[openssl-users] How to detect AES-NI compatible CPU
noloader at gmail.com
Fri Feb 3 19:29:08 UTC 2017
On Fri, Feb 3, 2017 at 1:55 PM, Chris Clark <a.chris.clark at gmail.com> wrote:
> My application links to OpenSSL 1.1.0 dynamically, and I would like to
> be able to determine if the CPU supports the AES-NI instruction set.
> Is there an OpenSSL API that can do this?
Also note that even though the machine is capable of AES-NI, it does
not mean OpenSSL will use the hardware acceleration. If you call
AES_encrypt (and friends), then you get the "software-only"
implementation. If you disable the feature in the environment with
OPENSSL_ia32cap="~0x200000200000000", then you get the "software-only"
To use AES-NI, and other hardware accelerators like ARMv8's
instructions, you have to use the EVP interface.
More information about the openssl-users