Skip to content

Comments

Add evp_kdf perftool#72

Closed
andrewkdinh wants to merge 1 commit intoopenssl:mainfrom
andrewkdinh:evp_kdf
Closed

Add evp_kdf perftool#72
andrewkdinh wants to merge 1 commit intoopenssl:mainfrom
andrewkdinh:evp_kdf

Conversation

@andrewkdinh
Copy link
Contributor

Summary

Adds a CLI tool evp_kdf that derives keys from random data with SHA-256 digest.
Runs for 5 seconds and prints the average execution time per computation.

Fixes openssl/project#1839

Features

  • Four modes of operation:
    • evp_shared (default): Use EVP API and allow shared data between computations
    • evp_isolated: Use EVP API and don't allow shared data between computations
    • deprecated_shared: Use legacy API and allow shared data between computations
    • deprecated_isolated: Use legacy API and don't allow shared data between computations
  • Configurable number of times to update
  • Terse output for easier CI automation (-t)
  • Configurable thread count

TODO: Since freeze functionality hasn't been properly added yet (see openssl/project#1834 & openssl/openssl#29433), support for freezing the context store has not been added yet.

Usage

$ ./evp_kdf -h
Usage: evp_kdf [-h] [-t] [-o operation] [-V] thread-count
-h - print this help output
-t - terse output
-o operation - mode of operation. One of [evp_isolated, evp_shared, deprecated_isolated, deprecated_shared] (default: evp_shared)
-V - print version information and exit
thread-count - number of threads

$ ./evp_kdf -o evp_shared 10 # evp_shared operation mode, 10 threads
Average time per computation: 2393.604289us

$ ./evp_kdf -o evp_isolated 10 # now using evp_isolated mode
Average time per computation: 2476.350849us

Findings

Initial results showed that all modes take approximately the same amount of time

@andrewkdinh andrewkdinh marked this pull request as ready for review February 2, 2026 16:53
Copy link
Contributor

@Sashan Sashan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good. the nit I'm pointing out can be ignored.

I think we should also sort out print_help() vs. usage() I would like perftools to consistently use one or the other. but this is yet another PR.

static OSSL_TIME max_time;

size_t *counts = NULL;
int run_err = 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: I think counts and run_err can be also static here.

Sashan pushed a commit that referenced this pull request Feb 4, 2026
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Wed Feb  4 16:11:10 2026
(Merged from #72)
@Sashan
Copy link
Contributor

Sashan commented Feb 4, 2026

changes were merged in, thanks

@Sashan Sashan closed this Feb 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Create perftool for EVP_KDF

4 participants