On a PC under Linux, you can do a "cat /proc/cpuinfo" and look for "aes"
in the "flags".
On a PC under any OS, get the CPUID, and look for bit 25 of ECX.
That's not OpenSSL-related.
The use of OPENSSL_ia32cap environment variable allows you to alter the
CPUID result (only inside OpenSSL), and alter its behaviour. It's not
resistant to a reboot, it's only process dependant.
Compare the following results:
* OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp
aes-128-cbc
* openssl speed -elapsed -evp aes-128-cbc
--
Erwann ABALEA
Le 15/03/2013 04:46, Ewen Chan a écrit :
Does it matter whether it's ia32 or ia64 even for an x64 processor?
Shouldn't there be some way for me to check whether AES is enabled or
being used (other than running a speed test) either in dmesg or /proc/
or with openssl itself? I'm a little confused, and surprised/shocked
that there isn't a way to probe the status of whether the AES-NI is a)
present and b) enabled/utilized.
re: OPENSSL_ia32cap=~0x200000200000000
so forgive me for asking lots of dumb questions but that would be
$ set OPENSSL_ia32cap=~0x200000200000000
$ export OPENSSL_ia32cap
correct?
And how do I re-enable it without having to reboot the system? What's
the value that I should be putting in on the right-hand-side of the
equal sign?
Your help is much appreciated.
Sincerely,
Ewen
On Thu, Mar 14, 2013 at 7:35 PM, Dr. Stephen Henson <st...@openssl.org> wrote:
On Thu, Mar 14, 2013, Ewen Chan wrote:
So this is a partial continuation from the discussion thread that I
started yesterday in regards to using AES-CBC.
I've got an Intel Core i7 3930K that supports AES-NI and I spent the
greater part of last night trying to get openssl to work or at least
recognize it, but it doesn't seem to want to do that.
It it probably recognising it and you don't realise it. OpenSSL 1.0.1
automatically switches to AES-NI at the EVP level without going through an
explicit AES-NI ENGINE.
You can disable AES-NI detection with the environment variable:
OPENSSL_ia32cap=~0x200000200000000
You should see a considerable speed up with "openssl speed" by comparing the
two.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
