Search

3.3. OpenSSL Intel AES-NI Engine

download PDF
The Intel Advanced Encryption Standard (AES) New Instructions (AES-NI) engine is available for certain Intel processors, and allows for extremely fast hardware encryption and decryption.

Note

For a list of Intel processors that support the AES-NI engine, see: Intel's ARK.
The AES-NI engine is automatically enabled if the detected processor is among the supported ones. To check that the processor is supported, follow the steps below:
  1. Ensure that the processor has the AES instruction set:
    ~]# grep -m1 -o aes /proc/cpuinfo
    aes
    
  2. As root, run the following commands and compare their outputs. Significantly better performance of the latter command indicates that AES-NI is enabled. Note that the outputs below are shortened for brevity:
    ~]# openssl speed aes-128-cbc
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-128 cbc      99696.17k   107792.98k   109961.22k   110559.91k   110742.19k
    
    ~]# openssl speed -evp aes-128-cbc
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    aes-128-cbc     800450.23k   873269.82k   896864.85k   903446.19k   902752.94k
    
To test the speed of OpenSSH you can run a command like the following:
~]# dd if=/dev/zero count=100 bs=1M | ssh -c aes128-cbc localhost "cat >/dev/null"
root@localhost's password: 
100+0 records in
100+0 records out
104857600 bytes (105 MB) copied, 4.81868 s, 21.8 MB/s
See Intel® Advanced Encryption Standard Instructions (AES-NI) for details about the AES-NI engine.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.