> I have written application code for encryption and decryption using OpenSSL > library. > I am testing on machine where AES-NI support is present. I am not sure how > can I confirm > whether execution is using AES-NI instruction set. > > ... > Any pointers will be appreciated..
OpenSSL has a test for AES-NI, but it only works from the static lib. It only works for static libs because OPENSSL_ia32cap_P[] is not *not* exported/available from the shared object. Here's the test from crypto/evp/e_aes.c: #define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) If you want a test that works from both the static lib and shared object, then you have to provide it yourself. The stuff I use is available at http://stackoverflow.com/questions/25284119/how-can-i-check-if-openssl-is-suport-use-the-intel-aes-ni. Even if AES-NI is available, it does not mean you will use it. If you use low level AES_* functions, then you will not use it because its a software implementation. To [potentially] use AES-NI, you have to use the EVP_* functions. There's no guarantee EVP_* functions will use hardware features like AES-NI, but EVP_* functions will usually use features like AES-NI, if available. believe the OpenSSL docs state the same at https://www.openssl.org/docs/crypto/EVP_EncryptInit.html: Where possible the EVP interface to symmetric ciphers should be used in preference to the low level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the EVP interface will ensure the use of platform specific cryptographic acceleration such as AES-NI (the low level interfaces do not provide the guarantee). AES_* vs EVP_* is also why you see the difference in 'openssl speed ...' test when using (or not using) the '-evp' option. There was also a discussion about it about a year ago at "Verify AES-NI use at runtime?", https://groups.google.com/d/msg/mailing.openssl.users/URRJ7Wx1fvw/ONdhjFxfrb0J. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org