Fetch cipher-wrap after loading providers.

Use official (first) names for wrapping algorithms. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14182)
2025-03-25 20:00:44 +08:00 · 2021-02-14 14:34:22 -05:00 · 2021-02-14 14:34:22 -05:00 · a485561b2e
commit a485561b2e
parent 2b05439f84
2 changed files with 17 additions and 15 deletions
--- a/apps/cms.c
+++ b/apps/cms.c
@ -215,9 +215,7 @@ const OPTIONS cms_options[] = {
    {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
    {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
    {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
-# ifndef OPENSSL_NO_DES
    {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
-# endif
    {"wrap", OPT_WRAP, 's', "Any wrap cipher to wrap key"},

    OPT_R_OPTIONS,
@ -284,7 +282,7 @@ int cms_main(int argc, char **argv)
    X509_VERIFY_PARAM *vpm = NULL;
    char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
    const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
-    char *certsoutfile = NULL, *digestname = NULL;
+    char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
    int noCAfile = 0, noCApath = 0, noCAstore = 0;
    char *infile = NULL, *outfile = NULL, *rctfile = NULL;
    char *passinarg = NULL, *passin = NULL, *signerfile = NULL;
@ -676,22 +674,13 @@ int cms_main(int argc, char **argv)
                goto end;
            break;
        case OPT_3DES_WRAP:
-# ifndef OPENSSL_NO_DES
-            wrap_cipher = (EVP_CIPHER *)EVP_des_ede3_wrap();
-# endif
-            break;
        case OPT_AES128_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_128_wrap();
-            break;
        case OPT_AES192_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_192_wrap();
-            break;
        case OPT_AES256_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_256_wrap();
+            wrapname = opt_flag() + 1;
            break;
        case OPT_WRAP:
-            if (!opt_cipher(opt_unknown(), &wrap_cipher))
-                goto end;
+            wrapname = opt_unknown();
            break;
        }
    }
@ -706,6 +695,10 @@ int cms_main(int argc, char **argv)
        if (!opt_cipher(ciphername, &cipher))
            goto end;
    }
+    if (wrapname != NULL) {
+        if (!opt_cipher(wrapname, &wrap_cipher))
+            goto end;
+    }

    /* Remaining args are files to process. */
    argc = opt_num_rest();
--- a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
@ -6,6 +6,8 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html

+# Cipher names id-aesXXX-wrap are to test aliases.
+
 # AES wrap tests from RFC3394
 Cipher = id-aes128-wrap
 Key = 000102030405060708090A0B0C0D0E0F
@ -32,11 +34,18 @@ Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607
 Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1

-Cipher = id-aes256-wrap
+# Testing strncasecmp
+Cipher = aes256-WRAP
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
 Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21

+Cipher = ID-aes256-WRAP
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
+Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+
+
 # Same as previous example but with invalid unwrap key: should be rejected
 # without returning any plaintext
 Cipher = id-aes256-wrap