GitLab

It looks like we're not getting the full benefits of OpenSSL's hardware acceleration support, since the AES_encrypt function does the crypto directly in C or asm (typically asm), rather than redirecting to an engine if one is present.

Whoops!

So, let's fix that.

I believe that it's sufficient to just define USE_OPENSSL_EVP in aes.c. Also, we should really rip out the bits of that file which we don't use -- we're no longer in a position where our fallback implementation is ever a better idea to openssl's.

We should benchmark this change to make sure that it's not a step backwards -- I doubt it is.

Also, we should consider using EVP_ functions for SHA1 and SHA256 when present. For RSA and DH, however, the OpenSSL RSA_ and DH_ functions already know about engines.