> From: owner-openssl-us...@openssl.org On Behalf Of Sreekanth Pothanis > Sent: Wednesday, 29 June, 2011 12:43
> We have been using the aes_cbc functions to encrypt and decrypt > (with OpenSSL 0.9.8) . But recently I tried using the EVP functions > (with OpenSSL 1.0.0d) instead to encrypt and decrypt with an aes_128 > bit cipher and found that there is a huge improvement in the time taken > to encrypt and decrypt. So, my 1st question is how different are these > two and why is there a sizable difference. Unless you use an ENGINE in EVP, there should be no detectable difference between EVP and lowlevel routines *on the same build*. EVP with a software cipher just calls the selected lowlevel routines. Between versions, including 0.9.8 (which?) and 1.0.0d, there might be differences, possibly depending on platform and build options. Even within a version, there might be a difference depending on build options. Usually the most important option is whether assembler is enabled. Compiler, and compiler options, may make a difference. If you built these versions yourself, or got them from someone who told you the build process, you should know the options. Otherwise if you have a commandline program using or matching your library, 'openssl version -a' will say everything recorded, or call SSLeay_version with appropriate values and print the results. > I tried these initially on linux with libssl-dev and since then > I have been trying it on windows. I previously just used > Aes_cbc.c > Aes_x86core.c and a few headers on windows. However, I have not > been able to achieve something similar with the EVP functions. So, > is there a simpler way to just include a few c files and their > headers and achieve aes encryption/decryption. You can certainly call the (official) lowlevel functions directly by #include'ing aes.h, or des.h or sha1.h etc. as applicable. But crypto/aes/aes_x86core.c isn't in the Makefile, and thus isn't used by EVP OR the official lowlevel interface normally, and hasn't ever been as far as I can easily check. I didn't go through in detail, but it looks like it provides the same signatures as aes_core.c, so you might be able to just put it as a replacement. But I'd not be confident it's correct without careful testing, and I'd be quite surprised if it is faster than the assembler code. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
