Interpreting openssl speed output for rsa with multi option

Question

I am trying to evaluate CPU performance. I have an Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz and ran the following command: openssl speed rsa -multi 12 2>&1 |tee openssl-log.txt and got the following output:

                   sign   verify   sign/s   verify/s
rsa  512 bits 0.000008s 0.000001s 118050.6 1200000.0
rsa 1024 bits 0.000038s 0.000002s  26098.7 451567.0
rsa 2048 bits 0.000239s 0.000007s   4183.6 135606.3
rsa 4096 bits 0.001713s 0.000028s    583.7  35778.4

Can someone please help me understand the output? What does the column sign and verify mean? The docs does not seem to explain much: https://www.openssl.org/docs/apps/speed.html

Thank you in advance.

Answer 1

The code for the speed test is in <openssl>/apps/speed.c.

-multi is a switch for multiple benchmarks in parallel, not multiplications (to remove all confusion). See the comments around line 1145:

#ifndef NO_FORK
    BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
#endif

---

What does the column sign and verify mean?

Sign and verify do just what they say. They time a signing operation and a verify operation with different RSA moduli.

Sign/s and Verify/s are the inversions of Sign and Verify. I.e., 1/0.000008s => 125,000 signs per second.

Here's the code to print the report you are seeing. It starts around line 2450:

#ifndef OPENSSL_NO_RSA
    j=1;
    for (k=0; k<RSA_NUM; k++)
        {
        if (!rsa_doit[k]) continue;
        if (j && !mr)
            {
            printf("%18ssign    verify    sign/s verify/s\n"," ");
            j=0;
            }
        if(mr)
            fprintf(stdout,"+F2:%u:%u:%f:%f\n",
                k,rsa_bits[k],rsa_results[k][0],
                rsa_results[k][1]);
        else
            fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
                rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
                1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
        }
#endif

Finding the code to perform the sign and verify is left as an exercise to the reader ;)

---

have an Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz

Just bike shedding, but be sure to config with enable-ec_nistp_64_gcc_128 if you are using a modern GCC. Using ec_nistp_64_gcc_128 will speed up some operations, such as DH operation, by 2x or 4x.

You need a modern GCC for the __uint128_t. Configure cannot determine if the compiler supports __uint128_t on its own, so it leaves ec_nistp_64_gcc_128 disabled.