On Wed, Aug 09, 2017 at 01:08:47PM +0000, - JinsongJi wrote:

> For one simple operation: openssl enc -aes-256-cbc -salt -in foo.txt -out 
> foo.enc
> Does openssl pick classic implementation or AES-NI implementation to do this 
> encrypt?

The enc(1) command uses the EVP API to access the requested symmetric
cipher.  As a result, AES-NI and the like will be used when supported
by the hardware and enabled in your OpenSSL library.

> Does any user/application always pick classic implementation for
> AES operation regardless of AES-NI improves speed much?

If the application uses EVP_get_cipherbyname() and the like, it
gets the best available implementation of the cipher.  If it
bypasses EVP it may get a slower implementation and/or one that
has less side-channel resistance.

Bottom-line, use EVP.

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to