mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
9710d72b95
Lock the buffers used for throughput measurements into memory. This removes some side effects of paging. Errors from the memory locking functions are ignored since they are not critical to the application. This feature is limited to Linux and Windows. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19091)
159 lines
3.7 KiB
Plaintext
159 lines
3.7 KiB
Plaintext
=pod
|
|
{- OpenSSL::safe::output_do_not_edit_headers(); -}
|
|
|
|
=head1 NAME
|
|
|
|
openssl-speed - test library performance
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<openssl speed>
|
|
[B<-help>]
|
|
[B<-config> I<filename>]
|
|
[B<-elapsed>]
|
|
[B<-evp> I<algo>]
|
|
[B<-hmac> I<algo>]
|
|
[B<-cmac> I<algo>]
|
|
[B<-mb>]
|
|
[B<-aead>]
|
|
[B<-multi> I<num>]
|
|
[B<-async_jobs> I<num>]
|
|
[B<-misalign> I<num>]
|
|
[B<-decrypt>]
|
|
[B<-primes> I<num>]
|
|
[B<-seconds> I<num>]
|
|
[B<-bytes> I<num>]
|
|
[B<-mr>]
|
|
[B<-mlock>]
|
|
{- $OpenSSL::safe::opt_r_synopsis -}
|
|
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
|
|
[I<algorithm> ...]
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This command is used to test the performance of cryptographic algorithms.
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-help>
|
|
|
|
Print out a usage message.
|
|
|
|
=item B<-config> I<filename>
|
|
|
|
Specifies the configuration file to use.
|
|
Optional; for a description of the default value,
|
|
see L<openssl(1)/COMMAND SUMMARY>.
|
|
|
|
=item B<-elapsed>
|
|
|
|
When calculating operations- or bytes-per-second, use wall-clock time
|
|
instead of CPU user time as divisor. It can be useful when testing speed
|
|
of hardware engines.
|
|
|
|
=item B<-evp> I<algo>
|
|
|
|
Use the specified cipher or message digest algorithm via the EVP interface.
|
|
If I<algo> is an AEAD cipher, then you can pass B<-aead> to benchmark a
|
|
TLS-like sequence. And if I<algo> is a multi-buffer capable cipher, e.g.
|
|
aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation.
|
|
|
|
To see the algorithms supported with this option, use
|
|
C<openssl list -digest-algorithms> or C<openssl list -cipher-algorithms>
|
|
command.
|
|
|
|
=item B<-multi> I<num>
|
|
|
|
Run multiple operations in parallel.
|
|
|
|
=item B<-async_jobs> I<num>
|
|
|
|
Enable async mode and start specified number of jobs.
|
|
|
|
=item B<-misalign> I<num>
|
|
|
|
Misalign the buffers by the specified number of bytes.
|
|
|
|
=item B<-hmac> I<digest>
|
|
|
|
Time the HMAC algorithm using the specified message digest.
|
|
|
|
=item B<-cmac> I<cipher>
|
|
|
|
Time the CMAC algorithm using the specified cipher e.g.
|
|
C<openssl speed -cmac aes128>.
|
|
|
|
=item B<-decrypt>
|
|
|
|
Time the decryption instead of encryption. Affects only the EVP testing.
|
|
|
|
=item B<-mb>
|
|
|
|
Enable multi-block mode on EVP-named cipher.
|
|
|
|
=item B<-aead>
|
|
|
|
Benchmark EVP-named AEAD cipher in TLS-like sequence.
|
|
|
|
=item B<-primes> I<num>
|
|
|
|
Generate a I<num>-prime RSA key and use it to run the benchmarks. This option
|
|
is only effective if RSA algorithm is specified to test.
|
|
|
|
=item B<-seconds> I<num>
|
|
|
|
Run benchmarks for I<num> seconds.
|
|
|
|
=item B<-bytes> I<num>
|
|
|
|
Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
|
|
The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit
|
|
int would be 2147483583 bytes.
|
|
|
|
=item B<-mr>
|
|
|
|
Produce the summary in a mechanical, machine-readable, format.
|
|
|
|
=item B<-mlock>
|
|
|
|
Lock memory into RAM for more deterministic measurements.
|
|
|
|
{- $OpenSSL::safe::opt_r_item -}
|
|
|
|
{- $OpenSSL::safe::opt_engine_item -}
|
|
|
|
{- $OpenSSL::safe::opt_provider_item -}
|
|
|
|
=item I<algorithm> ...
|
|
|
|
If any I<algorithm> is given, then those algorithms are tested, otherwise a
|
|
pre-compiled grand selection is tested.
|
|
|
|
=back
|
|
|
|
=head1 BUGS
|
|
|
|
The I<algorithm> can be selected only from a pre-compiled subset of things
|
|
that the C<openssl speed> command knows about. To test any additional digest
|
|
or cipher algorithm supported by OpenSSL use the C<-evp> option.
|
|
|
|
There is no way to test the speed of any additional public key algorithms
|
|
supported by third party providers with the C<openssl speed> command.
|
|
|
|
=head1 HISTORY
|
|
|
|
The B<-engine> option was deprecated in OpenSSL 3.0.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|