AES wrap/unwrap APIs look absent in FIPS mode. You might need to code the AES wrap algo using EVP AES wrappers for FIPS mode operation. I asked about the same more than an year back.
http://openssl.6102.n7.nabble.com/AES-wrap-APIs-in-FIPS-mode-td44945.html On Thu, May 22, 2014 at 12:05 PM, Rahul Godbole <rahulmg1...@gmail.com>wrote: > Raghav, > > Check openssl/evp.h. Check the man page of EVP_EncryptInit() > > This is the corresponding EVP API > > int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, > const unsigned char *key, const unsigned char *iv); > int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, > ENGINE *impl, > const unsigned char *key, const unsigned char *iv); > int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, > int *outl, const unsigned char *in, int inl); > int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int > *outl); > int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int > *outl); > > > You can pass any of these as the EVP cipher > > const EVP_CIPHER *EVP_aes_128_ecb(void); > const EVP_CIPHER *EVP_aes_128_cbc(void); > const EVP_CIPHER *EVP_aes_128_cfb1(void); > const EVP_CIPHER *EVP_aes_128_cfb8(void); > const EVP_CIPHER *EVP_aes_128_cfb128(void); > # define EVP_aes_128_cfb EVP_aes_128_cfb128 > const EVP_CIPHER *EVP_aes_128_ofb(void); > #if 0 > const EVP_CIPHER *EVP_aes_128_ctr(void); > #endif > const EVP_CIPHER *EVP_aes_192_ecb(void); > const EVP_CIPHER *EVP_aes_192_cbc(void); > const EVP_CIPHER *EVP_aes_192_cfb1(void); > const EVP_CIPHER *EVP_aes_192_cfb8(void); > const EVP_CIPHER *EVP_aes_192_cfb128(void); > # define EVP_aes_192_cfb EVP_aes_192_cfb128 > const EVP_CIPHER *EVP_aes_192_ofb(void); > #if 0 > const EVP_CIPHER *EVP_aes_192_ctr(void); > #endif > const EVP_CIPHER *EVP_aes_256_ecb(void); > const EVP_CIPHER *EVP_aes_256_cbc(void); > const EVP_CIPHER *EVP_aes_256_cfb1(void); > const EVP_CIPHER *EVP_aes_256_cfb8(void); > const EVP_CIPHER *EVP_aes_256_cfb128(void); > # define EVP_aes_256_cfb EVP_aes_256_cfb128 > const EVP_CIPHER *EVP_aes_256_ofb(void); > > > You need to intialize OpenSSL ciphers using > OpenSSL_add_all_ciphers() > > > You will get plenty of examples on the internet > > > Rahul > > > > > > > > > On Thu, May 22, 2014 at 6:23 AM, Raghav Varadan < > raghavssubscr...@gmail.com> wrote: > >> Hi, >> >> I'm using Openssl FIPS in my application. The application does some AES >> Key Wrap/Unwrap and uses function calls to >> AES_set_encrypt_key()/AES_wrap_key()/AES_unwrap_key(). But in FIPS mode >> call to these low-level crypto function calls are forbidden. I would like >> to know if there is an EVP* interface to do wrap crypto keys using Key >> Encryption Key for transportation. >> >> Looking forward to a reply. >> >> Thanks >> Raghav >> >> >
