On Fri, Feb 10, 2012, Erik Tkal wrote: > Hi Steve, thanks. This also seems to be a general issue with setting other > fields in the context, for example to override the key length (even in > non-FIPS mode) you have to initialize the cipher context with the cipher, > then set the fields in the context, then reinitialize it without specifying > the cipher (I found via googling that you had to do this): > > EVP_CIPHER_CTX_init(&m_ctx); > EVP_CipherInit_ex(&m_ctx, EVP_rc4(), NULL, NULL, NULL, 1); // first > time don't pass key > EVP_CIPHER_CTX_set_key_length(&m_ctx, (int)nKeySize); // specify > key length > EVP_CipherInit_ex(&m_ctx, NULL, NULL, pKey, NULL, 1); // now set > the key >
That technique has been documented for some time. See the manual pages for details and examples. > Ideally one should be able to omit the extra step, since I thought one of the > points of the _ex form was to assume the CTX is already set up? > > EVP_CIPHER_CTX_init(&m_ctx); > EVP_CIPHER_CTX_set_key_length(&m_ctx, (int)nKeySize); > EVP_CipherInit_ex(&m_ctx, EVP_rc4(), NULL, pKey, NULL, 1); > EVP_CIPHER_CTX_set_key_length performs sanity checks on the supplied key length (you should check the return value for an error code) so it has to know the cipher being used. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
