--- aes.h-dist	2013-02-05 12:58:59.000000000 +0100
+++ aes.h	2013-12-21 23:23:32.000000000 +0100
@@ -140,6 +140,12 @@
 int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
 		unsigned char *out,
 		const unsigned char *in, unsigned int inlen);
+int AES_wrap_key_withpad(AES_KEY *key, const unsigned char *icv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key_withpad(AES_KEY *key, const unsigned char *icv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen);
 
 #ifdef  __cplusplus
 }
--- aes_wrap.c-dist	2013-02-05 00:40:11.000000000 +0100
+++ aes_wrap.c	2013-12-21 23:41:48.000000000 +0100
@@ -54,11 +54,99 @@
 #include "cryptlib.h"
 #include <openssl/aes.h>
 #include <openssl/bio.h>
+#include <openssl/rand.h>
 
 static const unsigned char default_iv[] = {
   0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
 };
 
+/* Added RFC 5649 support from OpenSSL #2204 contribution by Attaullah Baig */
+
+static const unsigned char alternate_iv[] = {
+  0xA6, 0x59, 0x59, 0xA6,
+};
+
+static int aes_unwrap_key(AES_KEY *key, const unsigned char *iv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen, unsigned char *a_iv);
+
+int AES_wrap_key_withpad(AES_KEY *key, const unsigned char *icv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen)
+	{
+	int len, nlen, ret = -1; 
+	unsigned char *input, iv[8]; 
+	
+	if (!inlen)
+		return -1;
+	len = inlen + (inlen % 8 == 0 ? 0 : (8 - inlen % 8));
+	nlen = htonl(inlen);
+	
+	input = OPENSSL_malloc(len + 8);
+	if (!input)
+		return -1;
+	memset(input, 0, len + 8);
+	if (!icv)
+		icv = alternate_iv;
+	memcpy(iv, icv, 4);
+	memcpy(iv + 4, (unsigned char *) &nlen, 4);
+
+	if (len == 8) {
+		memcpy(input, iv, 8);
+		memcpy(input + 8, in, inlen);
+		AES_encrypt(input, out, key);
+		ret = 8 + 8;
+	} else {
+		memcpy(input, in, inlen);
+		ret = AES_wrap_key(key, iv, out, input, len);
+	}
+	OPENSSL_cleanse(input, len);
+	OPENSSL_free(input);
+	return ret;
+}
+
+int AES_unwrap_key_withpad(AES_KEY *key, const unsigned char *icv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen)
+	{
+	int len, padlen; 
+	unsigned char a_iv[8], zero_iv[8];
+
+	if (inlen & 0x7)
+		return -1;
+	if (inlen < 16)
+		return -1;
+	
+	if (inlen == 16) {
+		AES_decrypt(in, out, key);
+		memcpy(a_iv, out, 8);
+		memmove(out, out + 8, 8);
+	} else {
+		if (aes_unwrap_key(key, NULL, out, in, inlen, a_iv) <= 0)
+			return -1;
+	}
+	
+	if (!icv)
+		icv = alternate_iv;
+	if (memcmp(a_iv, icv, 4)) 
+		return -1;
+    
+	memcpy((unsigned char *) &len, a_iv + 4, 4);
+	len = ntohl(len);
+	inlen -= 8;
+
+	if (len > inlen || len <= (inlen - 8))
+		return -1;
+    
+	padlen = inlen - len;
+
+	memset(zero_iv, 0, 8);
+	if (padlen && memcmp(zero_iv, out + len, padlen))
+		return -1;
+
+	return len;
+}
+
 int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
 		unsigned char *out,
 		const unsigned char *in, unsigned int inlen)
@@ -96,17 +184,18 @@
 	return inlen + 8;
 	}
 
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+static int aes_unwrap_key(AES_KEY *key, const unsigned char *iv,
 		unsigned char *out,
-		const unsigned char *in, unsigned int inlen)
+		const unsigned char *in, unsigned int inlen, unsigned char *a_iv)
 	{
 	unsigned char *A, B[16], *R;
 	unsigned int i, j, t;
-	inlen -= 8;
+
 	if (inlen & 0x7)
 		return -1;
-	if (inlen < 8)
+	if (inlen < 16)
 		return -1;
+	inlen -= 8;
 	A = B;
 	t =  6 * (inlen >> 3);
 	memcpy(A, in, 8);
@@ -128,16 +217,27 @@
 			memcpy(R, B + 8, 8);
 			}
 		}
-	if (!iv)
-		iv = default_iv;
-	if (memcmp(A, iv, 8))
+	if (a_iv)
+		memcpy(a_iv, A, 8);
+	else {
+		if (!iv)
+			iv = default_iv;
+		if (memcmp(A, iv, 8))
 		{
-		OPENSSL_cleanse(out, inlen);
-		return 0;
+			OPENSSL_cleanse(out, inlen);
+			return 0;
 		}
+	}
 	return inlen;
 	}
 
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen)
+	{
+	return aes_unwrap_key(key, iv, out, in, inlen, NULL);
+	}
+
 #ifdef AES_WRAP_TEST
 
 int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
@@ -147,23 +247,31 @@
 	{
 	unsigned char *otmp = NULL, *ptmp = NULL;
 	int r, ret = 0;
-	AES_KEY wctx;
-	otmp = OPENSSL_malloc(keylen + 8);
-	ptmp = OPENSSL_malloc(keylen);
+	AES_KEY ectx, dctx;
+
+	otmp = OPENSSL_malloc(keylen + 16);
+	ptmp = OPENSSL_malloc(keylen + 16);
 	if (!otmp || !ptmp)
 		return 0;
-	if (AES_set_encrypt_key(kek, keybits, &wctx))
+
+	if (AES_set_encrypt_key(kek, keybits, &ectx))
 		goto err;
-	r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+	if (eout && keylen % 8 == 0)
+		r = AES_wrap_key(&ectx, iv, otmp, key, keylen);
+	else
+		r = AES_wrap_key_withpad(&ectx, iv, otmp, key, keylen);
 	if (r <= 0)
 		goto err;
 
 	if (eout && memcmp(eout, otmp, keylen))
 		goto err;
 		
-	if (AES_set_decrypt_key(kek, keybits, &wctx))
+	if (AES_set_decrypt_key(kek, keybits, &dctx))
 		goto err;
-	r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+	if (eout && keylen % 8 == 0)
+		r = AES_unwrap_key(&dctx, iv, ptmp, otmp, r);
+	else
+		r = AES_unwrap_key_withpad(&dctx, iv, ptmp, otmp, r);
 
 	if (memcmp(key, ptmp, keylen))
 		goto err;
@@ -182,6 +290,8 @@
 
 
 
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
 int main(int argc, char **argv)
 {
 
@@ -192,6 +302,12 @@
   0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
 };
 
+static const unsigned char kek1[] = {
+  0x58, 0x40, 0xdf, 0x6e, 0x29, 0xb0, 0x2a, 0xf1,
+  0xab, 0x49, 0x3b, 0x70, 0x5b, 0xf1, 0x6e, 0xa1,
+  0xae, 0x83, 0x38, 0xf4, 0xdc, 0xc1, 0x76, 0xa8
+};
+
 static const unsigned char key[] = {
   0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
   0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
@@ -199,6 +315,28 @@
   0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
 };
 
+static const unsigned char key1[] = {
+  0xc3, 0x7b, 0x7e, 0x64, 0x92, 0x58, 0x43, 0x40,
+  0xbe, 0xd1, 0x22, 0x07, 0x80, 0x89, 0x41, 0x15,
+  0x50, 0x68, 0xf7, 0x38
+};
+
+static const unsigned char key2[] = {
+  0x46, 0x6f, 0x72, 0x50, 0x61, 0x73, 0x69
+};
+
+static const unsigned char ewrap1[] = {
+  0x13, 0x8b, 0xde, 0xaa, 0x9b, 0x8f, 0xa7, 0xfc,
+  0x61, 0xf9, 0x77, 0x42, 0xe7, 0x22, 0x48, 0xee,
+  0x5a, 0xe6, 0xae, 0x53, 0x60, 0xd1, 0xae, 0x6a,
+  0x5f, 0x54, 0xf3, 0x73, 0xfa, 0x54, 0x3b, 0x6a
+};
+
+static const unsigned char ewrap2[] = {
+  0xaf, 0xbe, 0xb0, 0xf0, 0x7d, 0xfb, 0xf5, 0x41,
+  0x92, 0x00, 0xf2, 0xcc, 0xb5, 0x0b, 0xb2, 0x4f
+};
+
 static const unsigned char e1[] = {
   0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
   0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
@@ -240,7 +378,21 @@
 };
 
 	AES_KEY wctx, xctx;
-	int ret;
+	int ret, i;
+	unsigned char *sample;
+	int rounds = 100;
+
+	sample = OPENSSL_malloc(rounds);
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+	RAND_pseudo_bytes(sample, rounds);
+
+	for (i = 1; i < rounds; i++)
+	{
+		ret = AES_wrap_unwrap_test(kek, 128, NULL, NULL, sample, i);
+		printf("Key test result for %d byte key %d\n", i, ret);
+	}
+	OPENSSL_free(sample);
+
 	ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
 	fprintf(stderr, "Key test result %d\n", ret);
 	ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
@@ -253,6 +405,10 @@
 	fprintf(stderr, "Key test result %d\n", ret);
 	ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
 	fprintf(stderr, "Key test result %d\n", ret);
+	ret = AES_wrap_unwrap_test(kek1, 192, NULL, ewrap1, key1, 20);
+	fprintf(stderr, "Key test result %d\n", ret);
+	ret = AES_wrap_unwrap_test(kek1, 192, NULL, ewrap2, key2, 7);
+	fprintf(stderr, "Key test result %d\n", ret);
 }
 	
 	
