Questions on AES-NI and how to enable them have come up twice recently on the stack exchanges (like stack overflow).
This patch documents use of the AES-NI instruction by way of the EVP_* interface. diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index f6e4396..ffac649 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -433,7 +433,10 @@ for AES. Where possible the B<EVP> interface to symmetric ciphers should be used in preference to the low level interfaces. This is because the code then becomes -transparent to the cipher used and much more flexible. +transparent to the cipher used and much more flexible. Additionally, the +B<EVP> interface will ensure use of AES-NI instructions for AES operations +if the processor supports the instructions (the low level routines do not +guarantee use of AES-NI). PKCS padding works by adding B<n> padding bytes of value B<n> to make the total length of the encrypted data a multiple of the block size. Padding is always
EVP_EncryptInit.patch
Description: Binary data
