Hi,
I am struggling setting up aes-in support with Ubuntu 12.04 LTS. I enabled aes in bios. cat /proc/cpuinfo shows the aes flag.
#lsmod |grep aes aesni_intel 55664 0 cryptd 20530 1 aesni_intel aes_x86_64 17208 1 aesni_intel
shows that the module is loaded. But
#openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support
shows not the aes engine. My openssl version is
#openssl version OpenSSL 1.0.1 14 Mar 2012
Can someone give me a hint what I am doing wrong.
Regards,
Torland
On 8/15/12, tor-admin tor-admin@torland.me wrote:
Hi,
I am struggling setting up aes-in support with Ubuntu 12.04 LTS. I enabled aes in bios. cat /proc/cpuinfo shows the aes flag.
#lsmod |grep aes aesni_intel 55664 0 cryptd 20530 1 aesni_intel aes_x86_64 17208 1 aesni_intel
shows that the module is loaded. But
#openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support
shows not the aes engine. My openssl version is
#openssl version OpenSSL 1.0.1 14 Mar 2012
OpenSSL 1.0.1 uses AES-NI by default if it is available.
Robert Ransom
On Wednesday, August 15. 2012, 10:43:05 Robert Ransom wrote:
#openssl version OpenSSL 1.0.1 14 Mar 2012
OpenSSL 1.0.1 uses AES-NI by default if it is available.
Does this mean that the command
#openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support
does not need to show a line with "(aesni) Intel AES-NI engine" as described here at Torservers: https://www.torservers.net/wiki/setup/server#check_openssl_aes-ni_support
Regards,
Torland
On 15.08.2012 13:03, tor-admin wrote:
Does this mean that the command
#openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support
does not need to show a line with "(aesni) Intel AES-NI engine" as described here at Torservers: https://www.torservers.net/wiki/setup/server#check_openssl_aes-ni_support
Yes, that is correct. That is what " OpenSSL 1.0.1 does not come with an extra module and should directly support AES-NI. " in the wiki was meant to say. I will revise the section a bit.
On Wednesday, August 15. 2012, 14:33:34 Moritz Bartl wrote:
Yes, that is correct. That is what " OpenSSL 1.0.1 does not come with an extra module and should directly support AES-NI. " in the wiki was meant to say. I will revise the section a bit.
Thanks for clarification. I already supposed it because the openssl performance test on my server showed almost the same results as described in the torservers wiki.
Regards,
Torland
tor-relays@lists.torproject.org