set the key length when initializing a cipher context

This is required for variable key length ciphers like CAST5 and blowfish
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-10-29 23:04:39 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-10-29 23:04:39 -0500
commit: 384c1de5e79006b24fe0a7bb7764cabe71ee5b1e (patch)
tree: 1a12756ce96dbcbeb717dcdce6901ef642a995e7 /cryptography
parent: 6f6d6087cf5747629d51bca3333e6c2be91ca28b (diff)
download: cryptography-384c1de5e79006b24fe0a7bb7764cabe71ee5b1e.tar.gz
cryptography-384c1de5e79006b24fe0a7bb7764cabe71ee5b1e.tar.bz2
cryptography-384c1de5e79006b24fe0a7bb7764cabe71ee5b1e.zip
2 files changed, 16 insertions, 1 deletions
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py
index 635d6a0c..8de37d5b 100644
--- a/cryptography/hazmat/bindings/openssl/backend.py
+++ b/cryptography/hazmat/bindings/openssl/backend.py
@@ -138,9 +138,23 @@ class _CipherContext(object):
             iv_nonce = mode.nonce
         else:
             iv_nonce = self._backend.ffi.NULL
+        # begin init with cipher and operation type
         res = self._backend.lib.EVP_CipherInit_ex(ctx, evp_cipher,
                                                   self._backend.ffi.NULL,
-                                                  cipher.key, iv_nonce,
+                                                  self._backend.ffi.NULL,
+                                                  self._backend.ffi.NULL,
+                                                  operation)
+        assert res != 0
+        # set the key length to handle variable key ciphers
+        res = self._backend.lib.EVP_CIPHER_CTX_set_key_length(
+            ctx, len(cipher.key)
+        )
+        assert res != 0
+        # pass key/iv
+        res = self._backend.lib.EVP_CipherInit_ex(ctx, self._backend.ffi.NULL,
+                                                  self._backend.ffi.NULL,
+                                                  cipher.key,
+                                                  iv_nonce,
                                                   operation)
         assert res != 0
         # We purposely disable padding here as it's handled higher up in the
diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py
index a5a97a50..4d0fb7fc 100644
--- a/cryptography/hazmat/bindings/openssl/evp.py
+++ b/cryptography/hazmat/bindings/openssl/evp.py
@@ -60,6 +60,7 @@ int EVP_CIPHER_block_size(const EVP_CIPHER *);
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new();
 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
 
 EVP_MD_CTX *EVP_MD_CTX_create();
 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *);
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-10-29 23:04:39 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-10-29 23:04:39 -0500
commit	384c1de5e79006b24fe0a7bb7764cabe71ee5b1e (patch)
tree	1a12756ce96dbcbeb717dcdce6901ef642a995e7 /cryptography
parent	6f6d6087cf5747629d51bca3333e6c2be91ca28b (diff)
download	cryptography-384c1de5e79006b24fe0a7bb7764cabe71ee5b1e.tar.gz cryptography-384c1de5e79006b24fe0a7bb7764cabe71ee5b1e.tar.bz2 cryptography-384c1de5e79006b24fe0a7bb7764cabe71ee5b1e.zip