mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
7ed6de997f
Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
180 lines
4.3 KiB
Plaintext
180 lines
4.3 KiB
Plaintext
=pod
|
|
{- OpenSSL::safe::output_do_not_edit_headers(); -}
|
|
|
|
=head1 NAME
|
|
|
|
openssl-speed - test library performance
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<openssl speed>
|
|
[B<-help>]
|
|
[B<-config> I<filename>]
|
|
[B<-elapsed>]
|
|
[B<-evp> I<algo>]
|
|
[B<-hmac> I<algo>]
|
|
[B<-cmac> I<algo>]
|
|
[B<-mb>]
|
|
[B<-aead>]
|
|
[B<-kem-algorithms>]
|
|
[B<-signature-algorithms>]
|
|
[B<-multi> I<num>]
|
|
[B<-async_jobs> I<num>]
|
|
[B<-misalign> I<num>]
|
|
[B<-decrypt>]
|
|
[B<-primes> I<num>]
|
|
[B<-seconds> I<num>]
|
|
[B<-bytes> I<num>]
|
|
[B<-mr>]
|
|
[B<-mlock>]
|
|
[B<-testmode>]
|
|
{- $OpenSSL::safe::opt_r_synopsis -}
|
|
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
|
|
[I<algorithm> ...]
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This command is used to test the performance of cryptographic algorithms.
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-help>
|
|
|
|
Print out a usage message.
|
|
|
|
=item B<-config> I<filename>
|
|
|
|
Specifies the configuration file to use.
|
|
Optional; for a description of the default value,
|
|
see L<openssl(1)/COMMAND SUMMARY>.
|
|
|
|
=item B<-elapsed>
|
|
|
|
When calculating operations- or bytes-per-second, use wall-clock time
|
|
instead of CPU user time as divisor. It can be useful when testing speed
|
|
of hardware engines.
|
|
|
|
=item B<-evp> I<algo>
|
|
|
|
Use the specified cipher or message digest algorithm via the EVP interface.
|
|
If I<algo> is an AEAD cipher, then you can pass B<-aead> to benchmark a
|
|
TLS-like sequence. And if I<algo> is a multi-buffer capable cipher, e.g.
|
|
aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation.
|
|
|
|
To see the algorithms supported with this option, use
|
|
C<openssl list -digest-algorithms> or C<openssl list -cipher-algorithms>
|
|
command.
|
|
|
|
=item B<-multi> I<num>
|
|
|
|
Run multiple operations in parallel.
|
|
|
|
=item B<-async_jobs> I<num>
|
|
|
|
Enable async mode and start specified number of jobs.
|
|
|
|
=item B<-misalign> I<num>
|
|
|
|
Misalign the buffers by the specified number of bytes.
|
|
|
|
=item B<-hmac> I<digest>
|
|
|
|
Time the HMAC algorithm using the specified message digest.
|
|
|
|
=item B<-cmac> I<cipher>
|
|
|
|
Time the CMAC algorithm using the specified cipher e.g.
|
|
C<openssl speed -cmac aes128>.
|
|
|
|
=item B<-decrypt>
|
|
|
|
Time the decryption instead of encryption. Affects only the EVP testing.
|
|
|
|
=item B<-mb>
|
|
|
|
Enable multi-block mode on EVP-named cipher.
|
|
|
|
=item B<-aead>
|
|
|
|
Benchmark EVP-named AEAD cipher in TLS-like sequence.
|
|
|
|
=item B<-kem-algorithms>
|
|
|
|
Benchmark KEM algorithms: key generation, encapsulation, decapsulation.
|
|
|
|
=item B<-signature-algorithms>
|
|
|
|
Benchmark signature algorithms: key generation, signature, verification.
|
|
|
|
=item B<-primes> I<num>
|
|
|
|
Generate a I<num>-prime RSA key and use it to run the benchmarks. This option
|
|
is only effective if RSA algorithm is specified to test.
|
|
|
|
=item B<-seconds> I<num>
|
|
|
|
Run benchmarks for I<num> seconds.
|
|
|
|
=item B<-bytes> I<num>
|
|
|
|
Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
|
|
The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit
|
|
int would be 2147483583 bytes.
|
|
|
|
=item B<-mr>
|
|
|
|
Produce the summary in a mechanical, machine-readable, format.
|
|
|
|
=item B<-mlock>
|
|
|
|
Lock memory into RAM for more deterministic measurements.
|
|
|
|
=item B<-testmode>
|
|
|
|
Runs the speed command in testmode. Runs only 1 iteration of each algorithm test
|
|
regardless of any B<-seconds> value. In the event that any operation fails then
|
|
the speed command will return with a failure result.
|
|
|
|
{- $OpenSSL::safe::opt_r_item -}
|
|
|
|
{- $OpenSSL::safe::opt_engine_item -}
|
|
|
|
{- $OpenSSL::safe::opt_provider_item -}
|
|
|
|
=item I<algorithm> ...
|
|
|
|
If any I<algorithm> is given, then those algorithms are tested, otherwise a
|
|
pre-compiled grand selection is tested.
|
|
|
|
=back
|
|
|
|
=head1 BUGS
|
|
|
|
The I<algorithm> can be selected only from a pre-compiled subset of things
|
|
that the C<openssl speed> command knows about. To test any additional digest
|
|
or cipher algorithm supported by OpenSSL use the C<-evp> option.
|
|
|
|
There is no way to test the speed of any additional public key algorithms
|
|
supported by third party providers with the C<openssl speed> command.
|
|
|
|
=head1 HISTORY
|
|
|
|
The B<-engine> option was deprecated in OpenSSL 3.0.
|
|
|
|
DSA512 was removed in OpenSSL 3.2.
|
|
|
|
The B<-testmode> option was added in OpenSSL 3.4.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|