On Thu, Jan 02, 2014, Jeffrey Walton wrote: > How does one verify use of AES-NI at runtime? > > I know I can get 'capability' with: > > crypto/evp/e_aes.c:#define AESNI_CAPABLE \ > (OPENSSL_ia32cap_P[1]&(1<<(57-32))) > > But grepping the sources for a runtime test does not produce anything > that looks useful: > > $ grep -R -i AESNI * > and > $ grep -R ENGINE_* * | grep -i aes > > The reason I ask is it looks like OpenSSL is not recognizing AES-NI > even though this i5 processor has both aesni and rdrand (according to > /proc/cpuinfo): > > $ openssl engine -c -tt > (rdrand) Intel RDRAND engine > [RAND] > [ available ] > (dynamic) Dynamic engine loading support > [ unavailable ] > > And the speed test shows no speedup with and without > OPENSSL_ia32cap=~0x200000200000000. > > $ /usr/local/ssl/bin/openssl speed aes > > If it matters, this is Fedora 20, and I had to jump through some hoops > to get the shared objects built correctly (namely, exporting > CFLAGS="-fPIC" and config'ing with 'shared'). >
Only the receommended EVP interface is supported with AES-NI, the "aes" option uses low level AES routines which aren't accelerated by AES-NI. Try it with the -evp option instead, for example: openssl speed -evp aes-128-cbc Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
