{ "content": [ { "type": "text", "text": "# openssl-speed (man)\n\n## NAME\n\nopenssl-speed - test library performance\n\n## SYNOPSIS\n\nopenssl speed [-help] [-elapsed] [-evp algo] [-hmac algo] [-cmac algo] [-mb] [-aead] [-multi\nnum] [-asyncjobs num] [-misalign num] [-decrypt] [-primes num] [-seconds num] [-bytes num]\n[-mr] [-rand files] [-writerand file] [-engine id] [-provider name] [-provider-path path]\n[-propquery propq] [algorithm ...]\n\n## DESCRIPTION\n\nThis command is used to test the performance of cryptographic algorithms.\n\n## TLDR\n\n> Benchmark OpenSSL algorithms.\n\n- Benchmark all available algorithms:\n `openssl speed`\n- Benchmark the most common algorithms:\n `openssl speed {{md5 sha1 sha256 aes rsa}}`\n- Benchmark a specific EVP cipher:\n `openssl speed -evp {{aes-256-cbc}}`\n- Benchmark algorithms for a specific duration (in seconds):\n `openssl speed -seconds {{10}}`\n- Benchmark using wall-clock time instead of CPU user time:\n `openssl speed -elapsed`\n- Output in machine readable format:\n `openssl speed -mr`\n- Benchmark multiple algorithms in parallel using all available CPU cores:\n `openssl speed -multi $(nproc)`\n\n*Source: tldr-pages*\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **OPTIONS** (20 subsections)\n- **BUGS**\n- **HISTORY**\n- **COPYRIGHT**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "openssl-speed", "section": "", "mode": "man", "summary": "openssl-speed - test library performance", "synopsis": "openssl speed [-help] [-elapsed] [-evp algo] [-hmac algo] [-cmac algo] [-mb] [-aead] [-multi\nnum] [-asyncjobs num] [-misalign num] [-decrypt] [-primes num] [-seconds num] [-bytes num]\n[-mr] [-rand files] [-writerand file] [-engine id] [-provider name] [-provider-path path]\n[-propquery propq] [algorithm ...]", "tldr_summary": "Benchmark OpenSSL algorithms.", "tldr_examples": [ { "description": "Benchmark all available algorithms", "command": "openssl speed" }, { "description": "Benchmark the most common algorithms", "command": "openssl speed {{md5 sha1 sha256 aes rsa}}" }, { "description": "Benchmark a specific EVP cipher", "command": "openssl speed -evp {{aes-256-cbc}}" }, { "description": "Benchmark algorithms for a specific duration (in seconds)", "command": "openssl speed -seconds {{10}}" }, { "description": "Benchmark using wall-clock time instead of CPU user time", "command": "openssl speed -elapsed" }, { "description": "Output in machine readable format", "command": "openssl speed -mr" }, { "description": "Benchmark multiple algorithms in parallel using all available CPU cores", "command": "openssl speed -multi $(nproc)" } ], "tldr_source": "official", "flags": [ { "flag": "", "long": null, "arg": null, "description": "Print out a usage message." }, { "flag": "", "long": null, "arg": null, "description": "When calculating operations- or bytes-per-second, use wall-clock time instead of CPU user time as divisor. It can be useful when testing speed of hardware engines." }, { "flag": "", "long": null, "arg": null, "description": "Use the specified cipher or message digest algorithm via the EVP interface. If algo is an AEAD cipher, then you can pass -aead to benchmark a TLS-like sequence. And if algo is a multi-buffer capable cipher, e.g. aes-128-cbc-hmac-sha1, then -mb will time multi- buffer operation. To see the algorithms supported with this option, use \"openssl list -digest-algorithms\" or \"openssl list -cipher-algorithms\" command." }, { "flag": "", "long": null, "arg": null, "description": "Run multiple operations in parallel." }, { "flag": "", "long": null, "arg": null, "description": "Enable async mode and start specified number of jobs." }, { "flag": "", "long": null, "arg": null, "description": "Misalign the buffers by the specified number of bytes." }, { "flag": "", "long": null, "arg": null, "description": "Time the HMAC algorithm using the specified message digest." }, { "flag": "", "long": null, "arg": null, "description": "Time the CMAC algorithm using the specified cipher e.g. \"openssl speed -cmac aes128\"." }, { "flag": "", "long": null, "arg": null, "description": "Time the decryption instead of encryption. Affects only the EVP testing." }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "Benchmark EVP-named AEAD cipher in TLS-like sequence." }, { "flag": "", "long": null, "arg": null, "description": "Generate a num-prime RSA key and use it to run the benchmarks. This option is only effective if RSA algorithm is specified to test." }, { "flag": "", "long": null, "arg": null, "description": "Run benchmarks for num seconds." }, { "flag": "", "long": null, "arg": null, "description": "Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG. The limit on the size of the buffer is INTMAX - 64 bytes, which for a 32-bit int would be 2147483583 bytes." }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "See \"Random State Options\" in openssl(1) for details." }, { "flag": "", "long": null, "arg": null, "description": "See \"Engine Options\" in openssl(1). This option is deprecated." }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "See \"Provider Options\" in openssl(1), provider(7), and property(7). algorithm ... If any algorithm is given, then those algorithms are tested, otherwise a pre-compiled grand selection is tested." } ], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 5, "subsections": [] }, { "name": "DESCRIPTION", "lines": 2, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": "-help", "lines": 2 }, { "name": "-elapsed", "lines": 3 }, { "name": "-evp", "lines": 8 }, { "name": "-multi", "lines": 2 }, { "name": "-async", "lines": 2 }, { "name": "-misalign", "lines": 2 }, { "name": "-hmac", "lines": 2 }, { "name": "-cmac", "lines": 2 }, { "name": "-decrypt", "lines": 2 }, { "name": "-mb", "lines": 1 }, { "name": "-aead", "lines": 2 }, { "name": "-primes", "lines": 3 }, { "name": "-seconds", "lines": 2 }, { "name": "-bytes", "lines": 4 }, { "name": "-mr", "lines": 1 }, { "name": "-rand -writerand", "lines": 2 }, { "name": "-engine", "lines": 2 }, { "name": "-provider", "lines": 1 }, { "name": "-provider-path", "lines": 1 }, { "name": "-propquery", "lines": 6 } ] }, { "name": "BUGS", "lines": 7, "subsections": [] }, { "name": "HISTORY", "lines": 2, "subsections": [] }, { "name": "COPYRIGHT", "lines": 9, "subsections": [] } ], "sections": { "NAME": { "content": "openssl-speed - test library performance\n", "subsections": [] }, "SYNOPSIS": { "content": "openssl speed [-help] [-elapsed] [-evp algo] [-hmac algo] [-cmac algo] [-mb] [-aead] [-multi\nnum] [-asyncjobs num] [-misalign num] [-decrypt] [-primes num] [-seconds num] [-bytes num]\n[-mr] [-rand files] [-writerand file] [-engine id] [-provider name] [-provider-path path]\n[-propquery propq] [algorithm ...]\n", "subsections": [] }, "DESCRIPTION": { "content": "This command is used to test the performance of cryptographic algorithms.\n", "subsections": [] }, "OPTIONS": { "content": "", "subsections": [ { "name": "-help", "content": "Print out a usage message.\n" }, { "name": "-elapsed", "content": "When calculating operations- or bytes-per-second, use wall-clock time instead of CPU user\ntime as divisor. It can be useful when testing speed of hardware engines.\n" }, { "name": "-evp", "content": "Use the specified cipher or message digest algorithm via the EVP interface. If algo is\nan AEAD cipher, then you can pass -aead to benchmark a TLS-like sequence. And if algo is\na multi-buffer capable cipher, e.g. aes-128-cbc-hmac-sha1, then -mb will time multi-\nbuffer operation.\n\nTo see the algorithms supported with this option, use \"openssl list -digest-algorithms\"\nor \"openssl list -cipher-algorithms\" command.\n" }, { "name": "-multi", "content": "Run multiple operations in parallel.\n" }, { "name": "-async", "content": "Enable async mode and start specified number of jobs.\n" }, { "name": "-misalign", "content": "Misalign the buffers by the specified number of bytes.\n" }, { "name": "-hmac", "content": "Time the HMAC algorithm using the specified message digest.\n" }, { "name": "-cmac", "content": "Time the CMAC algorithm using the specified cipher e.g. \"openssl speed -cmac aes128\".\n" }, { "name": "-decrypt", "content": "Time the decryption instead of encryption. Affects only the EVP testing.\n" }, { "name": "-mb", "content": "" }, { "name": "-aead", "content": "Benchmark EVP-named AEAD cipher in TLS-like sequence.\n" }, { "name": "-primes", "content": "Generate a num-prime RSA key and use it to run the benchmarks. This option is only\neffective if RSA algorithm is specified to test.\n" }, { "name": "-seconds", "content": "Run benchmarks for num seconds.\n" }, { "name": "-bytes", "content": "Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG. The limit\non the size of the buffer is INTMAX - 64 bytes, which for a 32-bit int would be\n2147483583 bytes.\n" }, { "name": "-mr", "content": "" }, { "name": "-rand -writerand", "content": "See \"Random State Options\" in openssl(1) for details.\n" }, { "name": "-engine", "content": "See \"Engine Options\" in openssl(1). This option is deprecated.\n" }, { "name": "-provider", "content": "" }, { "name": "-provider-path", "content": "" }, { "name": "-propquery", "content": "See \"Provider Options\" in openssl(1), provider(7), and property(7).\n\nalgorithm ...\nIf any algorithm is given, then those algorithms are tested, otherwise a pre-compiled\ngrand selection is tested.\n" } ] }, "BUGS": { "content": "The algorithm can be selected only from a pre-compiled subset of things that the \"openssl\nspeed\" command knows about. To test any additional digest or cipher algorithm supported by\nOpenSSL use the \"-evp\" option.\n\nThere is no way to test the speed of any additional public key algorithms supported by third\nparty providers with the \"openssl speed\" command.\n", "subsections": [] }, "HISTORY": { "content": "The -engine option was deprecated in OpenSSL 3.0.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-06-02 OPENSSL-SPEED(1SSL)", "subsections": [] } } } }