[openssl-users] Checking for AES-NI accelration

Nagesh shamnur nagesh.shamnur at huawei.com
Wed Aug 10 12:25:16 UTC 2016

Hi Group,

            I am running an application which transfers huge chunks of data every second (850Mbps) and the same is secured using openssl. However the CPU usage on windows is very high ( ~ 100%). So as a part of the analysis, I stumbled upon the information that, when using AES encryption, if the underlying hardware is Intel CPU, it can support AES-NI instruction set and hence make the crypto processing faster. So, I wanted to confirm if the same is enabled in my hardware.

            So, I wanted to know how to verify if the run is able to use the AES-NI instruction set available in the hardware.

            I have built openssl and have ensured enabling the asm in both linux and windows build.

            For windows, to confirm if AES-NI is enabled, support of tools available like truecrypt, CPU-Z and blackbox were used if the same was enabled in OS usage. And I found that the same is disabled. Also I found in some blogs that the same needs to be enabled in BIOS. When checked the BIOS settings, the option was not be found and a BIOS update is required to enable the same.

However in linux I was unable to conclude if AES-NI is disabled since I didn’t had access to any such tools on linux. I checked "#cpuinfo | grep aes" and i was unable to find any line regarding AES-NI. However when i run the ./openssl speed -evp aes-128-gcm and OPENSSL_ia32cap="~0x200000200000000" ./openssl speed -elapsed -evp aes-128-gcm i am able to find the difference in speed. So i wanted to check how to confirm if my linux build has AES-NI enabled or not?

Environment Information:

CPU: E5-2620 0 @2.0GHz

OS: Windows Server 2008

Linux: Ubuntu 3.11.0-15-generic

Openssl versoin: 1.0.2h

Mainboard: Manufacturer Huawei Technologies Co. Ltd., Model: BC11SRSH1 V100R002

BIOS: Brand: INsyde Corp, RMISV061, 06/20/2013



华为技术有限公司 Huawei Technologies Co., Ltd.

地址:深圳市龙岗区坂田华为基地 邮编:518129
Huawei Technologies Co., Ltd.
Bantian, Longgang District,Shenzhen 518129, P.R.China
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160810/67d4a1f3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6737 bytes
Desc: image001.jpg
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160810/67d4a1f3/attachment-0001.jpg>

More information about the openssl-users mailing list