采用AES-NI支持的EVP接口 [英] EVP Interface with AES-NI support
问题描述
在C / C ++中使用OpenSSL加密库时,EVP接口是否自动支持AES-NI硬件加速(假设处理器支持)?参考这个,看来命令行OpenSSL确实有支持。我想知道是否有特定的函数调用,我不得不使用它来利用这种支持。例如,如果我使用 EVP_EncryptInit_ex(ctx,type,imp,key,iv),请执行任何这些参数必须指定NI加速?即将 EVP_EncryptInit_ex(ctx,EVP_aes_256_cbc(),NULL,key,iv)做窍门?
谢谢!
在C / C ++中使用OpenSSL加密库,EVP接口是否自动支持AES-NI
是的。 EVP _ * 是确保使用AES-NI(如果有的话)的官方/支持的方式。事实上,EVP是访问硬件加速的唯一方法。
EVP _ * 也是唯一的方式获得其他硬件加速,如在Skylark下采用Intel的ia32的SHA加速; ARM的加密扩展可用于ARMv8;和VIA的ia32 Padlock扩展在其处理器上。
使用低级别的AES例程(如 AES_encrypt 和 AES_decrypt )是仅软件 - 实现,它们将永远不会像AES-NI那样使用硬件加速。另请参阅Dr. Henson对OpenSSL邮件列表的回复:。
相关问题是(1)如何以确定是否正在使用AES-NI;和(2)什么是基准测试结果。为此,请参阅如何检查OpenSSL是否支持/使用Intel AES-NI?
When using the OpenSSL crypto libraries in C/C++, does the EVP interface automatically support AES-NI hardware acceleration (assuming processor support)? Referring to this, it appears command-line OpenSSL does have support. I was wondering if there were specific function calls that I had to use to take advantage of this support.
For instance, if I use EVP_EncryptInit_ex(ctx, type, imp, key, iv), do any of these parameters have to specify NI acceleration? I.e. will EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv) do the trick?
Thanks!
When using the OpenSSL crypto libraries in C/C++, does the EVP interface automatically support AES-NI
Yes. EVP_* is the official/supported way to ensure AES-NI is used (if available). In fact, EVP is the only way to access hardware acceleration in general.
EVP_* is also the only way to obtain other hardware accelerations, like engaging Intel's ia32's SHA acceleration under Skylark; ARM's Crypto extensions available in ARMv8; and VIA's ia32 Padlock extensions on their processors.
Using low level AES routines (like AES_encrypt and AES_decrypt) are software only-implementations, and they will never use hardware acceleration like AES-NI. Also see Dr. Henson's response on the OpenSSL mailing list at Verify AES-NI use at runtime?.
Related questions are (1) how to determine if AES-NI is being used; and (2) what are the benchmarking results. For that, see How can I check if OpenSSL is support/use the Intel AES-NI?
这篇关于采用AES-NI支持的EVP接口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
