EVP接口采用AES-NI支持 [英] EVP Interface with AES-NI support
问题描述
当在C / C ++使用的OpenSSL加密库,它的自动执行副总裁接口支持AES-NI硬件加速(假设处理器支持)?参照<一个href=\"http://security.stackexchange.com/questions/35036/different-performance-of-openssl-speed-on-the-same-hardware-with-aes-256-evp-an\">this,它出现命令行OpenSSL的确实有支持。我想知道,如果有特定的功能调用,我不得不使用借此支持的优势。
举例来说,如果我使用 EVP_EncryptInit_ex(CTX,类型,小鬼,钥匙,IV)
,做任何这些参数都可以指定NI加速?即将 EVP_EncryptInit_ex(CTX,EVP_aes_256_cbc(),NULL,键,IV)
做的伎俩?
谢谢!
当在C / C ++使用的OpenSSL加密库,它的自动执行副总裁接口支持AES-NI
块引用>是的。
EVP _ *
是官方/支持的方式,以确保AES-NI时(如果可用)。事实上,EVP是访问一般硬件加速的唯一途径。使用低级别的AES程序(如
AES_ENCRYPT
和AES_DECRYPT
)的软件只的实现,他们将永远不会使用硬件加速像AES-NI。另请参阅亨森博士的的验证AES-NI在运行时使用?。When using the OpenSSL crypto libraries in C/C++, does the EVP interface automatically support AES-NI hardware acceleration (assuming processor support)? Referring to this, it appears command-line OpenSSL does have support. I was wondering if there were specific function calls that I had to use to take advantage of this support.
For instance, if I use
EVP_EncryptInit_ex(ctx, type, imp, key, iv)
, do any of these parameters have to specify NI acceleration? I.e. willEVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)
do the trick?Thanks!
解决方案When using the OpenSSL crypto libraries in C/C++, does the EVP interface automatically support AES-NI
Yes.
EVP_*
is the official/supported way to ensure AES-NI is used (if available). In fact, EVP is the only way to access hardware acceleration in general.Using low level AES routines (like
AES_encrypt
andAES_decrypt
) are software only-implementations, and they will never use hardware acceleration like AES-NI. Also see Dr. Henson's response on the OpenSSL mailing list at Verify AES-NI use at runtime?.这篇关于EVP接口采用AES-NI支持的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!