md)
FIPS-READY
----------
For building FIPS-Ready for wolfSSL view the instruction in this [README](recipes-wolfssl/wolfssl/fips-ready/README.md)

25
conf/layer.conf
View File

@ -91,6 +91,27 @@ BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'', d)}"
BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'wolfprovider', \
'${LAYERDIR}/recipes-wolfssl/wolfprovider/*.bb ${LAYERDIR}/recipes-wolfssl/wolfprovider/*.bbappend', \
'', d)}"
BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'wolfprovidertest', \
'${LAYERDIR}/recipes-examples/wolfprovider/wolfprovidertest/*.bb', \
'', d)}"
BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'wolfengine', \
'${LAYERDIR}/recipes-wolfssl/wolfengine/*.bb ${LAYERDIR}/recipes-wolfssl/wolfengine/*.bbappend', \
'', d)}"
BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
'wolfenginetest', \
'${LAYERDIR}/recipes-examples/wolfengine/wolfenginetest/*.bb ${LAYERDIR}/recipes-examples/wolfengine/wolfenginetest/*.bbappend', \
'', d)}"
# Uncomment if building bind with wolfSSL.
#BBFILES += "${LAYERDIR}/recipes-connectivity/bind/*.bbappend"
@ -159,6 +180,10 @@ BBFILES += "${@bb.utils.contains('WOLFTPM_TYPE', \
'${LAYERDIR}/recipes-wolfssl/wolftpm/commercial/*.bbappend ${LAYERDIR}/recipes-wolfssl/wolftpm/commercial/commercial-details/*.bbappend', \
'', d)}"
BBFILES += "${@bb.utils.contains('WOLFENGINE_TYPE', \
'commercial', \
'${LAYERDIR}/recipes-wolfssl/wolfengine/commercial/*.bbappend ${LAYERDIR}/recipes-wolfssl/wolfengine/commercial/commercial-details/*.bbappend', \
'', d)}"
# Versions of OpenEmbedded-Core which layer has been tested against
LAYERSERIES_COMPAT_wolfssl = "sumo thud warrior zeus hardknott gatesgarth dunfell kirkstone nanbield"

21
recipes-examples/wolfengine/wolfenginetest/files/wolfengineenv.sh 100644
View File

@ -0,0 +1,21 @@
#!/bin/bash
# Setup for libwolfprov.so
mkdir -p /usr/lib/ssl-1.1/engines
if [ ! -L /usr/lib/ssl-1.1/engines/libwolfprov.so ]; then
ln -s /usr/lib/libwolfengine.so.1.0.4 /usr/lib/ssl-1.1/engines/libwolfengine.so
fi
# Environment variables
export OPENSSL_ENGINES=/usr/lib/ssl-1.1/engines
export LD_LIBRARY_PATH=/usr/lib:/lib:$LD_LIBRARY_PATH
echo "Programmatic Test"
if wolfenginetest; then
echo "Passed!"
else
echo "Failed!"
exit 1
fi
echo "Environment and configuration setup is complete. Tests executed."

138
recipes-examples/wolfengine/wolfenginetest/files/wolfenginetest.c 100644
View File

@ -0,0 +1,138 @@
/* engine_by_id_example.c
*
* Copyright (C) 2019-2023 wolfSSL Inc.
*
* This file is part of wolfengine.
*
* wolfengine is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfengine is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <stdio.h>
#include <openssl/engine.h>
/* From https://www.openssl.org/docs/man3.0/man3/EVP_MD_CTX_new.html:
*
* The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to
* EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively.
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define EVP_MD_CTX_new EVP_MD_CTX_create
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
#endif
int main()
{
ENGINE* wolfEngine = NULL;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
const char* engineID = "libwolfengine";
#else
const char* engineID = "wolfengine";
#endif
unsigned char someData[] = {0xDE, 0xAD, 0xBE, 0xEF};
unsigned char digest[SHA256_DIGEST_LENGTH];
unsigned int digestBufLen = sizeof(digest);
EVP_MD_CTX *ctx;
const EVP_MD* sha256 = EVP_sha256();
const EVP_MD* md5 = EVP_md5();
/*
* Load OpenSSL's "dynamic" engine. This is an engine that loads other
* engines at runtime. It's used implicitly below to load wolfEngine.
*/
ENGINE_load_dynamic();
/*
* Load wolfEngine. libwolfengine.so must be located in the directory
* pointed to by environment variable OPENSSL_ENGINES for this to succeed.
* For example, if you just ran "make" in the wolfEngine source code
* directory, .libs/ should contain libwolfengine.so.
*/
wolfEngine = ENGINE_by_id(engineID);
if (wolfEngine == NULL) {
fprintf(stderr, "ENGINE_by_id failed.\n");
return -1;
}
/*
* Turn on wolfEngine debug messages. These will print to stderr.
*/
if (ENGINE_ctrl_cmd(wolfEngine, "enable_debug", 1, NULL, NULL, 0) != 1) {
fprintf(stderr, "ENGINE_ctrl_cmd enable_debug failed.\n");
return -1;
}
/*
* Make wolfEngine the default engine for all algorithms it supports.
*/
ENGINE_set_default(wolfEngine, ENGINE_METHOD_ALL);
/*
* Compute a digest/hash over the data in the "someData" buffer. wolfEngine
* provides SHA-256, and since it's the default engine for everything it
* provides, we should see wolfEngine debug messages print out. If you
* don't see those messages, make sure wolfEngine was built with
* --enable-debug (-DWOLFENGINE_DEBUG).
*/
if ((ctx = EVP_MD_CTX_new()) == NULL) {
fprintf(stderr, "EVP_MD_CTX_new SHA-256 failed.\n");
return -1;
}
if (EVP_DigestInit(ctx, sha256) != 1) {
fprintf(stderr, "EVP_DigestInit SHA-256 failed.\n");
return -1;
}
if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) {
fprintf(stderr, "EVP_DigestUpdate SHA-256 failed.\n");
return -1;
}
if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) {
fprintf(stderr, "EVP_DigestFinal_ex SHA-256 failed.\n");
return -1;
}
EVP_MD_CTX_free(ctx);
/*
* MD5 is not considered a secure hash algorithm and isn't FIPS-approved.
* wolfEngine doesn't provide support for it. The digest computation below
* shouldn't print any wolfEngine debug messages. It will be handled by
* OpenSSL's non-FIPS-verified MD5 implementation.
*/
if ((ctx = EVP_MD_CTX_new()) == NULL) {
fprintf(stderr, "EVP_MD_CTX_new MD5 failed.\n");
return -1;
}
if (EVP_DigestInit(ctx, md5) != 1) {
fprintf(stderr, "EVP_DigestInit MD5 failed.\n");
return -1;
}
if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) {
fprintf(stderr, "EVP_DigestUpdate MD5 failed.\n");
return -1;
}
if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) {
fprintf(stderr, "EVP_DigestFinal_ex MD5 failed.\n");
return -1;
}
EVP_MD_CTX_free(ctx);
ENGINE_free(wolfEngine);
printf("Everything worked!\n");
return 0;
}

1
recipes-examples/wolfengine/wolfenginetest/wolfengine_%.bbappend 100644
View File

@ -0,0 +1 @@
EXTRA_OECONF += " --enable-debug "

56
recipes-examples/wolfengine/wolfenginetest/wolfenginetest.bb 100644
View File

@ -0,0 +1,56 @@
SUMMARY = "Test program for custom OpenSSL engine "
DESCRIPTION = "Compiles and runs a test program to verify the functionality of the custom OpenSSL engine."
HOMEPAGE = "https://www.wolfssl.com"
SECTION = "examples"
LICENSE = "CLOSED"
LIC_FILES_CHKSUM = ""
DEPENDS = "openssl pkgconfig-native wolfssl wolfengine"
PROVIDES += "wolfenginetest"
WOLFENGINE_TEST = "${bindir}/wolfenginetest"
WOLFENGINE_ENV = "${bindir}/wolfenginetest"
SRC_URI = "file://wolfenginetest.c \
file://wolfengineenv.sh \
"
S = "${WORKDIR}"
inherit pkgconfig
do_compile() {
${CC} ${WORKDIR}/wolfenginetest.c -o wolfenginetest \
${CFLAGS} ${LDFLAGS} $(pkg-config --cflags --libs openssl) -ldl -lwolfssl -lwolfengine
}
do_install() {
install -d ${D}${bindir}
install -m 0755 ${WORKDIR}/wolfenginetest ${D}${bindir}/wolfenginetest
install -m 0755 ${WORKDIR}/wolfengineenv.sh ${D}${bindir}/wolfengineenv
}
python() {
distro_version = d.getVar('DISTRO_VERSION', True)
wolfengine_test = d.getVar('WOLFENGINE_TEST', True)
wolfengine_env = d.getVar('WOLFENGINE_ENV', True)
pn = d.getVar('PN', True)
if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
files_var_name = 'FILES_' + pn
else:
files_var_name = 'FILES:' + pn
current_files = d.getVar(files_var_name, True) or ""
new_files = current_files + ' ' + wolfengine_test + ' ' + wolfengine_env
d.setVar(files_var_name, new_files)
rdepends_var_name = 'RDEPENDS_' + pn if (distro_version.startswith('2.') or distro_version.startswith('3.')) else 'RDEPENDS:' + pn
current_rdepends = d.getVar(rdepends_var_name, True) or ""
new_rdepends = current_rdepends + " bash"
d.setVar(rdepends_var_name, new_rdepends)
}

43
recipes-examples/wolfprovider/wolfprovidertest/files/wolfproviderenv.sh 100644
View File

@ -0,0 +1,43 @@
#!/bin/bash
# Setup for libwolfprov.so
mkdir -p /usr/lib/ssl-3/modules
if [ ! -L /usr/lib/ssl-3/modules/libwolfprov.so ]; then
ln -s /usr/lib/libwolfprov.so.0.0.0 /usr/lib/ssl-3/modules/libwolfprov.so
fi
# Environment variables
export OPENSSL_MODULES=/usr/lib/ssl-3/modules
export LD_LIBRARY_PATH=/usr/lib:/lib:$LD_LIBRARY_PATH
# Configuration for wolfprovider
mkdir -p /opt/wolfprovider-configs
cat > /opt/wolfprovider-configs/wolfprovider.conf <<EOF
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
libwolfprov = libwolfprov_sect
[libwolfprov_sect]
activate = 1
EOF
export OPENSSL_CONF="/opt/wolfprovider-configs/wolfprovider.conf"
# Execute the test program, assuming it's located in the same directory as this script
# Adjust the path as necessary depending on where the binary ends up
echo "Programmatic Test"
if wolfprovidertest; then
echo "Passed!"
else
echo "Failed!"
exit 1
fi
echo "OpenSSL Conf Test"
openssl list -providers -verbose
echo "Environment and configuration setup is complete. Tests executed."

15
recipes-examples/wolfprovider/wolfprovidertest/files/wolfprovidertest.c 100644
View File

@ -0,0 +1,15 @@
#include <stdio.h>
#include <stdlib.h>
#include <openssl/provider.h>
#include <openssl/err.h>
int main(void) {
OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, "libwolfprov");
if (!prov) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
printf("Custom provider 'libwolfprov' loaded successfully.\n");
OSSL_PROVIDER_unload(prov);
return 0;
}

46
recipes-examples/wolfprovider/wolfprovidertest/wolfprovidertest.bb 100644
View File

@ -0,0 +1,46 @@
SUMMARY = "Test program for custom OpenSSL provider 'libwolfprov'"
DESCRIPTION = "Compiles and runs a test program to verify the functionality of the custom OpenSSL provider libwolfprov."
HOMEPAGE = "https://www.wolfssl.com"
SECTION = "examples"
LICENSE = "CLOSED"
LIC_FILES_CHKSUM = ""
DEPENDS = "openssl pkgconfig-native wolfssl wolfprovider"
PROVIDES += "wolfprovidertest"
RPROVIDES_${PN} = "wolfprovidertest"
SRC_URI = "file://wolfprovidertest.c \
file://wolfproviderenv.sh \
"
S = "${WORKDIR}"
inherit pkgconfig
do_compile() {
${CC} ${WORKDIR}/wolfprovidertest.c -o wolfprovidertest \
${CFLAGS} ${LDFLAGS} $(pkg-config --cflags --libs openssl) -ldl -lwolfssl -lwolfprov
}
do_install() {
install -d ${D}${bindir}
install -m 0755 ${WORKDIR}/wolfprovidertest ${D}${bindir}/wolfprovidertest
install -m 0755 ${WORKDIR}/wolfproviderenv.sh ${D}${bindir}/wolfproviderenv
}
FILES_${PN} += "${bindir}/wolfprovidertest \
${bindir}/wolfproviderenv \
"
# Dynamic RDEPENDS adjustment for bash
python() {
distro_version = d.getVar('DISTRO_VERSION', True)
pn = d.getVar('PN', True)
rdepends_var_name = 'RDEPENDS_' + pn if (distro_version.startswith('2.') or distro_version.startswith('3.')) else 'RDEPENDS:' + pn
current_rdepends = d.getVar(rdepends_var_name, True) or ""
new_rdepends = current_rdepends + " bash"
d.setVar(rdepends_var_name, new_rdepends)
}

80
recipes-wolfssl/wolfengine/README.md 100644
View File

@ -0,0 +1,80 @@
# wolfEngine
The `wolfengine` recipe enables the integration of wolfSSL's cryptographic functionalities into OpenSSL through a custom engine mechanism. This integration allows applications using OpenSSL to leverage wolfSSL's advanced cryptographic algorithms, combining wolfSSL's lightweight and performance-optimized cryptography with OpenSSL's extensive API and capabilities. `wolfengine` is designed for easy integration into Yocto-based systems, ensuring a seamless blend of security and performance ideal for embedded and constrained environments.
The `wolfenginetest` yocto package will provide two apps, `wolfengineenv` and `wolfenginetest`. Running `wolfengineenv` will start up a child shell and run `wolfenginetest`. Use `wolfengineenv` to test that the `wolfengine` package is succesfully installed. If you want to run `wolfenginetest` directly you will need to directly source `wolfengineenv` via `source /usr/bin/wolfengineenv` or setup the env on your own, because `wolfenginetest` will fail otherwise. Use `wolfenginetest` to check that your shell env is correctly setup.
## Getting Started
### Prerequisites
- A functioning Yocto Project environment (Dunfell or earlier recommended)
- OpenSSL versions 1.x.x, supporting the engine interface (Come by default with Dunfell or earlier)
- Access to the `meta-wolfssl` repository
### Integrating wolfengine with Yocto
1. **Clone the meta-wolfssl repository**:
Clone the `meta-wolfssl` repository into your Yocto project's sources directory if not already included in your project.
```sh
git clone https://github.com/wolfSSL/meta-wolfssl.git
```
2. **Include meta-wolfssl in your bblayers.conf**:
Add `meta-wolfssl` to your `bblayers.conf` file to incorporate it into your build environment.
```bitbake
BBLAYERS ?= " \
...
/path/to/meta-wolfssl \
...
"
```
3. **Add wolfengine to your image**:
Modify your image recipe or `local.conf` file to include `wolfengine`, `wolfssl`, `openssl`, `openssl-bin`, and `wolfenginetest`. You will only need `openssl-bin` and `wolfenginetest` if you want to use and test with our included example and conf file.
For yocto kirkstone or newer:
```
IMAGE_INSTALL:append = "wolfengine wolfssl openssl openssl-bin wolfenginetest"
```
For yocto dunfell or earlier:
```
IMAGE_INSTALL_append = "wolfengine wolfssl openssl openssl-bin wolfenginetest"
```
4. **Build Your Image**:
With the `meta-wolfssl` layer added and the necessary packages included in your image configuration, proceed to build your Yocto image as usual.
```sh
bitbake <your_image_recipe_name>
```
### Testing wolfengine
After building and deploying your image to the target device, you can test `wolfengine` functionality through the `wolfengineenv` script.
1. **Execute the wolfengineenv Script**:
`wolfengineenv` is located in `/usr/bin`, so just execute the script upon entering into your terminal.
```sh
wolfengineenv
```
The script performs necessary setup actions, executes `wolfenginetest` to validate the integration.
2. **Expected Output**:
Look for messages indicating a successful environment setup, and execution of `wolfenginetest`.
### Documentation and Support
For further information about `wolfengine` and `wolfssl`, visit the [wolfSSL Documentation](https://www.wolfssl.com/docs/) and the [wolfEngine Github](https://www.github.com/wolfSSL/wolfengine). If you encounter issues or require support regarding the integration of `wolfengine` with Yocto, feel free to reach out through [wolfSSL Support](support@wolfssl.com).

14
recipes-wolfssl/wolfengine/commercial/commercial-details/wolfengine_%.bbappend 100644
View File

@ -0,0 +1,14 @@
#Adjust these as needed
WOLFENGINE_VERSION=""
WOLF_LICENSE="WolfSSL_LicenseAgmt_JAN-2022.pdf"
WOLF_LICENSE_MD5="be28609dc681e98236c52428fadf04dd"
WOLF_SRC=""
WOLF_SRC_SHA=""
WOLF_SRC_PASS=""
#Do not adjust these variables
PR = "commercial"
PV = "${WOLFENGINE_VERSION}"
BBFILE_PRIORITY='1'

12
recipes-wolfssl/wolfengine/commercial/files/README.md 100644
View File

@ -0,0 +1,12 @@
# Directory for Commerical wolfEngine 7Zip Archives
## Overview
This directory is designated for storing commercially licensed 7Zip archives of wolfEngine.
## Contact Information
For questions regarding obtaining a licensed version of wolfEngine,
please contact wolfSSL Inc. directly at:
Email: support@wolfssl.com

30
recipes-wolfssl/wolfengine/commercial/wolfengine_%.bbappend 100644
View File

@ -0,0 +1,30 @@
BBFILE_PRIORITY='2'
COMMERCIAL_CONFIG_DIR := "${@os.path.dirname(d.getVar('FILE', True))}"
LICENSE="Proprietary"
LIC_FILES_CHKSUM="file://${WOLF_LICENSE};md5=${WOLF_LICENSE_MD5}"
SRC_URI="file://${COMMERCIAL_CONFIG_DIR}/files/${WOLF_SRC}.7z"
SRC_URI[sha256sum]="${WOLF_SRC_SHA}"
DEPENDS += "p7zip-native"
S = "${WORKDIR}/${WOLF_SRC}"
do_unpack[depends] += "p7zip-native:do_populate_sysroot"
do_unpack() {
cp -f "${FILE_DIRNAME}/commercial/files/${WOLF_SRC}.7z" "${WORKDIR}"
7za x "${WORKDIR}/${WOLF_SRC}.7z" -p"${WOLF_SRC_PASS}" -o"${WORKDIR}" -aoa
}
python() {
distro_version = d.getVar('DISTRO_VERSION', True)
autogen_create = 'echo -e "#!/bin/sh\nexit 0" > ${S}/autogen.sh && chmod +x ${S}/autogen.sh'
if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
# For Dunfell and earlier
d.appendVar('do_configure_prepend', autogen_create)
else:
# For Kirkstone and later
d.appendVar('do_configure:prepend', autogen_create)
}

1
recipes-wolfssl/wolfengine/openssl_1.%.bbappend 100644
View File

@ -0,0 +1 @@
EXTRA_OECONF += " shared "

42
recipes-wolfssl/wolfengine/wolfengine_1.4.0.bb 100644
View File

@ -0,0 +1,42 @@
SUMMARY = "wolfEngine is a cryptography engine for openSSL versions 1.X.X"
DESCRIPTION = "wolfEngine is an OpenSSL 1.X.X engine backed by wolfSSL's wolfCrypt cryptography library."
HOMEPAGE = "https://github.com/wolfSSL/wolfEngine"
BUGTRACKER = "https://github.com/wolfSSL/wolfEngine/issues"
SECTION = "libs"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
DEPENDS += "util-linux-native"
PROVIDES += "wolfengine"
SRC_URI = "git://github.com/wolfssl/wolfengine.git;nobranch=1;protocol=https;rev=02c18e78d59c1e5a029c171a3879e99a145737ca"
S = "${WORKDIR}/git"
DEPENDS += " wolfssl \
openssl \
"
inherit autotools pkgconfig
OPENSSL_YOCTO_DIR = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/openssl/usr"
WOLFSSL_YOCTO_DIR = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/wolfssl/usr"
# Approach: Use Python to dynamically set function content based on Yocto version
python() {
distro_version = d.getVar('DISTRO_VERSION', True)
autogen_command = "cd ${S}; ./autogen.sh"
if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
# For Dunfell and earlier
d.appendVar('do_configure_prepend', autogen_command)
else:
# For Kirkstone and later
d.appendVar('do_configure:prepend', autogen_command)
}
CFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
CXXFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
LDFLAGS += " -Wl,--build-id=none"
EXTRA_OECONF += " --with-openssl=${OPENSSL_YOCTO_DIR} --with-wolfssl=${WOLFSSL_YOCTO_DIR} "

13
recipes-wolfssl/wolfengine/wolfssl_%.bbappend 100644
View File

@ -0,0 +1,13 @@
python() {
# Get the package revision (PR) for wolfssl
wolfssl_pr = d.getVar('PR', True)
# Based on the revision, conditionally append to EXTRA_OECONF
if wolfssl_pr == 'commerical.fips':
d.appendVar('EXTRA_OECONF', ' --enable-engine=fips-v5')
elif wolfssl_pr == 'fipsReady':
d.appendVar('EXTRA_OECONF', ' --enable-engine=fips-ready')
else:
d.appendVar('EXTRA_OECONF', ' --enable-engine=no-fips')
}

80
recipes-wolfssl/wolfprovider/README.md 100644
View File

@ -0,0 +1,80 @@
# wolfProvider
The `wolfprovider` recipe enables the integration of wolfSSL's cryptographic functionalities into OpenSSL through a custom provider mechanism. This integration allows applications using OpenSSL to leverage wolfSSL's advanced cryptographic algorithms, combining wolfSSL's lightweight and performance-optimized cryptography with OpenSSL's extensive API and capabilities. `wolfprovider` is designed for easy integration into Yocto-based systems, ensuring a seamless blend of security and performance ideal for embedded and constrained environments.
The `wolfprovidertest` yocto package will provide two apps, `wolfproviderenv` and `wolfprovidertest`. Running `wolfproviderenv` will start up a child shell and run `wolfprovidertest`. Use `wolfproviderenv` to test that the `wolfprovider` package is succesfully installed. If you want to run `wolfprovidertest` directly you will need to directly source `wolfproviderenv` via `source /usr/bin/wolfproviderenv` or setup the env on your own, because `wolfprovidertest` will fail otherwise. Use `wolfprovidertest` to check that your shell env is correctly setup.
## Getting Started
### Prerequisites
- A functioning Yocto Project environment (Kirkstone or later recommended)
- OpenSSL 3.0 or later, supporting the provider interface (Come by default with Kirkstone or later)
- Access to the `meta-wolfssl` repository
### Integrating wolfprovider with Yocto
1. **Clone the meta-wolfssl repository**:
Clone the `meta-wolfssl` repository into your Yocto project's sources directory if not already included in your project.
```sh
git clone https://github.com/wolfSSL/meta-wolfssl.git
```
2. **Include meta-wolfssl in your bblayers.conf**:
Add `meta-wolfssl` to your `bblayers.conf` file to incorporate it into your build environment.
```bitbake
BBLAYERS ?= " \
...
/path/to/meta-wolfssl \
...
"
```
3. **Add wolfprovider to your image**:
Modify your image recipe or `local.conf` file to include `wolfprovider`, `wolfssl`, `openssl`, `openssl-bin`, and `wolfprovidertest`. You will only need `openssl-bin` and `wolfprovidertest` if you want to use and test with our included example and conf file.
For yocto kirkstone or newer:
```
IMAGE_INSTALL:append = "wolfprovider wolfssl openssl openssl-bin wolfprovidertest"
```
For yocto dunfell or earlier:
```
IMAGE_INSTALL_append = "wolfprovider wolfssl openssl openssl-bin wolfprovidertest"
```
4. **Build Your Image**:
With the `meta-wolfssl` layer added and the necessary packages included in your image configuration, proceed to build your Yocto image as usual.
```sh
bitbake <your_image_recipe_name>
```
### Testing wolfprovider
After building and deploying your image to the target device, you can test `wolfprovider` functionality through the `wolfproviderenv` script.
1. **Execute the wolfproviderenv Script**:
`wolfproviderenv` is located in `/usr/bin`, so just execute the script upon entering into your terminal.
```sh
wolfproviderenv
```
The script performs necessary setup actions, executes `wolfprovidertest` to validate the integration, and lists available OpenSSL providers to confirm `wolfprovider` is active and correctly configured.
2. **Expected Output**:
Look for messages indicating a successful environment setup, execution of `wolfprovidertest` with a custom provider loaded successfully, and `libwolfprovider` listed among active OpenSSL providers.
### Documentation and Support
For further information about `wolfprovider` and `wolfssl`, visit the [wolfSSL Documentation](https://www.wolfssl.com/docs/) and the [wolfProvider Github](https://www.github.com/wolfSSL/wolfprovider). If you encounter issues or require support regarding the integration of `wolfprovider` with Yocto, feel free to reach out through [wolfSSL Support](support@wolfssl.com).

2
recipes-wolfssl/wolfprovider/openssl_3.%.bbappend 100644
View File

@ -0,0 +1,2 @@
EXTRA_OECONF += " no-fips shared "

40
recipes-wolfssl/wolfprovider/wolfprovider_0.0.1.bb 100644
View File

@ -0,0 +1,40 @@
SUMMARY = "wolfProvider is a Proivder designed for Openssl 3.X.X"
DESCRIPTION = "wolfProvider is a library that can be used as an Provider in OpenSSL"
HOMEPAGE = "https://github.com/wolfSSL/wolfProvider"
BUGTRACKER = "https://github.com/wolfSSL/wolfProvider/issues"
SECTION = "libs"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
DEPENDS += "util-linux-native"
PROVIDES += "wolfprovider"
RPROVIDES_${PN} = "wolfprovider"
SRC_URI = "git://github.com/wolfssl/wolfProvider.git;protocol=https;branch=master"
SRCREV = "${AUTOREV}"
S = "${WORKDIR}/git"
DEPENDS += " wolfssl \
openssl \
"
inherit autotools pkgconfig
OPENSSL_YOCTO_DIR = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/openssl/usr"
# Approach: Use Python to dynamically set function content based on Yocto version
python() {
distro_version = d.getVar('DISTRO_VERSION', True)
autogen_command = "cd ${S}; ./autogen.sh"
if distro_version and (distro_version.startswith('2.') or distro_version.startswith('3.')):
# For Dunfell and earlier
d.appendVar('do_configure_prepend', autogen_command)
else:
# For Kirkstone and later
d.appendVar('do_configure:prepend', autogen_command)
}
CFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
CXXFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
LDFLAGS += " -Wl,--build-id=none"
EXTRA_OECONF += " --with-openssl=${OPENSSL_YOCTO_DIR}"

2
recipes-wolfssl/wolfprovider/wolfssl_%.bbappend 100644
View File

@ -0,0 +1,2 @@
EXTRA_OECONF += " --enable-opensslcoexist --enable-cmac --enable-keygen --enable-sha --enable-des3 --enable-aesctr --enable-aesccm --enable-x963kdf --enable-compkey --enable-certgen --enable-aeskeywrap --enable-enckeys --enable-base16 "
CPPFLAGS += " -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DHAVE_PUBLIC_FFDHE -DWOLFSSL_DH_EXTRA -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER "

2542
recipes-wolfssl/wolftpm/files/wolftpm_3_1_0.patch
View File

File diff suppressed because it is too large Load Diff