On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote: > Hi all > > I created a shared key based on a DH exchange and want to use that key > with a symmetric encryption algorithm. This key has a length of 16 Bytes > (128 bit). Here is what I do to initialize AES: > > char *key,*iv; > > // DH exchange which ends with a 16B value in key > > > RAND_pseudo_bytes(iv,16); > > EVP_EncryptInit(&enc_ctx,EVP_aes_128_cbc(),NULL,NULL); > EVP_CIPHER_CTX_set_key_length(&enc_ctx,16); > EVP_EncryptInit(&enc_ctx,NULL,skey,iv); > > None of the functions seems to generate an error. I checked that by > calling ERR_print_errors_fp. However when I check the key length > > printf("key len: %d\n",EVP_CIPHER_key_length(&enc_ctx)); > > It returns 1. Shouldn't it return 16? I guess I make a mistake when > setting the key, but where? >
The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set it, though it is harmless to do so. The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org