ahhhh...okay. Gotcha. Thanks!
On Fri, Mar 15, 2013 at 5:23 AM, Erwann Abalea <erwann.aba...@keynectis.com> wrote: > On a PC under Linux, you can do a "cat /proc/cpuinfo" and look for "aes" in > the "flags". > On a PC under any OS, get the CPUID, and look for bit 25 of ECX. > That's not OpenSSL-related. > > > The use of OPENSSL_ia32cap environment variable allows you to alter the > CPUID result (only inside OpenSSL), and alter its behaviour. It's not > resistant to a reboot, it's only process dependant. > > Compare the following results: > > OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc > openssl speed -elapsed -evp aes-128-cbc > > > -- > Erwann ABALEA > > Le 15/03/2013 04:46, Ewen Chan a écrit : > > Does it matter whether it's ia32 or ia64 even for an x64 processor? > Shouldn't there be some way for me to check whether AES is enabled or > being used (other than running a speed test) either in dmesg or /proc/ > or with openssl itself? I'm a little confused, and surprised/shocked > that there isn't a way to probe the status of whether the AES-NI is a) > present and b) enabled/utilized. > re: OPENSSL_ia32cap=~0x200000200000000 > so forgive me for asking lots of dumb questions but that would be > $ set OPENSSL_ia32cap=~0x200000200000000 > $ export OPENSSL_ia32cap > correct? > And how do I re-enable it without having to reboot the system? What's > the value that I should be putting in on the right-hand-side of the > equal sign? > Your help is much appreciated. > Sincerely, > Ewen > On Thu, Mar 14, 2013 at 7:35 PM, Dr. Stephen Henson <st...@openssl.org> > wrote: > > On Thu, Mar 14, 2013, Ewen Chan wrote: > > So this is a partial continuation from the discussion thread that I > started yesterday in regards to using AES-CBC. > I've got an Intel Core i7 3930K that supports AES-NI and I spent the > greater part of last night trying to get openssl to work or at least > recognize it, but it doesn't seem to want to do that. > > It it probably recognising it and you don't realise it. OpenSSL 1.0.1 > automatically switches to AES-NI at the EVP level without going through an > explicit AES-NI ENGINE. > You can disable AES-NI detection with the environment variable: > OPENSSL_ia32cap=~0x200000200000000 > You should see a considerable speed up with "openssl speed" by comparing the > two. > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
