This had a long time coming. The issues at hand was really that the buffer for the key buffer was EVP_MAX_KEY_LENGTH (which is 64, which is 128 hex characters) and that was the size that the input was checked against, not the actual key length of the cipher that's used.
This is now fixed: in master (8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4) in the 1.0.2 branch (3cf40601b7d164ab48addbb0456d7aa59fa38c88) in the 1.0.2 branch (4b771121f2b657f50e8c7a27e9fab0bb043f91bc) Incidently, I fixed the exact same issue with the IV length while I was at it. On Sun Dec 23 14:08:40 2012, s...@brendanlong.com wrote: > If I do an openssl enc -bf with a > 128 bit key it just silently > ignores > everything over 128 bits: > > ng@ubuntu:~$ openssl enc -bf -iv 0 -P -K > > 000000000000000000000000000000012345 > > salt=0700000000000000 > > key=00000000000000000000000000000001 > > iv =0000000000000000 > If you go over 128 characters you get an error: > > blong@ubuntu:~/workspace/webkit$ openssl enc -bf -iv 0 -P -K > > > 00000000000000000000000000000001234500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 > > salt=0700000000000000 > > key=00000000000000000000000000000001 > > iv =0000000000000000 > > blong@ubuntu:~/workspace/webkit$ openssl enc -bf -iv 0 -P -K > > > 000000000000000000000000000000012345000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 > > hex string is too long > > invalid hex key value > I'm guessing this is a unit mix-up, where it should be complaining > with > > 128 /bits/, but instead it complains at > 128 /characters/. -- Richard Levitte levi...@openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
