Fastest compile (and install) option to test APIs in FIPS case?

Jun Aruga jun.aruga at
Mon Jul 17 14:00:41 UTC 2023

Hello OpenSSL users community,

I would like to know what is the fastest option to test a behavior
calling OpenSSL APIs in the FIPS case. Because it's beneficial when
compiling and installing (if it is needed) many times in the case of
running git-bisect with a script.

I tested the following commands on the openssl/openssl latest master
branch <3d2f96e2c867fa3e79a453639304b70ba0508076> on Fedora Linux 38.
I assumed the commands are fast by building and installing without

$ pwd

./Configure \
  --prefix=$(pwd)/dest \
  --libdir=lib \
  shared \
  enable-fips \
  enable-trace \
  no-docs \
  -O0 -g3 -ggdb3 -gdwarf-5
$ make -j$(nproc)
$ make -j$(nproc) install_sw
$ make -j$(nproc) install_fips

My other questions or notes are
* Is there a way to test the OpenSSL API soon after `make` without
running `make install*`?
* -O0 is faster than without -O1, -O2, -O3 due to no optimization, right?
* I added `enable-trace` and `-O0 -g3 -ggdb3 -gdwarf-5` to debug
practically. But if the options make the build much slower, I can stop
using the options.

Then in my case, I ran a small C program
( to test the

$ cd /home/jaruga/git/report-openssl-fips-ed25519

$ gcc \
  -I "/home/jaruga/git/openssl/dest/include/" \
  -L "/home/jaruga/git/openssl/dest/lib/" \
  -O0 -g3 -ggdb3 -gdwarf-5 \
  -o ed25519 ed25519.c -lcrypto

$ OPENSSL_CONF="$(pwd)/openssl_fips.cnf" \
  OPENSSL_CONF_INCLUDE="/home/jaruga/git/openssl/dest/ssl" \
  OPENSSL_MODULES="/home/jaruga/git/openssl/dest/lib/ossl-modules" \
  LD_LIBRARY_PATH="/home/jaruga/git/openssl/dest/lib" \
  ./ed25519 ed25519_pub.pem

Kind regards,

More information about the openssl-users mailing list