[openssl-users] Does openssl pick low level interface or high level interface to do encrypt?

Viktor Dukhovni openssl-users at dukhovni.org
Thu Aug 10 23:01:05 UTC 2017

On Wed, Aug 09, 2017 at 01:08:47PM +0000, - JinsongJi wrote:

> For one simple operation: openssl enc -aes-256-cbc -salt -in foo.txt -out foo.enc
> Does openssl pick classic implementation or AES-NI implementation to do this encrypt?

The enc(1) command uses the EVP API to access the requested symmetric
cipher.  As a result, AES-NI and the like will be used when supported
by the hardware and enabled in your OpenSSL library.

> Does any user/application always pick classic implementation for
> AES operation regardless of AES-NI improves speed much?

If the application uses EVP_get_cipherbyname() and the like, it
gets the best available implementation of the cipher.  If it
bypasses EVP it may get a slower implementation and/or one that
has less side-channel resistance.

Bottom-line, use EVP.


More information about the openssl-users mailing list