Ok, I found that.
But this raises another question: what to use in EVP_* APIs for AES-GCM mode?
For instance, the following code was OK for EVN_aes_128_ecb but won't compile
because it couldn't find EVP_aes_256_gcm.
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx,
EVP_aes_128_ecb(), //can't find
EVP_aes_256_gcm
- David
-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Matt Caswell (fr...@baggins.org)
Sent: Tuesday, May 22, 2012 10:49 AM
To: openssl-users@openssl.org
Subject: Re: Where is EVP_aes_256_gcm?
On 22/05/12 17:35, Li, David wrote:
Hi All,
I can't find this function in the source tree? It seems pointing to
FIPS_aes_256_gcm. All I see is:
grep -r FIPS_evp_aes_256_gcm .
./crypto/evp/evp_fips.c:const EVP_CIPHER *EVP_aes_256_gcm(void) { return
FIPS_evp_aes_256_gcm(); }
Anyone know where it is?
David
Its defined in ./crypto/evp/e_aes.c
Its cunningly hidden. See this line:
BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,
EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
With BLOCK_CIPHER_custom defined as:
#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
static const EVP_CIPHER aesni_##keylen##_##mode = { \
nid##_##keylen##_##mode,blocksize, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
aesni_##mode##_init_key, \
aesni_##mode##_cipher, \
aes_##mode##_cleanup, \
sizeof(EVP_AES_##MODE##_CTX), \
NULL,NULL,aes_##mode##_ctrl,NULL }; \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##mode,blocksize, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
aes_##mode##_init_key, \
aes_##mode##_cipher, \
aes_##mode##_cleanup, \
sizeof(EVP_AES_##MODE##_CTX), \
NULL,NULL,aes_##mode##_ctrl,NULL }; \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
Matt
