AESNI isn't implemented as an engine, so it won't show up as an engine. If you have AESNI in your openssl then it will automatically use it with the right command line switch (-evp)
and will show it when you do a speed test. The output below is from my QAT-capable openssl, but you can see the compiler definition in the output -DAESNI_ASM
compiler: ccache_cc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformatro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/opt/openwrt/x86/master/openwrt/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENBN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -DPIC
Openssl will automatically use AESNI when you use the -evp
option. If you wish to check for sure if it's using openssl then try these two commands
This one should run much faster than the second one:
openssl speed -elapsed -evp aes-128-cbc
This below explicitly disables AESNI and forces a vanilla software only run. OPENSSL_ia32cap is the x86_64 capabilities vector that can be tweaked to enable/disable instruction set extensions
OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
You can clearly see the difference in speed on my machine
root@openwrt:/etc# openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 54073058 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 21815757 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6198768 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 1651775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 210226 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 105253 aes-128-cbc's in 3.00s
OpenSSL 1.1.1k 25 Mar 2021
built on: Sat Mar 27 11:29:08 2021 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/opt/openwrt/x86/master/openwrt/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -DPIC
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 288389.64k 465402.82k 528961.54k 563805.87k 574057.13k 574821.72k
root@openwrt:/etc# OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 18736508 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 5621367 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 1491052 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 378232 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 47467 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 23738 aes-128-cbc's in 3.00s
OpenSSL 1.1.1k 25 Mar 2021
built on: Sat Mar 27 11:29:08 2021 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/opt/openwrt/x86/master/openwrt/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -DPIC
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 99928.04k 119922.50k 127236.44k 129103.19k 129616.55k 129641.13k