Yup, using the correct function helps :-)
Thanks!
----- Reply message -----
From: "Dr. Stephen Henson" <st...@openssl.org>
To: <openssl-users@openssl.org>
Subject: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Date: Wed, Aug 29, 2012 1:37 am
On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote:
> Hi all
>
> I created a shared key based on a DH exchange and want to use that key
> with a symmetric encryption algorithm. This key has a length of 16 Bytes
> (128 bit). Here is what I do to initialize AES:
>
> char *key,*iv;
>
> // DH exchange which ends with a 16B value in key
>
>
> RAND_pseudo_bytes(iv,16);
>
> EVP_EncryptInit(&enc_ctx,EVP_aes_128_cbc(),NULL,NULL);
> EVP_CIPHER_CTX_set_key_length(&enc_ctx,16);
> EVP_EncryptInit(&enc_ctx,NULL,skey,iv);
>
> None of the functions seems to generate an error. I checked that by
> calling ERR_print_errors_fp. However when I check the key length
>
> printf("key len: %d\n",EVP_CIPHER_key_length(&enc_ctx));
>
> It returns 1. Shouldn't it return 16? I guess I make a mistake when
> setting the key, but where?
>
The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set
it, though it is harmless to do so.
The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an
EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
