Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Verify AES-NI use at runtime?
29 views
Skip to first unread message
Jeffrey Walton
Jan 2, 2014, 3:56:27 AM1/2/14
to
How does one verify use of AES-NI at runtime?
I know I can get 'capability' with:
crypto/evp/e_aes.c:#define AESNI_CAPABLE \
(OPENSSL_ia32cap_P[1]&(1<<(57-32)))
But grepping the sources for a runtime test does not produce anything
that looks useful:
$ grep -R -i AESNI *
and
$ grep -R ENGINE_* * | grep -i aes
The reason I ask is it looks like OpenSSL is not recognizing AES-NI
even though this i5 processor has both aesni and rdrand (according to
/proc/cpuinfo):
$ openssl engine -c -tt
(rdrand) Intel RDRAND engine
[RAND]
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
And the speed test shows no speedup with and without
OPENSSL_ia32cap=~0x200000200000000.
$ /usr/local/ssl/bin/openssl speed aes
If it matters, this is Fedora 20, and I had to jump through some hoops
to get the shared objects built correctly (namely, exporting
CFLAGS="-fPIC" and config'ing with 'shared').
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
I know I can get 'capability' with:
crypto/evp/e_aes.c:#define AESNI_CAPABLE \
(OPENSSL_ia32cap_P[1]&(1<<(57-32)))
But grepping the sources for a runtime test does not produce anything
that looks useful:
$ grep -R -i AESNI *
and
$ grep -R ENGINE_* * | grep -i aes
The reason I ask is it looks like OpenSSL is not recognizing AES-NI
even though this i5 processor has both aesni and rdrand (according to
/proc/cpuinfo):
$ openssl engine -c -tt
(rdrand) Intel RDRAND engine
[RAND]
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
And the speed test shows no speedup with and without
OPENSSL_ia32cap=~0x200000200000000.
$ /usr/local/ssl/bin/openssl speed aes
If it matters, this is Fedora 20, and I had to jump through some hoops
to get the shared objects built correctly (namely, exporting
CFLAGS="-fPIC" and config'ing with 'shared').
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Dr. Stephen Henson
Jan 3, 2014, 9:26:16 PM1/3/14
to
option uses low level AES routines which aren't accelerated by AES-NI.
Try it with the -evp option instead, for example:
openssl speed -evp aes-128-cbc
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
0 new messages