1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-speed - test library performance 7 8=head1 SYNOPSIS 9 10B<openssl speed> 11[B<-help>] 12[B<-config> I<filename>] 13[B<-elapsed>] 14[B<-evp> I<algo>] 15[B<-hmac> I<algo>] 16[B<-cmac> I<algo>] 17[B<-mb>] 18[B<-aead>] 19[B<-kem-algorithms>] 20[B<-signature-algorithms>] 21[B<-multi> I<num>] 22[B<-async_jobs> I<num>] 23[B<-misalign> I<num>] 24[B<-decrypt>] 25[B<-primes> I<num>] 26[B<-seconds> I<num>] 27[B<-bytes> I<num>] 28[B<-mr>] 29[B<-mlock>] 30[B<-testmode>] 31{- $OpenSSL::safe::opt_r_synopsis -} 32{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} 33[I<algorithm> ...] 34 35=head1 DESCRIPTION 36 37This command is used to test the performance of cryptographic algorithms. 38 39=head1 OPTIONS 40 41=over 4 42 43=item B<-help> 44 45Print out a usage message. 46 47=item B<-config> I<filename> 48 49Specifies the configuration file to use. 50Optional; for a description of the default value, 51see L<openssl(1)/COMMAND SUMMARY>. 52 53=item B<-elapsed> 54 55When calculating operations- or bytes-per-second, use wall-clock time 56instead of CPU user time as divisor. It can be useful when testing speed 57of hardware engines. 58 59=item B<-evp> I<algo> 60 61Use the specified cipher or message digest algorithm via the EVP interface. 62If I<algo> is an AEAD cipher, then you can pass B<-aead> to benchmark a 63TLS-like sequence. And if I<algo> is a multi-buffer capable cipher, e.g. 64aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation. 65 66To see the algorithms supported with this option, use 67C<openssl list -digest-algorithms> or C<openssl list -cipher-algorithms> 68command. 69 70=item B<-multi> I<num> 71 72Run multiple operations in parallel. 73 74=item B<-async_jobs> I<num> 75 76Enable async mode and start specified number of jobs. 77 78=item B<-misalign> I<num> 79 80Misalign the buffers by the specified number of bytes. 81 82=item B<-hmac> I<digest> 83 84Time the HMAC algorithm using the specified message digest. 85 86=item B<-cmac> I<cipher> 87 88Time the CMAC algorithm using the specified cipher e.g. 89C<openssl speed -cmac aes128>. 90 91=item B<-decrypt> 92 93Time the decryption instead of encryption. Affects only the EVP testing. 94 95=item B<-mb> 96 97Enable multi-block mode on EVP-named cipher. 98 99=item B<-aead> 100 101Benchmark EVP-named AEAD cipher in TLS-like sequence. 102 103=item B<-kem-algorithms> 104 105Benchmark KEM algorithms: key generation, encapsulation, decapsulation. 106 107=item B<-signature-algorithms> 108 109Benchmark signature algorithms: key generation, signature, verification. 110 111=item B<-primes> I<num> 112 113Generate a I<num>-prime RSA key and use it to run the benchmarks. This option 114is only effective if RSA algorithm is specified to test. 115 116=item B<-seconds> I<num> 117 118Run benchmarks for I<num> seconds. 119 120=item B<-bytes> I<num> 121 122Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG. 123The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit 124int would be 2147483583 bytes. 125 126=item B<-mr> 127 128Produce the summary in a mechanical, machine-readable, format. 129 130=item B<-mlock> 131 132Lock memory into RAM for more deterministic measurements. 133 134=item B<-testmode> 135 136Runs the speed command in testmode. Runs only 1 iteration of each algorithm test 137regardless of any B<-seconds> value. In the event that any operation fails then 138the speed command will return with a failure result. 139 140{- $OpenSSL::safe::opt_r_item -} 141 142{- $OpenSSL::safe::opt_engine_item -} 143 144{- $OpenSSL::safe::opt_provider_item -} 145 146=item I<algorithm> ... 147 148If any I<algorithm> is given, then those algorithms are tested, otherwise a 149pre-compiled grand selection is tested. 150 151=back 152 153=head1 BUGS 154 155The I<algorithm> can be selected only from a pre-compiled subset of things 156that the C<openssl speed> command knows about. To test any additional digest 157or cipher algorithm supported by OpenSSL use the C<-evp> option. 158 159There is no way to test the speed of any additional public key algorithms 160supported by third party providers with the C<openssl speed> command. 161 162=head1 HISTORY 163 164The B<-engine> option was deprecated in OpenSSL 3.0. 165 166DSA512 was removed in OpenSSL 3.2. 167 168The B<-testmode> option was added in OpenSSL 3.4. 169 170=head1 COPYRIGHT 171 172Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 173 174Licensed under the Apache License 2.0 (the "License"). You may not use 175this file except in compliance with the License. You can obtain a copy 176in the file LICENSE in the source distribution or at 177L<https://www.openssl.org/source/license.html>. 178 179=cut 180
