Re: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Yup, using the correct function helps :-)
Thanks!
- Reply message -
From: "Dr. Stephen Henson"
To:
Subject: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Date: Wed, Aug 29, 2012 1:37 am
On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote:
> Hi all
>
> I created a shared key based on a DH exchange and want to use that key
> with a symmetric encryption algorithm. This key has a length of 16 Bytes
> (128 bit). Here is what I do to initialize AES:
>
> char *key,*iv;
>
> // DH exchange which ends with a 16B value in key
>
>
> RAND_pseudo_bytes(iv,16);
>
> EVP_EncryptInit(&enc_ctx,EVP_aes_128_cbc(),NULL,NULL);
> EVP_CIPHER_CTX_set_key_length(&enc_ctx,16);
> EVP_EncryptInit(&enc_ctx,NULL,skey,iv);
>
> None of the functions seems to generate an error. I checked that by
> calling ERR_print_errors_fp. However when I check the key length
>
> printf("key len: %d\n",EVP_CIPHER_key_length(&enc_ctx));
>
> It returns 1. Shouldn't it return 16? I guess I make a mistake when
> setting the key, but where?
>
The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set
it, though it is harmless to do so.
The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an
EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote:
> Hi all
>
> I created a shared key based on a DH exchange and want to use that key
> with a symmetric encryption algorithm. This key has a length of 16 Bytes
> (128 bit). Here is what I do to initialize AES:
>
> char *key,*iv;
>
> // DH exchange which ends with a 16B value in key
>
>
> RAND_pseudo_bytes(iv,16);
>
> EVP_EncryptInit(&enc_ctx,EVP_aes_128_cbc(),NULL,NULL);
> EVP_CIPHER_CTX_set_key_length(&enc_ctx,16);
> EVP_EncryptInit(&enc_ctx,NULL,skey,iv);
>
> None of the functions seems to generate an error. I checked that by
> calling ERR_print_errors_fp. However when I check the key length
>
> printf("key len: %d\n",EVP_CIPHER_key_length(&enc_ctx));
>
> It returns 1. Shouldn't it return 16? I guess I make a mistake when
> setting the key, but where?
>
The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set
it, though it is harmless to do so.
The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an
EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Hi all
I created a shared key based on a DH exchange and want to use that key
with a symmetric encryption algorithm. This key has a length of 16 Bytes
(128 bit). Here is what I do to initialize AES:
char *key,*iv;
// DH exchange which ends with a 16B value in key
RAND_pseudo_bytes(iv,16);
EVP_EncryptInit(&enc_ctx,EVP_aes_128_cbc(),NULL,NULL);
EVP_CIPHER_CTX_set_key_length(&enc_ctx,16);
EVP_EncryptInit(&enc_ctx,NULL,skey,iv);
None of the functions seems to generate an error. I checked that by
calling ERR_print_errors_fp. However when I check the key length
printf("key len: %d\n",EVP_CIPHER_key_length(&enc_ctx));
It returns 1. Shouldn't it return 16? I guess I make a mistake when
setting the key, but where?
best regards
Carolin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
