[openssl-users] Does openssl pick low level interface or high level interface to do encrypt?
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Aug 10 23:01:05 UTC 2017
On Wed, Aug 09, 2017 at 01:08:47PM +0000, - JinsongJi wrote:
> For one simple operation: openssl enc -aes-256-cbc -salt -in foo.txt -out foo.enc
> Does openssl pick classic implementation or AES-NI implementation to do this encrypt?
The enc(1) command uses the EVP API to access the requested symmetric
cipher. As a result, AES-NI and the like will be used when supported
by the hardware and enabled in your OpenSSL library.
> Does any user/application always pick classic implementation for
> AES operation regardless of AES-NI improves speed much?
If the application uses EVP_get_cipherbyname() and the like, it
gets the best available implementation of the cipher. If it
bypasses EVP it may get a slower implementation and/or one that
has less side-channel resistance.
Bottom-line, use EVP.
--
Viktor.
More information about the openssl-users
mailing list