When using the OpenSSL crypto libraries in C/C++, does the EVP interface automatically support AES-NI hardware acceleration (assuming processor support)? Referring to this, it appears command-line OpenSSL does have support. I was wondering if there were specific function calls that I had to use to take advantage of this support.
For instance, if I use
EVP_EncryptInit_ex(ctx, type, imp, key, iv)
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)
When using the OpenSSL crypto libraries in C/C++, does the EVP interface automatically support AES-NI
EVP_* is the official/supported way to ensure AES-NI is used (if available). In fact, EVP is the only way to access hardware acceleration in general.
EVP_* is also the only way to obtain other hardware accelerations, like engaging Intel's ia32's SHA acceleration under Skylark; ARM's Crypto extensions available in ARMv8; and VIA's ia32 Padlock extensions on their processors.
Using low level AES routines (like
AES_decrypt) are software only-implementations, and they will never use hardware acceleration like AES-NI. Also see Dr. Henson's response on the OpenSSL mailing list at Verify AES-NI use at runtime?.
Related questions are (1) how to determine if AES-NI is being used; and (2) what are the benchmarking results. For that, see How can I check if OpenSSL is support/use the Intel AES-NI?