Hi, I am struggling setting up aes-in support with Ubuntu 12.04 LTS. I enabled aes in bios. cat /proc/cpuinfo shows the aes flag. #lsmod |grep aes aesni_intel 55664 0 cryptd 20530 1 aesni_intel aes_x86_64 17208 1 aesni_intel shows that the module is loaded. But #openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support shows not the aes engine. My openssl version is #openssl version OpenSSL 1.0.1 14 Mar 2012 Can someone give me a hint what I am doing wrong. Regards, Torland
On 8/15/12, tor-admin <tor-admin@torland.me> wrote:
Hi,
I am struggling setting up aes-in support with Ubuntu 12.04 LTS. I enabled aes in bios. cat /proc/cpuinfo shows the aes flag.
#lsmod |grep aes aesni_intel 55664 0 cryptd 20530 1 aesni_intel aes_x86_64 17208 1 aesni_intel
shows that the module is loaded. But
#openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support
shows not the aes engine. My openssl version is
#openssl version OpenSSL 1.0.1 14 Mar 2012
OpenSSL 1.0.1 uses AES-NI by default if it is available. Robert Ransom
On Wednesday, August 15. 2012, 10:43:05 Robert Ransom wrote:
#openssl version OpenSSL 1.0.1 14 Mar 2012
OpenSSL 1.0.1 uses AES-NI by default if it is available.
Does this mean that the command #openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support does not need to show a line with "(aesni) Intel AES-NI engine" as described here at Torservers: https://www.torservers.net/wiki/setup/server#check_openssl_aes-ni_support Regards, Torland
On 15.08.2012 13:03, tor-admin wrote:
Does this mean that the command
#openssl engine (rsax) RSAX engine support (dynamic) Dynamic engine loading support
does not need to show a line with "(aesni) Intel AES-NI engine" as described here at Torservers: https://www.torservers.net/wiki/setup/server#check_openssl_aes-ni_support
Yes, that is correct. That is what " OpenSSL 1.0.1 does not come with an extra module and should directly support AES-NI. " in the wiki was meant to say. I will revise the section a bit. -- Moritz Bartl https://www.torservers.net/
On Wednesday, August 15. 2012, 14:33:34 Moritz Bartl wrote:
Yes, that is correct. That is what " OpenSSL 1.0.1 does not come with an extra module and should directly support AES-NI. " in the wiki was meant to say. I will revise the section a bit.
Thanks for clarification. I already supposed it because the openssl performance test on my server showed almost the same results as described in the torservers wiki. Regards, Torland
participants (3)
-
Moritz Bartl -
Robert Ransom -
tor-admin