summaryrefslogtreecommitdiffstats
path: root/doc/man1/openssl-speed.pod.in
blob: 83a35bb52b1848fd254c671fa2d4353d83df84aa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
=pod
{- OpenSSL::safe::output_do_not_edit_headers(); -}

=head1 NAME

openssl-speed - test library performance

=head1 SYNOPSIS

B<openssl speed>
[B<-help>]
[B<-config> I<filename>]
[B<-elapsed>]
[B<-evp> I<algo>]
[B<-hmac> I<algo>]
[B<-cmac> I<algo>]
[B<-mb>]
[B<-aead>]
[B<-kem-algorithms>]
[B<-signature-algorithms>]
[B<-multi> I<num>]
[B<-async_jobs> I<num>]
[B<-misalign> I<num>]
[B<-decrypt>]
[B<-primes> I<num>]
[B<-seconds> I<num>]
[B<-bytes> I<num>]
[B<-mr>]
[B<-mlock>]
[B<-testmode>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
[I<algorithm> ...]

=head1 DESCRIPTION

This command is used to test the performance of cryptographic algorithms.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-config> I<filename>

Specifies the configuration file to use.
Optional; for a description of the default value,
see L<openssl(1)/COMMAND SUMMARY>.

=item B<-elapsed>

When calculating operations- or bytes-per-second, use wall-clock time
instead of CPU user time as divisor. It can be useful when testing speed
of hardware engines.

=item B<-evp> I<algo>

Use the specified cipher or message digest algorithm via the EVP interface.
If I<algo> is an AEAD cipher, then you can pass B<-aead> to benchmark a
TLS-like sequence. And if I<algo> is a multi-buffer capable cipher, e.g.
aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation.

To see the algorithms supported with this option, use
C<openssl list -digest-algorithms> or C<openssl list -cipher-algorithms>
command.

=item B<-multi> I<num>

Run multiple operations in parallel.

=item B<-async_jobs> I<num>

Enable async mode and start specified number of jobs.

=item B<-misalign> I<num>

Misalign the buffers by the specified number of bytes.

=item B<-hmac> I<digest>

Time the HMAC algorithm using the specified message digest.

=item B<-cmac> I<cipher>

Time the CMAC algorithm using the specified cipher e.g.
C<openssl speed -cmac aes128>.

=item B<-decrypt>

Time the decryption instead of encryption. Affects only the EVP testing.

=item B<-mb>

Enable multi-block mode on EVP-named cipher.

=item B<-aead>

Benchmark EVP-named AEAD cipher in TLS-like sequence.

=item B<-kem-algorithms>

Benchmark KEM algorithms: key generation, encapsulation, decapsulation.

=item B<-signature-algorithms>

Benchmark signature algorithms: key generation, signature, verification.

=item B<-primes> I<num>

Generate a I<num>-prime RSA key and use it to run the benchmarks. This option
is only effective if RSA algorithm is specified to test.

=item B<-seconds> I<num>

Run benchmarks for I<num> seconds.

=item B<-bytes> I<num>

Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit
int would be 2147483583 bytes.

=item B<-mr>

Produce the summary in a mechanical, machine-readable, format.

=item B<-mlock>

Lock memory into RAM for more deterministic measurements.

=item B<-testmode>

Runs the speed command in testmode. Runs only 1 iteration of each algorithm test
regardless of any B<-seconds> value. In the event that any operation fails then
the speed command will return with a failure result.

{- $OpenSSL::safe::opt_r_item -}

{- $OpenSSL::safe::opt_engine_item -}

{- $OpenSSL::safe::opt_provider_item -}

=item I<algorithm> ...

If any I<algorithm> is given, then those algorithms are tested, otherwise a
pre-compiled grand selection is tested.

=back

=head1 BUGS

The I<algorithm> can be selected only from a pre-compiled subset of things
that the C<openssl speed> command knows about. To test any additional digest
or cipher algorithm supported by OpenSSL use the C<-evp> option.

There is no way to test the speed of any additional public key algorithms
supported by third party providers with the C<openssl speed> command.

=head1 HISTORY

The B<-engine> option was deprecated in OpenSSL 3.0.

DSA512 was removed in OpenSSL 3.2.

The B<-testmode> option was added in OpenSSL 3.4.

=head1 COPYRIGHT

Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut