On Sun, Mar 18, 2012 at 07:24:25PM +0100, Andy Polyakov wrote: > >> So if you directly use the AES API you used to have a little better > >> performance, > >> but now you don't get the AES-NI support and so are a factor slower when > >> using it. > >> > >> Is this the normal and expected behaviour? > > > > I hope this isn't true. If it is, it means applications like OpenSSH > > that directly use the cipher APIs in OpenSSL will not get the benefit > > of AES-NI. > > objdump -T /usr/bin/ssh | grep -i AES > 00000000 DF *UND* 00000000 AES_encrypt > 00000000 DF *UND* 00000000 EVP_aes_192_cbc > 00000000 DF *UND* 00000000 EVP_aes_256_cbc > 00000000 DF *UND* 00000000 AES_set_encrypt_key > 00000000 DF *UND* 00000000 EVP_aes_128_cbc > 000xxxxx g DF .text 000xxxxx Base evp_aes_128_ctr > > OpenSSH does use EVP and benefits from AES-NI.
Shouldn't it be using EVP_EncryptUpdate() instead of AES_encrypt()? And isn't AES_encrypt() now always the one that doesn't support AES-NI? It seems to be mixing different APIs to me. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org