On Wed, Apr 4, 2012 at 5:41 AM, pkumarn <prashanth.kuma...@gmail.com> wrote: > > Hi, > > I had earlier posted query on AES_Keywrap() usage and had good response on > the same and got lot of things clarified. Now i am successful in using > AES_wrap_key() API but i am running into a new problem. > I need to wrap 512bit key with 256 bit KEK key. When i do this, i am hitting > seg fault in AES_wrap_key(). When i do gdb, it points to memcpy(). From the > code i didn't see any limitation of not using 512 bit key. Am i missing > something? Below is my sample code which works successfully for 256 bit Key. > Below code can be enabled for 512 bit with the macro KEY512. Forgive my ignorance (I did not refer to the RFC), but is a 256 KEK/512 CEK a valid combination?
Perhaps you can "stretch" the 256 key with two iterations of SHA-256. It won't affect your choice of security levels, and will match KEK/CEK key sizes. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org