Usage Description

This section describes the precautions for using KAE.

• If you have not purchased a license for the KAE, do not use the KAE to call the corresponding algorithms. Otherwise, the performance of the OpenSSL encryption algorithm may be affected.
• The SM4-XTS mode can be used only in kernel space. For details, see Using KAE to Improve SM4-XTS Algorithm Performance.
• If the packet size is smaller than 2 KB, the SM4 synchronous mode provides higher performance than the SM4 asynchronous mode. Therefore, the synchronous mode is recommended for small-packet scenarios.
• AES has implemented acceleration of software instruction sets on the AArch64 platform. Hardware acceleration has obvious asynchronous performance advantages over OpenSSL in the medium- or large-packet scenario (packet size: 16 KB to 256 KB). In this scenario, hardware acceleration is recommended.
• The compression and decompression algorithms support only the zlib and gzip formats, and the refresh modes Z_NO_FLUSH, Z_SYNC_FLUSH, Z_FULL_FLUSH, and Z_FINISH are supported.
• The SM4 and AES asynchronous modes support the data size of 256 KB or less. If the data size is greater than 256 KB, the synchronous mode is used for calculation.
• The MD5 algorithm cannot prevent collision attacks and is not applicable to security authentication, such as SSL public key authentication or digital signature.
• The SM3 and SM4 algorithms are enabled by default. You can enable or disable the two algorithms in the openssl.cnf file.