openssl-speed(1ssl)

—

Options · 24

-help	Print out a usage message.
-configfilename	Specifies the configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).
-elapsed	When calculating operations- or bytes-per-second, use wall-clock time instead of CPU user time as divisor. It can be useful when testing speed of hardware engines.
-evpalgo	To see the algorithms supported with this option, use "openssl list -digest-algorithms" or "openssl list -cipher-algorithms" command.
-multinum	Run multiple operations in parallel.
-async_jobsnum	Enable async mode and start specified number of jobs.
-misalignnum	Misalign the buffers by the specified number of bytes.
-hmacdigest	Time the HMAC algorithm using the specified message digest.
-cmaccipher	Time the CMAC algorithm using the specified cipher e.g. "openssl speed -cmac aes128".
-decrypt	Time the decryption instead of encryption. Affects only the EVP testing.
-mb	Enable multi-block mode on EVP-named cipher.
-aead	Benchmark EVP-named AEAD cipher in TLS-like sequence.
-kem-algorithms	Benchmark KEM algorithms: key generation, encapsulation, decapsulation.
-signature-algorithms	Benchmark signature algorithms: key generation, signature, verification.
-primesnum	Generate a num-prime RSA key and use it to run the benchmarks. This option is only effective if RSA algorithm is specified to test.
-secondsnum	Run benchmarks for num seconds.
-bytesnum	Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG. The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit int would be 2147483583 bytes.
-mr	Produce the summary in a mechanical, machine-readable, format.
-mlock	Lock memory into RAM for more deterministic measurements.
-testmode	Runs the speed command in testmode. Runs only 1 iteration of each algorithm test regardless of any -seconds value. In the event that any operation fails then the speed command will return with a failure result.
-randfiles-writerandfile	See "Random State Options" in openssl(1) for details.
-engineid	See "Engine Options" in openssl(1). This option is deprecated.
-propquerypropq	See "Provider Options" in openssl(1), provider(7), and property(7).
algorithm ...	If any algorithm is given, then those algorithms are tested, otherwise a pre-compiled grand selection is tested.

NAME

openssl-speed - test library performance

openssl speed [-help] [-configfilename] [-elapsed] [-evpalgo] [-hmacalgo] [-cmacalgo] [-mb] [-aead] [-kem-algorithms] [-signature-algorithms] [-multinum] [-async_jobsnum] [-misalignnum] [-decrypt] [-primesnum] [-secondsnum] [-bytesnum] [-mr] [-mlock] [-testmode] [-randfiles] [-writerandfile] [-engineid] [-providername] [-provider-pathpath] [-provparam[name:]key=value] [-propquerypropq] [algorithm ...]

DESCRIPTION

This command is used to test the performance of cryptographic algorithms.

OPTIONS

-help: Print out a usage message.
-configfilename: Specifies the configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).
-elapsed: When calculating operations- or bytes-per-second, use wall-clock time instead of CPU user time as divisor. It can be useful when testing speed of hardware engines.
-evpalgo: To see the algorithms supported with this option, use "openssl list -digest-algorithms" or "openssl list -cipher-algorithms" command.
-multinum: Run multiple operations in parallel.
-async_jobsnum: Enable async mode and start specified number of jobs.
-misalignnum: Misalign the buffers by the specified number of bytes.
-hmacdigest: Time the HMAC algorithm using the specified message digest.
-cmaccipher: Time the CMAC algorithm using the specified cipher e.g. "openssl speed -cmac aes128".
-decrypt: Time the decryption instead of encryption. Affects only the EVP testing.
-mb: Enable multi-block mode on EVP-named cipher.
-aead: Benchmark EVP-named AEAD cipher in TLS-like sequence.
-kem-algorithms: Benchmark KEM algorithms: key generation, encapsulation, decapsulation.
-signature-algorithms: Benchmark signature algorithms: key generation, signature, verification.
-primesnum: Generate a num-prime RSA key and use it to run the benchmarks. This option is only effective if RSA algorithm is specified to test.
-secondsnum: Run benchmarks for num seconds.
-bytesnum: Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG. The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit int would be 2147483583 bytes.
-mr: Produce the summary in a mechanical, machine-readable, format.
-mlock: Lock memory into RAM for more deterministic measurements.
-testmode: Runs the speed command in testmode. Runs only 1 iteration of each algorithm test regardless of any -seconds value. In the event that any operation fails then the speed command will return with a failure result.
-randfiles, -writerandfile: See "Random State Options" in openssl(1) for details.
-engineid: See "Engine Options" in openssl(1). This option is deprecated.
-providername
-provider-pathpath
-provparam[name:]key=value
-propquerypropq: See "Provider Options" in openssl(1), provider(7), and property(7).
algorithm ...: If any algorithm is given, then those algorithms are tested, otherwise a pre-compiled grand selection is tested.

BUGS

The algorithm can be selected only from a pre-compiled subset of things that the "openssl speed" command knows about. To test any additional digest or cipher algorithm supported by OpenSSL use the "-evp" option.

There is no way to test the speed of any additional public key algorithms supported by third party providers with the "openssl speed" command.

HISTORY

The -engine option was deprecated in OpenSSL 3.0.

DSA512 was removed in OpenSSL 3.2.

The -testmode option was added in OpenSSL 3.4.

COPYRIGHT

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.

NAME#

SYNOPSIS#

DESCRIPTION#

OPTIONS#

BUGS#

HISTORY#

COPYRIGHT#