wolfSSL
diff --git a/‎README.md‎
Lines changed: 3 additions & 2 deletions b/‎README.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎configure.ac‎
Lines changed: 13 additions & 0 deletions b/‎configure.ac‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎include/wolfengine/we_internal.h‎
Lines changed: 21 additions & 0 deletions b/‎include/wolfengine/we_internal.h‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎include/wolfengine/we_logging.h‎
Lines changed: 3 additions & 1 deletion b/‎include/wolfengine/we_logging.h‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎scripts/openssl-unit-tests.sh‎
Lines changed: 1 addition & 0 deletions b/‎scripts/openssl-unit-tests.sh‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/include.am‎
Lines changed: 1 addition & 0 deletions b/‎src/include.am‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/we_internal.c‎
Lines changed: 5 additions & 0 deletions b/‎src/we_internal.c‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/we_logging.c‎
Lines changed: 3 additions & 0 deletions b/‎src/we_logging.c‎
Lines changed: 3 additions & 0 deletions
@@ -63,6 +63,8 @@ make
 sudo make install
 ```
 
+Add `--enable-pwdbased` to the configure command above if PKCS#12 is used in OpenSSL.
+
 Remove `-DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER` and add `--enable-fips=v2` to the configure command above if building from a FIPS bundle and not the git repository.
 
 ### wolfEngine
@@ -83,8 +85,7 @@ make check
 ```
 
 * To build wolfEngine in single-threaded mode, add `--enable-singlethreaded` to the configure command.
-* AES-GCM is disabled by default because of the code changes required to OpenSSL. To enable it, add `--enable-aesgcm`.
-* AES-CCM is disabled by default for the same reason. To enable it, add `--enable-aesccm`.
+* To build wolfEngine with PBES support (used with PKCS #12), add `--enable-pbe`. Note: wolfSSL must have been configured with `--enable-pwdbased`.
 * To disable support for loading wolfEngine dynamically, add `--disable-dynamic-engine`.
 * To build a static version of wolfEngine, add `--enable-static`.
 * To use a custom user_settings.h file to override the defines produced by `./configure`, add `--enable-usersettings` and place a user_settings.h file with the defines you want in the include directory. See the root of the project for an example user_settings.h.
 
@@ -589,6 +589,18 @@ then
 fi
 
 
+AC_ARG_ENABLE([pbe],
+    [AS_HELP_STRING([--enable-pbe],[Enable PBE (default: disabled)])],
+    [ ENABLED_PBE=$enableval ],
+    [ ENABLED_PBE=no ]
+    )
+
+if test "$ENABLED_PBE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWE_HAVE_PBE"
+fi
+
+
 # Check enable options
 if test "$ENABLED_DIGEST" = "yes"
 then
@@ -694,6 +706,7 @@ echo "   *  - P-224:                   $ENABLED_EC_P224"
 echo "   *  - P-256:                   $ENABLED_EC_P256"
 echo "   *  - P-384:                   $ENABLED_EC_P384"
 echo "   *  - P-521:                   $ENABLED_EC_P521"
+echo "   * PBE:                        $ENABLED_PBE"
 echo ""
 echo "---"
 
@@ -57,6 +57,7 @@
 #if OPENSSL_VERSION_NUMBER >= 0x10101000L
 #include <openssl/cmac.h>
 #endif
+#include <openssl/pkcs12.h>
 
 #include <wolfssl/options.h>
 #include <wolfssl/wolfcrypt/hash.h>
@@ -73,11 +74,23 @@
 #include <wolfssl/wolfcrypt/asn_public.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/pwdbased.h>
 
 #include <wolfengine/we_openssl_bc.h>
 
 #include <wolfengine/we_logging.h>
 
+#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
+    /* Function is a printf style function. Pretend parameter is string literal.
+     *
+     * @param s  [in]  Index of string literal. Index from 1.
+     * @param v  [in]  Index of first argument to check. 0 means don't.
+     */
+    #define WE_PRINTF_FUNC(s, v)  __attribute__((__format__ (__printf__, s, v)))
+#else
+    #define WE_PRINTF_FUNC(s, v)
+#endif
+
 #if defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)
 /*
  * Global FIPS checks flag.
@@ -290,6 +303,14 @@ extern EVP_PKEY_METHOD *we_ec_p521_method;
 int we_init_ecc_meths(void);
 int we_init_ec_key_meths(void);
 
+/*
+ * PBE method
+ */
+
+#ifdef WE_HAVE_PBE
+int we_init_pbe_keygen(void);
+#endif
+
 int wolfengine_bind(ENGINE *e, const char *id);
 
 #endif /* INTERNAL_H */
@@ -85,6 +85,7 @@ enum wolfEngine_LogComponents {
     WE_LOG_PK     = 0x0010,  /* public key algorithms (RSA, ECC) */
     WE_LOG_KE     = 0x0020,  /* key agreement (DH, ECDH) */
     WE_LOG_ENGINE = 0x0040,  /* all engine specific logs */
+    WE_LOG_PBE    = 0x0080,  /* password base encryption algorithms */
 
     /* log all compoenents */
     WE_LOG_COMPONENTS_ALL = (WE_LOG_RNG
@@ -93,7 +94,8 @@ enum wolfEngine_LogComponents {
                            | WE_LOG_CIPHER
                            | WE_LOG_PK
                            | WE_LOG_KE
-                           | WE_LOG_ENGINE),
+                           | WE_LOG_ENGINE
+                           | WE_LOG_PBE),
 
     /* default compoenents logged */
     WE_LOG_COMPONENTS_DEFAULT = WE_LOG_COMPONENTS_ALL
 
@@ -290,6 +290,7 @@ build_wolfssl() {
         ./configure LDFLAGS="-L$OPENSSL_SOURCE $WOLFENGINE_EXTRA_LDFLAGS" \
                     CPPFLAGS="$WOLFENGINE_EXTRA_CPPFLAGS" \
                     --with-openssl=$OPENSSL_SOURCE \
+                    $WOLFENGINE_EXTRA_OPTS \
                     --enable-debug 2>&1 | tee -a $LOGFILE
         if [ "${PIPESTATUS[0]}" != 0 ]; then
             printf "config failed\n"
 
@@ -17,6 +17,7 @@ libwolfengine_la_SOURCES += src/we_internal.c
 libwolfengine_la_SOURCES += src/we_logging.c
 libwolfengine_la_SOURCES += src/we_mac.c
 libwolfengine_la_SOURCES += src/we_openssl_bc.c
+libwolfengine_la_SOURCES += src/we_pbe.c
 libwolfengine_la_SOURCES += src/we_random.c
 libwolfengine_la_SOURCES += src/we_rsa.c
 libwolfengine_la_SOURCES += src/we_tls_prf.c
 
@@ -919,6 +919,11 @@ static int wolfengine_init(ENGINE *e)
     }
 #endif
 #endif
+#ifdef WE_HAVE_PBE
+    if (ret == 1) {
+        we_init_pbe_keygen();
+    }
+#endif
 
 #endif
 
 
@@ -182,6 +182,7 @@ static void wolfengine_log(const int logLevel, const int component,
  * @param fmt   [IN] Log message format string.
  * @param vargs [IN] Variable arguments, used with format string, fmt.
  */
+WE_PRINTF_FUNC(3, 0)
 static void wolfengine_msg_internal(int component, int logLevel,
                                     const char* fmt, va_list vlist)
 {
@@ -200,6 +201,7 @@ static void wolfengine_msg_internal(int component, int logLevel,
  * @param fmt   [IN] Log message format string.
  * @param vargs [IN] Variable arguments, used with format string, fmt.
  */
+WE_PRINTF_FUNC(2, 3)
 void WOLFENGINE_MSG(int component, const char* fmt, ...)
 {
     va_list vlist;
@@ -215,6 +217,7 @@ void WOLFENGINE_MSG(int component, const char* fmt, ...)
  * @param fmt   [IN] Log message format string.
  * @param vargs [IN] Variable arguments, used with format string, fmt.
  */
+WE_PRINTF_FUNC(2, 3)
 void WOLFENGINE_MSG_VERBOSE(int component, const char* fmt, ...)
 {
     va_list vlist;