The man page claims that the EVP_bf_* ciphers are variable key length, and the code appears to support variable key lengths, however, in crypto/evp/e_bf.c, the flags are set to 0 instead of including EVP_CIPH_VARIABLE_LENGTH. This means that any call to EVP_CIPHER_CTX_set_key_length with a length != 16 will fail with 'invalid key length'. By manually oring 0x8 (EVP_CIPH_VARIABLE_LENGTH) into the flags using gdb, EVP_CIPHER_CTX_set_key_length suceeded in setting a keylength of 32 (256bit), and appears to have sucessfully used the longer key. However, I don't know my way around OpenSSL's innards very well, so is this fix correct, and if so, can it be included in OpenSSL? -- David Taylor [EMAIL PROTECTED] P.S. Sorry about the extreme lack of grammar in this e-mail, my brain has turned to mush after hours of hacking at things trying to make 256bit blowfish work. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
