> How does one verify use of AES-NI at runtime?
> I know I can get 'capability' with:
> crypto/evp/e_aes.c:#define AESNI_CAPABLE \
> But grepping the sources for a runtime test does not produce anything
> that looks useful:
> $ grep -R -i AESNI *
> $ grep -R ENGINE_* * | grep -i aes
> The reason I ask is it looks like OpenSSL is not recognizing AES-NI
> even though this i5 processor has both aesni and rdrand (according to
> $ openssl engine -c -tt
> (rdrand) Intel RDRAND engine
> [ available ]
> (dynamic) Dynamic engine loading support
> [ unavailable ]
> And the speed test shows no speedup with and without
> $ /usr/local/ssl/bin/openssl speed aes
> If it matters, this is Fedora 20, and I had to jump through some hoops
> to get the shared objects built correctly (namely, exporting
> CFLAGS="-fPIC" and config'ing with 'shared').
Only the receommended EVP interface is supported with AES-NI, the "aes"
option uses low level AES routines which aren't accelerated by AES-NI.
Try it with the -evp option instead, for example: