30

If I run openssl 1.0.1e like this :

$ ./openssl speed aes-256-cbc (i.e without EVP API)
Doing aes-256 cbc for 3s on 16 size blocks: 14388425 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 64 size blocks: 3861764 aes-256 cbc's in 2.99s
Doing aes-256 cbc for 3s on 256 size blocks: 976359 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 1024 size blocks: 246145 aes-256 cbc's in 2.99s
Doing aes-256 cbc for 3s on 8192 size blocks: 30766 aes-256 cbc's in 3.00s

However, if I run it like this :

$ ./openssl speed -evp AES256
Doing aes-256-cbc for 3s on 16 size blocks: 71299827 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 18742055 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 256 size blocks: 4771917 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 1024 size blocks: 1199158 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 150768 aes-256-cbc's in 2.99s

From the OpenSSL documentation, it seems that using EVP for the same cipher or not using EVP should not make any difference. Yes I see it consistently. Can anyone please provide an insight? I have googled a lot but could not find anything. I will look through code but not sure if I can understand that part.

Improve this question
1
  • 3
    Tom's answer is correct. Also see Dr. Henson's answer on the OpenSSL mailing list at Verify AES-NI use at runtime?. In short, the EVP_* interfaces are the only way to ensure use of AES-NI (if its available).
    – user29925
    Commented Jul 1, 2014 at 20:30

2 Answers 2

Reset to default
36

In OpenSSL source code, the speed aes-256-cbc function calls AES_cbc_encrypt() which itself uses AES_encrypt(), a function from crypto/aes/aes_x86core.c. It is an obvious "classical" implementation with tables.

On the other hand, with EVP, you end up in the code in crypto/evp/e_aes.c which dynamically detects whether the current CPU supports the AES-NI instructions, a feature of recent x86 processors, which allow for vastly improved performance. In OpenSSL code, the AESNI_CAPABLE macro does the job (feeding on some flags which are set when the library is initialized, using CPUID).

Bottom-line: with EVP, you benefit from the automatic selection of the improved implementation, based on the current CPU model, whereas the non-EVP code directly uses the generic software implementation, which works everywhere, but is slower.

Improve this answer
1
  • 2
    Great input. Thanks. I did read about AES-N1 while googling but did not connect it with what I was seeing. Thank you. Are there more such issues with EVP / non EVP code and where are they documented - I don't see them on openssl page. Once again,t hanks for the input.
    – Ramana
    Commented Apr 29, 2013 at 15:21
5

One more thing to notice:

$ ./openssl speed aes-256-cbc (i.e without EVP API)
Doing aes-256 cbc for 3s on 16 size blocks: 14388425 aes-256 cbc's in 3.00s
$ ./openssl speed -evp AES256
Doing aes-256-cbc for 3s on 16 size blocks: 71299827 aes-256-cbc's in 3.00s

Without EVP API, in 3.00s, processed 14,388,425 (~14M)
With EVP API, in 3.00s, processed 71,299,827 (~71M)

It's obviously processed faster in EVP mode.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .