Re: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Yup, using the correct function helps :-) Thanks! - Reply message - From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Subject: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length Date: Wed, Aug 29, 2012 1:37 am On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote: Hi all I created a shared key based on a DH exchange and want to use that key with a symmetric encryption algorithm. This key has a length of 16 Bytes (128 bit). Here is what I do to initialize AES: char *key,*iv; // DH exchange which ends with a 16B value in key RAND_pseudo_bytes(iv,16); EVP_EncryptInit(enc_ctx,EVP_aes_128_cbc(),NULL,NULL); EVP_CIPHER_CTX_set_key_length(enc_ctx,16); EVP_EncryptInit(enc_ctx,NULL,skey,iv); None of the functions seems to generate an error. I checked that by calling ERR_print_errors_fp. However when I check the key length printf(key len: %d\n,EVP_CIPHER_key_length(enc_ctx)); It returns 1. Shouldn't it return 16? I guess I make a mistake when setting the key, but where? The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set it, though it is harmless to do so. The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Hi all I created a shared key based on a DH exchange and want to use that key with a symmetric encryption algorithm. This key has a length of 16 Bytes (128 bit). Here is what I do to initialize AES: char *key,*iv; // DH exchange which ends with a 16B value in key RAND_pseudo_bytes(iv,16); EVP_EncryptInit(enc_ctx,EVP_aes_128_cbc(),NULL,NULL); EVP_CIPHER_CTX_set_key_length(enc_ctx,16); EVP_EncryptInit(enc_ctx,NULL,skey,iv); None of the functions seems to generate an error. I checked that by calling ERR_print_errors_fp. However when I check the key length printf(key len: %d\n,EVP_CIPHER_key_length(enc_ctx)); It returns 1. Shouldn't it return 16? I guess I make a mistake when setting the key, but where? best regards Carolin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote: Hi all I created a shared key based on a DH exchange and want to use that key with a symmetric encryption algorithm. This key has a length of 16 Bytes (128 bit). Here is what I do to initialize AES: char *key,*iv; // DH exchange which ends with a 16B value in key RAND_pseudo_bytes(iv,16); EVP_EncryptInit(enc_ctx,EVP_aes_128_cbc(),NULL,NULL); EVP_CIPHER_CTX_set_key_length(enc_ctx,16); EVP_EncryptInit(enc_ctx,NULL,skey,iv); None of the functions seems to generate an error. I checked that by calling ERR_print_errors_fp. However when I check the key length printf(key len: %d\n,EVP_CIPHER_key_length(enc_ctx)); It returns 1. Shouldn't it return 16? I guess I make a mistake when setting the key, but where? The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set it, though it is harmless to do so. The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org