Does openssl pick low level interface or high level interface to do encrypt?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Does openssl pick low level interface or high level interface to do encrypt?

- JinsongJi

Hi,

 

For one simple operation: openssl enc -aes-256-cbc -salt -in foo.txt -out foo.enc

Does openssl pick classic implementation or AES-NI implementation to do this encrypt?

 

Does any user/application always pick classic implementation for AES operation regardless of AES-NI improves speed much?


Is there any document about this interface selection?

 

Thanks,

Jinsong


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Does openssl pick low level interface or high level interface to do encrypt?

OpenSSL - User mailing list

What OpenSSL does is not necessarily obvious.  The INSTALL document talks about the no-asm configuration option.  Details about what the assembler code does in terms of optimization are only available by reading the source code comments in the various Perl files that generate the assembler, mostly.

 

On x86, the assembly code uses the CPUID instruction (see the OPENSSL_ia32cap.pod manpage) to determine if various instructions (AES, SSE, MMX, etc) are available and will use them if so.  For other processors, similar tests are performed if at all possible.

 

I have added this to the FAQ

 

-- 

Senior Architect, Akamai Technologies

Member, OpenSSL Dev Team

IM: [hidden email] Twitter: RichSalz

 

From: - JinsongJi [mailto:[hidden email]]
Sent: Wednesday, August 09, 2017 9:09 AM
To: [hidden email]
Subject: [openssl-users] Does openssl pick low level interface or high level interface to do encrypt?

 

Hi,

 

For one simple operation: openssl enc -aes-256-cbc -salt -in foo.txt -out foo.enc

Does openssl pick classic implementation or AES-NI implementation to do this encrypt?

 

Does any user/application always pick classic implementation for AES operation regardless of AES-NI improves speed much?

 

Is there any document about this interface selection?

 

Thanks,

Jinsong


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Does openssl pick low level interface or high level interface to do encrypt?

Viktor Dukhovni
In reply to this post by - JinsongJi
On Wed, Aug 09, 2017 at 01:08:47PM +0000, - JinsongJi wrote:

> For one simple operation: openssl enc -aes-256-cbc -salt -in foo.txt -out foo.enc
> Does openssl pick classic implementation or AES-NI implementation to do this encrypt?

The enc(1) command uses the EVP API to access the requested symmetric
cipher.  As a result, AES-NI and the like will be used when supported
by the hardware and enabled in your OpenSSL library.

> Does any user/application always pick classic implementation for
> AES operation regardless of AES-NI improves speed much?

If the application uses EVP_get_cipherbyname() and the like, it
gets the best available implementation of the cipher.  If it
bypasses EVP it may get a slower implementation and/or one that
has less side-channel resistance.

Bottom-line, use EVP.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...