enc : add support for wrap mode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17691)

1 files changed, 19 insertions, 1 deletions

diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in
index f424358ab3..85f707a17a 100644
--- a/doc/man1/openssl-enc.pod.in
+++ b/doc/man1/openssl-enc.pod.in
@@ -274,7 +274,7 @@ able to roll back upon authentication failure.  The AEAD modes currently in
 common use also suffer from catastrophic failure of confidentiality and/or
 integrity upon reuse of key/iv/nonce, and since B<openssl enc> places the
 entire burden of key/iv/nonce management upon the user, the risk of
-exposing AEAD modes is too great to allow.  These key/iv/nonce
+exposing AEAD modes is too great to allow. These key/iv/nonce
 management issues also affect other modes currently exposed in this command,
 but the failure modes are less extreme in these cases, and the
 functionality cannot be removed with a stable release branch.
@@ -282,6 +282,15 @@ For bulk encryption of data, whether using authenticated encryption
 modes or other modes, L<openssl-cms(1)> is recommended, as it provides a
 standard data format and performs the needed key/iv/nonce management.
 
+When enc is used with key wrapping modes the input data cannot be streamed,
+meaning it must be processed in a single pass.
+Consequently, the input data size must be less than
+the buffer size (-bufsize arg, default to 8*1024 bytes).
+The '*-wrap' ciphers require the input to be a multiple of 8 bytes long,
+because no padding is involved.
+The '*-wrap-pad' ciphers allow any input length.
+In both cases, no IV is needed. See example below.
+
 
  base64             Base 64
 
@@ -369,6 +378,9 @@ standard data format and performs the needed key/iv/nonce management.
  aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
  aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
 
+ aes-[128|192|256]-wrap     key wrapping using 128/192/256 bit AES
+ aes-[128|192|256]-wrap-pad key wrapping with padding using 128/192/256 bit AES
+
  aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
  aria[128|192|256]       Alias for aria-[128|192|256]-cbc
  aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
@@ -417,6 +429,12 @@ Base64 decode a file then decrypt it using a password supplied in a file:
  openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
     -pass file:<passfile>
 
+AES key wrapping:
+
+ openssl enc -e -a -id-aes128-wrap-pad -K 000102030405060708090A0B0C0D0E0F -in file.bin
+or
+ openssl aes128-wrap-pad -e -a -K 000102030405060708090A0B0C0D0E0F -in file.bin
+
 =head1 BUGS
 
 The B<-A> option when used with large files doesn't work properly.