Handling over sized keys on OpenSSL

September 1, 2019 03:33 lc@leocavalcante.com (Leo Cavalcante)
Hi Internals,
I just spent this entire Saturday debugging a code to discover that OpenSSL
truncates over sized keys.
Yeah, I was using a 256-bit length key with AES-128-CBC then trying to
decrypt it in another program never works.
Did some research I found that Ruby did it a few years ago
And in fact, its better to throw or even warn/notice about it instead of
silently allowing it, *what you think?*