文章目录
- openssl3.2 - exp - openssl speed test
- 概述
- 笔记
- 表面上能列出的算法集合
- 没列出的算法, 有的也支持
- 不支持的算法的例子
- 直接提示算法不支持
- 算法的属性找不到
- 到底哪些算法才是可以测试的算法?
- 那看看哪些算法是支持的?
- 包含支持的算法的名称数组
- 在算法失败的提示处, 将支持的算法全部列出来
- openssl speed支持的算法名称列表
- 如果再不支持, 就是实现没有编译到openssl.exe中来
- 将openssl不支持的算法列出来
- 试试除了禁止的这些算法, 在我们自己找出的列表中, 是否还有不能测试 speed的算法?
- 测试速度的确认
- END
openssl3.2 - exp - openssl speed test
概述
想了解一下openssl执行算法时的数据处理速度.
查资料, openssl本身有测试功能
openssl speed ...
帮助文件 => D:\3rd_prj\crypt\openssl-3.2.0\doc\html\man1\openssl-speed.html
笔记
不是所有的算法都支持, 即使是openssl命令行列出的算法, 只支持一部分, 一些旧的算法不支持(也许是编译开关没打开, 没有包含在openssl实现中)
试了一下, 能用的开关就几个(应该是自己不太会用).
拿aes-128-cbc为例
D:\my_tmp>openssl speed -mlock -seconds 1 -bytes 4096 aes-128-cbc
Doing aes-128-cbc ops for 1s on 4096 size blocks: 571650 aes-128-cbc ops in 1.02s
version: 3.2.0
built on: Sun Feb 25 02:20:27 2024 UTC
options: bn(64,64)
compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MDd /W3 /wd4090 /nologo /Od -DLIBZ=".\\\\my_zlib_1d3.dll" -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"ZLIB" -D"ZLIB_SHARED" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"DEBUG" -D"_DEBUG" -I"D:\\my_dev\\lib\\zlib_1d3"
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x18c07fcef3bfa7eb
The 'numbers' are in 1000s of bytes per second processed.
type 4096 bytes
aes-128-cbc 2305455.66k
参数:
speed : 速度测试
-mlock : 将操作的数据都锁定到内存, 更准确的测量
-bytes : 指定测试的字节数, 只测试这一种, 可以节省测试的时间.
aes-128-cbc : 命令最后才跟算法名称, 这个算法名称不是所有的算法都支持, 要自己去实验. 不支持的算法可能没有包含在openssl实现中.
表面上能列出的算法集合
算法分为摘要算法和加解密/编解码算法, 都可以测试, 不仅仅是测试加解密算法
D:\my_tmp>openssl speed -mlock -seconds 1 -bytes 4096 sha256
Doing sha256 ops for 1s on 4096 size blocks: 370441 sha256 ops in 1.02s
version: 3.2.0
built on: Sun Feb 25 02:20:27 2024 UTC
options: bn(64,64)
compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MDd /W3 /wd4090 /nologo /Od -DLIBZ=".\\\\my_zlib_1d3.dll" -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"ZLIB" -D"ZLIB_SHARED" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"DEBUG" -D"_DEBUG" -I"D:\\my_dev\\lib\\zlib_1d3"
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x18c07fcef3bfa7eb
The 'numbers' are in 1000s of bytes per second processed.
type 4096 bytes
sha256 1493982.85k
D:\my_tmp>openssl --help
help:
Standard commands
...
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 md4 md5
mdc2 rmd160 sha1 sha224
sha256 sha3-224 sha3-256 sha3-384
sha3-512 sha384 sha512 sha512-224
sha512-256 shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc
seed-cfb seed-ecb seed-ofb sm4-cbc
sm4-cfb sm4-ctr sm4-ecb sm4-ofb
zlib
没列出的算法, 有的也支持
D:\my_tmp>openssl speed -mlock -seconds 1 -bytes 4096 rsa
Doing 512 bits private rsa sign ops for 1s: 16417 512 bits private RSA sign ops in 1.00s
Doing 512 bits public rsa verify ops for 1s: 215435 512 bits public RSA verify ops in 1.02s
Doing 512 bits private rsa encrypt ops for 1s: 172143 512 bits public RSA encrypt ops in 1.02s
Doing 512 bits private rsa decrypt ops for 1s: 12117 512 bits private RSA decrypt ops in 1.02s
Doing 1024 bits private rsa sign ops for 1s: 11270 1024 bits private RSA sign ops in 1.00s
Doing 1024 bits public rsa verify ops for 1s: 124565 1024 bits public RSA verify ops in 1.00s
Doing 1024 bits private rsa encrypt ops for 1s: 91879 1024 bits public RSA encrypt ops in 1.02s
Doing 1024 bits private rsa decrypt ops for 1s: 8739 1024 bits private RSA decrypt ops in 1.02s
Doing 2048 bits private rsa sign ops for 1s: 3562 2048 bits private RSA sign ops in 1.00s
Doing 2048 bits public rsa verify ops for 1s: 50896 2048 bits public RSA verify ops in 1.02s
Doing 2048 bits private rsa encrypt ops for 1s: 37205 2048 bits public RSA encrypt ops in 0.91s
Doing 2048 bits private rsa decrypt ops for 1s: 3208 2048 bits private RSA decrypt ops in 1.00s
Doing 3072 bits private rsa sign ops for 1s: 1322 3072 bits private RSA sign ops in 1.02s
Doing 3072 bits public rsa verify ops for 1s: 26106 3072 bits public RSA verify ops in 1.02s
Doing 3072 bits private rsa encrypt ops for 1s: 19136 3072 bits public RSA encrypt ops in 1.00s
Doing 3072 bits private rsa decrypt ops for 1s: 1268 3072 bits private RSA decrypt ops in 1.00s
Doing 4096 bits private rsa sign ops for 1s: 663 4096 bits private RSA sign ops in 1.00s
Doing 4096 bits public rsa verify ops for 1s: 15667 4096 bits public RSA verify ops in 1.00s
Doing 4096 bits private rsa encrypt ops for 1s: 11386 4096 bits public RSA encrypt ops in 1.02s
Doing 4096 bits private rsa decrypt ops for 1s: 606 4096 bits private RSA decrypt ops in 1.00s
Doing 7680 bits private rsa sign ops for 1s: 29 7680 bits private RSA sign ops in 1.00s
Doing 7680 bits public rsa verify ops for 1s: 4071 7680 bits public RSA verify ops in 1.02s
Doing 7680 bits private rsa encrypt ops for 1s: 3020 7680 bits public RSA encrypt ops in 1.02s
Doing 7680 bits private rsa decrypt ops for 1s: 31 7680 bits private RSA decrypt ops in 1.03s
Doing 15360 bits private rsa sign ops for 1s: 7 15360 bits private RSA sign ops in 1.16s
Doing 15360 bits public rsa verify ops for 1s: 855 15360 bits public RSA verify ops in 1.02s
Doing 15360 bits private rsa encrypt ops for 1s: 830 15360 bits public RSA encrypt ops in 1.00s
Doing 15360 bits private rsa decrypt ops for 1s: 6 15360 bits private RSA decrypt ops in 1.02s
version: 3.2.0
built on: Sun Feb 25 02:20:27 2024 UTC
options: bn(64,64)
compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MDd /W3 /wd4090 /nologo /Od -DLIBZ=".\\\\my_zlib_1d3.dll" -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"ZLIB" -D"ZLIB_SHARED" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"DEBUG" -D"_DEBUG" -I"D:\\my_dev\\lib\\zlib_1d3"
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x18c07fcef3bfa7eb
sign verify encrypt decrypt sign/s verify/s encr./s decr./s
rsa 512 bits 0.000061s 0.000005s 0.000006s 0.000084s 16417.0 212120.6 169494.6 11930.6
rsa 1024 bits 0.000089s 0.000008s 0.000011s 0.000116s 11270.0 124565.0 90465.5 8604.6
rsa 2048 bits 0.000281s 0.000020s 0.000024s 0.000312s 3562.0 50113.0 41053.8 3208.0
rsa 3072 bits 0.000768s 0.000039s 0.000052s 0.000789s 1301.7 25704.4 19136.0 1268.0
rsa 4096 bits 0.001508s 0.000064s 0.000089s 0.001650s 663.0 15667.0 11210.8 606.0
rsa 7680 bits 0.034483s 0.000249s 0.000336s 0.033266s 29.0 4008.4 2973.5 30.1
rsa 15360 bits 0.165179s 0.001188s 0.001205s 0.169271s 6.1 841.8 830.0 5.9
不支持的算法的例子
直接提示算法不支持
D:\my_tmp>openssl speed -mlock -seconds 1 -bytes 4096 zlib
speed: Unknown algorithm zlib
算法的属性找不到
这种报错, 可能是算法太旧, 不在openssl的实现中.
D:\my_tmp>openssl speed -mlock -seconds 1 -bytes 4096 bf
version: 3.2.0
built on: Sun Feb 25 02:20:27 2024 UTC
options: bn(64,64)
compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MDd /W3 /wd4090 /nologo /Od -DLIBZ=".\\\\my_zlib_1d3.dll" -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"ZLIB" -D"ZLIB_SHARED" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"DEBUG" -D"_DEBUG" -I"D:\\my_dev\\lib\\zlib_1d3"
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x18c07fcef3bfa7eb
The 'numbers' are in 1000s of bytes per second processed.
type 4096 bytes
blowfish 0.00
98AF0100:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:342:Global default library context, Algorithm (BF-CBC : 15), Properties ()
到底哪些算法才是可以测试的算法?
即使是openssl列出的算法, 也可能不在openssl speed 能测试的算法中.
即使是openssl没列出的算法, 也可能在openssl speed 能测试的算法中. (e.g. rsa就不是一种具体的算法, rsa1024才是具体的算法)
去看看openssl源码, 看看可以测试的算法范围.
openssl实现为 D:\3rd_prj\crypt\openssl-3.2.0\apps\speed.c 中的 speed_main()
变量 int algo_found = 0; 为是否找到了命令行参数指定的算法的标记.
algo_found = 0 为没找到命令行参数指定的speed支持的算法
algo_found = 1 为找到了命令行参数指定的speed支持的算法
如果找了一圈, 都没有参数中指定的算法 algo_found = 0, 就会显示算法没找到的提示.
if (!algo_found) {
BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
goto end;
}
那看看哪些算法是支持的?
用vs2019单步调试openssl工程, 就给一种不存在的算法. e.g. my_cipher
openssl speed -mlock -seconds 1 -bytes 4096 my_cipher
D:\my_tmp>openssl speed -mlock -seconds 1 -bytes 4096 my_cipher
speed: Unknown algorithm my_cipher
就拿这个命令行去单步openssl的源码.
包含支持的算法的名称数组
通过单步找到以下放算法名称的数组
doit_choices
rsa_choices
ffdh_choices
dsa_choices
ecdsa_choices
ecdh_choices
eddsa_choices
sm2_choices
kems_algname kems_algs_len
sigs_algname sigs_algs_len
可以看出, 这些算法名称都是用程序填充的, 和 openssl speed --help 列出的算法并不一致
在算法失败的提示处, 将支持的算法全部列出来
if (!algo_found) {
BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
// 将支持的具体算法全部列出来
// speed.c : speed_main() : 2231 : 算法没找到的提示行
BIO_printf(bio_err, "support algorithm list below :\n");
k = 0;
// doit_choices
BIO_printf(bio_err, "---------- doit_choices ----------\n");
for (i = 0; i < OSSL_NELEM(doit_choices); i++)
{
BIO_printf(bio_err, "%s\n", doit_choices[i].name);
k++;
}
// rsa_choices
BIO_printf(bio_err, "---------- rsa_choices ----------\n");
for (i = 0; i < OSSL_NELEM(rsa_choices); i++)
{
BIO_printf(bio_err, "%s\n", rsa_choices[i].name);
k++;
}
// ffdh_choices
BIO_printf(bio_err, "---------- ffdh_choices ----------\n");
for (i = 0; i < OSSL_NELEM(ffdh_choices); i++)
{
BIO_printf(bio_err, "%s\n", ffdh_choices[i].name);
k++;
}
// dsa_choices
BIO_printf(bio_err, "---------- dsa_choices ----------\n");
for (i = 0; i < OSSL_NELEM(dsa_choices); i++)
{
BIO_printf(bio_err, "%s\n", dsa_choices[i].name);
k++;
}
// ecdsa_choices
BIO_printf(bio_err, "---------- ecdsa_choices ----------\n");
for (i = 0; i < OSSL_NELEM(ecdsa_choices); i++)
{
BIO_printf(bio_err, "%s\n", ecdsa_choices[i].name);
k++;
}
// ecdh_choices
BIO_printf(bio_err, "---------- ecdh_choices ----------\n");
for (i = 0; i < OSSL_NELEM(ecdh_choices); i++)
{
BIO_printf(bio_err, "%s\n", ecdh_choices[i].name);
k++;
}
// eddsa_choices
BIO_printf(bio_err, "---------- eddsa_choices ----------\n");
for (i = 0; i < OSSL_NELEM(eddsa_choices); i++)
{
BIO_printf(bio_err, "%s\n", eddsa_choices[i].name);
k++;
}
// sm2_choices
BIO_printf(bio_err, "---------- sm2_choices ----------\n");
for (i = 0; i < OSSL_NELEM(sm2_choices); i++)
{
BIO_printf(bio_err, "%s\n", sm2_choices[i].name);
k++;
}
// kems_algname kems_algs_len
BIO_printf(bio_err, "---------- kems_algname ----------\n");
for (i = 0; i < kems_algs_len; i++)
{
BIO_printf(bio_err, "%s\n", kems_algname[i]);
k++;
}
// sigs_algname sigs_algs_len
BIO_printf(bio_err, "---------- sigs_algname ----------\n");
for (i = 0; i < sigs_algs_len; i++)
{
BIO_printf(bio_err, "%s\n", sigs_algname[i]);
k++;
}
BIO_printf(bio_err, "---------- END ----------\n");
BIO_printf(bio_err, "openssl speed support total alg counter = %d\n", k);
goto end;
}
openssl speed支持的算法名称列表
将改过的openssl.exe工程编译过, 运行一种openssl speed 不支持的算法, 就能看到支持的算法名称列表
根据运行结果可知, openssl speed 支持的算法一共121种
openssl speed -mlock -seconds 1 -bytes 4096 my_cipher
speed: Unknown algorithm my_cipher
support algorithm list below :
---------- doit_choices ----------
md2
mdc2
md4
md5
hmac
sha1
sha256
sha512
whirlpool
ripemd
rmd160
ripemd160
rc4
des-cbc
des-ede3
aes-128-cbc
aes-192-cbc
aes-256-cbc
camellia-128-cbc
camellia-192-cbc
camellia-256-cbc
rc2-cbc
rc2
rc5-cbc
rc5
idea-cbc
idea
seed-cbc
seed
bf-cbc
blowfish
bf
cast-cbc
cast
cast5
ghash
rand
---------- rsa_choices ----------
rsa512
rsa1024
rsa2048
rsa3072
rsa4096
rsa7680
rsa15360
---------- ffdh_choices ----------
ffdh2048
ffdh3072
ffdh4096
ffdh6144
ffdh8192
---------- dsa_choices ----------
dsa1024
dsa2048
---------- ecdsa_choices ----------
ecdsap160
ecdsap192
ecdsap224
ecdsap256
ecdsap384
ecdsap521
ecdsak163
ecdsak233
ecdsak283
ecdsak409
ecdsak571
ecdsab163
ecdsab233
ecdsab283
ecdsab409
ecdsab571
ecdsabrp256r1
ecdsabrp256t1
ecdsabrp384r1
ecdsabrp384t1
ecdsabrp512r1
ecdsabrp512t1
---------- ecdh_choices ----------
ecdhp160
ecdhp192
ecdhp224
ecdhp256
ecdhp384
ecdhp521
ecdhk163
ecdhk233
ecdhk283
ecdhk409
ecdhk571
ecdhb163
ecdhb233
ecdhb283
ecdhb409
ecdhb571
ecdhbrp256r1
ecdhbrp256t1
ecdhbrp384r1
ecdhbrp384t1
ecdhbrp512r1
ecdhbrp512t1
ecdhx25519
ecdhx448
---------- eddsa_choices ----------
ed25519
ed448
---------- sm2_choices ----------
curveSM2
---------- kems_algname ----------
rsa512
rsa1024
rsa2048
rsa3072
rsa4096
rsa7680
rsa15360
ECP-256
ECP-384
ECP-521
X25519
X448
---------- sigs_algname ----------
rsa512
rsa1024
rsa2048
rsa3072
rsa4096
rsa7680
rsa15360
dsa1024
dsa2048
---------- END ----------
openssl speed support total alg counter = 121
D:\my_dev\my_local_git_prj\study\openSSL\my_openssl_cmd\x64\Debug\my_openssl_cmd.exe (进程 194868)已退出,代码为 1。
要在调试停止时自动关闭控制台,请启用“工具”->“选项”->“调试”->“调试停止时自动关闭控制台”。
按任意键关闭此窗口. . .
如果再不支持, 就是实现没有编译到openssl.exe中来
D:\my_tmp>openssl speed -mlock -seconds 1 -bytes 4096 md2
Doing md2 ops for 1s on 4096 size blocks: md2 error!
FCDF0200:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:342:Global default library context, Algorithm (md2 : 0), Properties (<null>)
version: 3.2.0
built on: Sun Feb 25 02:20:27 2024 UTC
options: bn(64,64)
compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MDd /W3 /wd4090 /nologo /Od -DLIBZ=".\\\\my_zlib_1d3.dll" -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"ZLIB" -D"ZLIB_SHARED" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"DEBUG" -D"_DEBUG" -I"D:\\my_dev\\lib\\zlib_1d3"
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x18c07fcef3bfa7eb
The 'numbers' are in 1000s of bytes per second processed.
type 4096 bytes
md2 0.00
在支持算法中, 找一种不好使的算法. e.g. md2, 运行时报错, 属性取不到.
将openssl不支持的算法列出来
D:\my_tmp>openssl list -disabled
Disabled algorithms:
MD2
RC5
SCTP
SSL3
BROTLI
ZSTD
试试除了禁止的这些算法, 在我们自己找出的列表中, 是否还有不能测试 speed的算法?
将不好使的算法命令行列出来
openssl speed -mlock -seconds 1 -bytes 4096 mdc2 // 不行, 估计也是归类到md2
openssl speed -mlock -seconds 1 -bytes 4096 md4 // 不行, 算法比较旧
whirlpool // 不行
rc4 // err
des-cbc // err
懒得继续手工全部测试完.
反正知道, openssl speed 无法支持所有名义上支持的算法的就行了.
如果不支持, 大概率是因为不是主流的算法(太旧了, 被弃用).
测试速度的确认
The 'numbers' are in 1000s of bytes per second processed. // 处理的“数字”以每秒1000字节为单位
type 4096 bytes
aes-128-cbc 2289343.88k => 2289343.88 * 1000 / 1024 / 1024 = 2183 MB/秒
跟到打印值的实现, 如下
for (testnum = 0; testnum < size_num; testnum++) {
if (results[k][testnum] > 10000 && !mr)
printf(" %11.2fk", results[k][testnum] / 1e3);
else
printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
}
可以看出, 打印出的值是千字节为单位.
所以, 将打印出来的值换成MB/S就如下:
aes-128-cbc 2289343.88k => 2289343.88 * 1000 / 1024 / 1024 = 2183 MB/秒
加密速度还是挺吓人的.
确认了一下1e3就是1000, 没这么用过…
void my_openssl_app()
{
long tmp = 1e3;
printf("1e3 is %ld\n", tmp); // 1e3 is 1000
}
