Ok, I found that. But this raises another question: what to use in EVP_* APIs for AES-GCM mode? For instance, the following code was OK for EVN_aes_128_ecb but won't compile because it couldn't find EVP_aes_256_gcm.
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, EVP_aes_128_ecb(), //can't find EVP_aes_256_gcm - David - From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell (fr...@baggins.org) Sent: Tuesday, May 22, 2012 10:49 AM To: openssl-users@openssl.org Subject: Re: Where is EVP_aes_256_gcm? On 22/05/12 17:35, Li, David wrote: Hi All, I can't find this function in the source tree? It seems pointing to FIPS_aes_256_gcm. All I see is: grep -r FIPS_evp_aes_256_gcm . ./crypto/evp/evp_fips.c:const EVP_CIPHER *EVP_aes_256_gcm(void) { return FIPS_evp_aes_256_gcm(); } Anyone know where it is? David Its defined in ./crypto/evp/e_aes.c Its cunningly hidden. See this line: BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM, EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) With BLOCK_CIPHER_custom defined as: #define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ static const EVP_CIPHER aesni_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ aesni_##mode##_init_key, \ aesni_##mode##_cipher, \ aes_##mode##_cleanup, \ sizeof(EVP_AES_##MODE##_CTX), \ NULL,NULL,aes_##mode##_ctrl,NULL }; \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ aes_##mode##_init_key, \ aes_##mode##_cipher, \ aes_##mode##_cleanup, \ sizeof(EVP_AES_##MODE##_CTX), \ NULL,NULL,aes_##mode##_ctrl,NULL }; \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } Matt