Cannot perform RFC 5649 compatible CKM_AES_KEY_WRAP_PAD with the openssl cli

[drebes]

I'm trying to perform an RFC 5649 compatible key wrap using openssl cli. The operation fails with EVP_CipherInit_ex:wrap mode not allowed

$ openssl version
OpenSSL 1.1.1d  10 Sep 2019
$ openssl enc -id-aes256-wrap-pad -K $( hexdump -v -e '/1 "%02x"' < ephemeral.bin ) -iv A65959A6 -in secret.bin -out secret-wrapped.pem
Error setting cipher id-aes256-wrap-pad
140629772141696:error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode not allowed:../crypto/evp/evp_enc.c:161:

An old openssl-users thread suggests that this is a lack of passing the flag EVP_CIPHER_CTX_FLAG_WRAP_ALLOW, but this doesn't seem to be passed by the CLI, including in the latest versions.

[mattcaswell]

openssl enc doesn't support wrap mode. It really should fail with a more intelligible error message though if you attempt it.

[drebes]

There were discussions to support this in both #2485 and #2486 but they got closed without any code changes. Any plans to get those changes integrated?

[tetlowgm]

I'll bump this. I think it's amusing that AWS actually uses this for key import for CloudHSM, going so far as to provide patches against OpenSSL 1.1.1 for it:
https://aws.amazon.com/premiumsupport/knowledge-center/cloudhsm-import-keys-openssl/
https://aws.amazon.com/premiumsupport/knowledge-center/patch-openssl-cloudhsm/

[richsalz]

Not sure what you expect to happen with "bump this" ;) Amazon has several members on the CLA, they can contribute a patch.

[colmmacc]

Bump received! Going to look at this.

[nextgens]

same for google-cloud : https://cloud.google.com/kms/docs/wrapping-a-key#gcloud

[nhorman]

Marking as inactive, to be closed at the end of 3.4 dev barring further input