Fastest compile (and install) option to test APIs in FIPS case?
Jun Aruga
jun.aruga at gmail.com
Mon Jul 17 14:00:41 UTC 2023
Hello OpenSSL users community,
I would like to know what is the fastest option to test a behavior
calling OpenSSL APIs in the FIPS case. Because it's beneficial when
compiling and installing (if it is needed) many times in the case of
running git-bisect with a script.
I tested the following commands on the openssl/openssl latest master
branch <3d2f96e2c867fa3e79a453639304b70ba0508076> on Fedora Linux 38.
I assumed the commands are fast by building and installing without
documents.
```
$ pwd
/home/jaruga/git/openssl
./Configure \
--prefix=$(pwd)/dest \
--libdir=lib \
shared \
enable-fips \
enable-trace \
no-docs \
-O0 -g3 -ggdb3 -gdwarf-5
$ make -j$(nproc)
$ make -j$(nproc) install_sw
$ make -j$(nproc) install_fips
```
My other questions or notes are
* Is there a way to test the OpenSSL API soon after `make` without
running `make install*`?
* -O0 is faster than without -O1, -O2, -O3 due to no optimization, right?
* I added `enable-trace` and `-O0 -g3 -ggdb3 -gdwarf-5` to debug
practically. But if the options make the build much slower, I can stop
using the options.
Then in my case, I ran a small C program
(https://github.com/junaruga/report-openssl-fips-ed25519) to test the
OpenSSL APIs.
```
$ cd /home/jaruga/git/report-openssl-fips-ed25519
$ gcc \
-I "/home/jaruga/git/openssl/dest/include/" \
-L "/home/jaruga/git/openssl/dest/lib/" \
-O0 -g3 -ggdb3 -gdwarf-5 \
-o ed25519 ed25519.c -lcrypto
$ OPENSSL_CONF="$(pwd)/openssl_fips.cnf" \
OPENSSL_CONF_INCLUDE="/home/jaruga/git/openssl/dest/ssl" \
OPENSSL_MODULES="/home/jaruga/git/openssl/dest/lib/ossl-modules" \
LD_LIBRARY_PATH="/home/jaruga/git/openssl/dest/lib" \
./ed25519 ed25519_pub.pem
```
Kind regards,
Jun
More information about the openssl-users
mailing list