{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
{"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
-# ifndef OPENSSL_NO_DES
{"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
-# endif
{"wrap", OPT_WRAP, 's', "Any wrap cipher to wrap key"},
OPT_R_OPTIONS,
X509_VERIFY_PARAM *vpm = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
- char *certsoutfile = NULL, *digestname = NULL;
+ char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
int noCAfile = 0, noCApath = 0, noCAstore = 0;
char *infile = NULL, *outfile = NULL, *rctfile = NULL;
char *passinarg = NULL, *passin = NULL, *signerfile = NULL;
goto end;
break;
case OPT_3DES_WRAP:
-# ifndef OPENSSL_NO_DES
- wrap_cipher = (EVP_CIPHER *)EVP_des_ede3_wrap();
-# endif
- break;
case OPT_AES128_WRAP:
- wrap_cipher = (EVP_CIPHER *)EVP_aes_128_wrap();
- break;
case OPT_AES192_WRAP:
- wrap_cipher = (EVP_CIPHER *)EVP_aes_192_wrap();
- break;
case OPT_AES256_WRAP:
- wrap_cipher = (EVP_CIPHER *)EVP_aes_256_wrap();
+ wrapname = opt_flag() + 1;
break;
case OPT_WRAP:
- if (!opt_cipher(opt_unknown(), &wrap_cipher))
- goto end;
+ wrapname = opt_unknown();
break;
}
}
if (!opt_cipher(ciphername, &cipher))
goto end;
}
+ if (wrapname != NULL) {
+ if (!opt_cipher(wrapname, &wrap_cipher))
+ goto end;
+ }
/* Remaining args are files to process. */
argc = opt_num_rest();
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
+# Cipher names id-aesXXX-wrap are to test aliases.
+
# AES wrap tests from RFC3394
Cipher = id-aes128-wrap
Key = 000102030405060708090A0B0C0D0E0F
Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607
Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
-Cipher = id-aes256-wrap
+# Testing strncasecmp
+Cipher = aes256-WRAP
Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+Cipher = ID-aes256-WRAP
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
+Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+
+
# Same as previous example but with invalid unwrap key: should be rejected
# without returning any plaintext
Cipher = id-aes256-wrap