[openssl] master update

tomas at openssl.org tomas at openssl.org
Wed May 5 07:47:15 UTC 2021 

The branch master has been updated
       via  a485561b2efd17e3ff9a4df2013b636467dee59f (commit)
      from  2b05439f8441a5483da65fd4208d82d9e007f448 (commit)


- Log -----------------------------------------------------------------
commit a485561b2efd17e3ff9a4df2013b636467dee59f
Author: Rich Salz <rsalz at akamai.com>
Date:   Sun Feb 14 14:34:22 2021 -0500

    Fetch cipher-wrap after loading providers.
    
    Use official (first) names for wrapping algorithms.
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14182)

-----------------------------------------------------------------------

Summary of changes:
 apps/cms.c                                         | 21 +++++++--------------
 test/recipes/30-test_evp_data/evpciph_aes_wrap.txt | 11 ++++++++++-
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index ed349bda2d..88b70fc67f 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -215,9 +215,7 @@ const OPTIONS cms_options[] = {
     {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
     {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
     {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
-# ifndef OPENSSL_NO_DES
     {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
-# endif
     {"wrap", OPT_WRAP, 's', "Any wrap cipher to wrap key"},
 
     OPT_R_OPTIONS,
@@ -284,7 +282,7 @@ int cms_main(int argc, char **argv)
     X509_VERIFY_PARAM *vpm = NULL;
     char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
-    char *certsoutfile = NULL, *digestname = NULL;
+    char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
     int noCAfile = 0, noCApath = 0, noCAstore = 0;
     char *infile = NULL, *outfile = NULL, *rctfile = NULL;
     char *passinarg = NULL, *passin = NULL, *signerfile = NULL;
@@ -676,22 +674,13 @@ int cms_main(int argc, char **argv)
                 goto end;
             break;
         case OPT_3DES_WRAP:
-# ifndef OPENSSL_NO_DES
-            wrap_cipher = (EVP_CIPHER *)EVP_des_ede3_wrap();
-# endif
-            break;
         case OPT_AES128_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_128_wrap();
-            break;
         case OPT_AES192_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_192_wrap();
-            break;
         case OPT_AES256_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_256_wrap();
+            wrapname = opt_flag() + 1;
             break;
         case OPT_WRAP:
-            if (!opt_cipher(opt_unknown(), &wrap_cipher))
-                goto end;
+            wrapname = opt_unknown();
             break;
         }
     }
@@ -706,6 +695,10 @@ int cms_main(int argc, char **argv)
         if (!opt_cipher(ciphername, &cipher))
             goto end;
     }
+    if (wrapname != NULL) {
+        if (!opt_cipher(wrapname, &wrap_cipher))
+            goto end;
+    }
 
     /* Remaining args are files to process. */
     argc = opt_num_rest();
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
index 080d13db72..2d42d7f539 100644
--- a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
@@ -6,6 +6,8 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
+# Cipher names id-aesXXX-wrap are to test aliases.
+
 # AES wrap tests from RFC3394
 Cipher = id-aes128-wrap
 Key = 000102030405060708090A0B0C0D0E0F
@@ -32,11 +34,18 @@ Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607
 Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
 
-Cipher = id-aes256-wrap
+# Testing strncasecmp
+Cipher = aes256-WRAP
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
 Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
 
+Cipher = ID-aes256-WRAP
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
+Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+
+
 # Same as previous example but with invalid unwrap key: should be rejected
 # without returning any plaintext
 Cipher = id-aes256-wrap

More information about the openssl-commits mailing list