From: Rich Salz Date: Sun, 14 Feb 2021 19:34:22 +0000 (-0500) Subject: Fetch cipher-wrap after loading providers. X-Git-Tag: openssl-3.0.0-alpha16~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a485561b2efd17e3ff9a4df2013b636467dee59f;p=thirdparty%2Fopenssl.git Fetch cipher-wrap after loading providers. Use official (first) names for wrapping algorithms. Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14182) --- diff --git a/apps/cms.c b/apps/cms.c index ed349bda2da..88b70fc67f9 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -215,9 +215,7 @@ const OPTIONS cms_options[] = { {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"}, -# ifndef OPENSSL_NO_DES {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"}, -# endif {"wrap", OPT_WRAP, 's', "Any wrap cipher to wrap key"}, OPT_R_OPTIONS, @@ -284,7 +282,7 @@ int cms_main(int argc, char **argv) X509_VERIFY_PARAM *vpm = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL; const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL; - char *certsoutfile = NULL, *digestname = NULL; + char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL; int noCAfile = 0, noCApath = 0, noCAstore = 0; char *infile = NULL, *outfile = NULL, *rctfile = NULL; char *passinarg = NULL, *passin = NULL, *signerfile = NULL; @@ -676,22 +674,13 @@ int cms_main(int argc, char **argv) goto end; break; case OPT_3DES_WRAP: -# ifndef OPENSSL_NO_DES - wrap_cipher = (EVP_CIPHER *)EVP_des_ede3_wrap(); -# endif - break; case OPT_AES128_WRAP: - wrap_cipher = (EVP_CIPHER *)EVP_aes_128_wrap(); - break; case OPT_AES192_WRAP: - wrap_cipher = (EVP_CIPHER *)EVP_aes_192_wrap(); - break; case OPT_AES256_WRAP: - wrap_cipher = (EVP_CIPHER *)EVP_aes_256_wrap(); + wrapname = opt_flag() + 1; break; case OPT_WRAP: - if (!opt_cipher(opt_unknown(), &wrap_cipher)) - goto end; + wrapname = opt_unknown(); break; } } @@ -706,6 +695,10 @@ int cms_main(int argc, char **argv) if (!opt_cipher(ciphername, &cipher)) goto end; } + if (wrapname != NULL) { + if (!opt_cipher(wrapname, &wrap_cipher)) + goto end; + } /* Remaining args are files to process. */ argc = opt_num_rest(); diff --git a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt index 080d13db721..2d42d7f539c 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt @@ -6,6 +6,8 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html +# Cipher names id-aesXXX-wrap are to test aliases. + # AES wrap tests from RFC3394 Cipher = id-aes128-wrap Key = 000102030405060708090A0B0C0D0E0F @@ -32,11 +34,18 @@ Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 -Cipher = id-aes256-wrap +# Testing strncasecmp +Cipher = aes256-WRAP Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 +Cipher = ID-aes256-WRAP +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 + + # Same as previous example but with invalid unwrap key: should be rejected # without returning any plaintext Cipher = id-aes256-wrap