If you just want to get OpenSSL installed without bothering too much
about the details, here is the short version of how to build and install
OpenSSL. If any of the following steps fails, please consult the
-[Installation in Detail](#installation-in-detail) section below.
+[Installation in Detail](#installation-steps-in-detail) section below.
Building OpenSSL
----------------
--with-zlib-include=DIR
The directory for the location of the zlib include file. This option is only
-necessary if [enable-zlib](#enable-zlib) is used and the include file is not
+necessary if [zlib](#zlib) is used and the include file is not
already on the system include path.
### with-zlib-lib
### egd
Check for an entropy generating daemon.
+This source is ignored by the FIPS provider.
### rdcpu
### librandom
Use librandom (not implemented yet).
+This source is ignored by the FIPS provider.
### none
Disable automatic seeding. This is the default on some operating systems where
no suitable entropy source exists, or no support for it is implemented yet.
+This option is ignored by the FIPS provider.
For more information, see the section [Notes on random number generation][rng]
at the end of this document.
the C++ compiler. If not, the C++ build test will most likely break. As an
alternative, you can use the language specific variables, `CFLAGS` and `CXXFLAGS`.
+### no-bulk
+
+Build only some minimal set of features.
+This is a developer option used internally for CI build tests of the project.
+
### no-capieng
Don't build the CAPI engine.
Don't compile the FIPS provider
+### no-fips-securitychecks
+
+Don't perform FIPS module run-time checks related to enforcement of security
+parameters such as minimum security strength of keys.
+
### enable-fuzz-libfuzzer, enable-fuzz-afl
Build with support for fuzzing using either libfuzzer or AFL.
install_html_docs
Only install the OpenSSL HTML documentation.
+ install_fips
+ Install the FIPS provider module configuration file.
+
list-tests
Prints a list of all the self test names.
possibly after some adjustment.
The `Configurations/` directory contains a lot of examples of such targets.
-The main configuration file is [10-main.conf][], which contains all targets that
+The main configuration file is [10-main.conf], which contains all targets that
are officially supported by the OpenSSL team. Other configuration files contain
targets contributed by other OpenSSL users. The list of targets can be found in
a Perl list `my %targets = ( ... )`.
- [Configurations/README.md](Configurations/README.md)
- [Configurations/README-design.md](Configurations/README-design.md)
-If you need further help, try to search the [openssl-users][] mailing list
-or the [GitHub Issues][] for existing solutions. If you don't find anything,
-you can [raise an issue][] to ask a question yourself.
+If you need further help, try to search the [openssl-users] mailing list
+or the [GitHub Issues] for existing solutions. If you don't find anything,
+you can [raise an issue] to ask a question yourself.
-More about our support resources can be found in the [SUPPORT][] file.
+More about our support resources can be found in the [SUPPORT] file.
### Configuration Errors
read the error message carefully and try to figure out whether you made
a mistake (e.g., by providing a wrong option), or whether the script is
working incorrectly. If you think you encountered a bug, please
-[raise an issue][] on GitHub to file a bug report.
+[raise an issue] on GitHub to file a bug report.
Along with a short description of the bug, please provide the complete
configure command line and the relevant output including the error message.
Compiling parts of OpenSSL with gcc and others with the system compiler will
result in unresolved symbols on some systems.
-If you are still having problems, try to search the [openssl-users][] mailing
-list or the [GitHub Issues][] for existing solutions. If you think you
-encountered an OpenSSL bug, please [raise an issue][] to file a bug report.
+If you are still having problems, try to search the [openssl-users] mailing
+list or the [GitHub Issues] for existing solutions. If you think you
+encountered an OpenSSL bug, please [raise an issue] to file a bug report.
Please take the time to review the existing issues first; maybe the bug was
already reported or has already been fixed.
which can be used to specify a comma separated list of seed methods.
However, in most cases OpenSSL will choose a suitable default method,
so it is not necessary to explicitly provide this option. Note also
-that not all methods are available on all platforms.
+that not all methods are available on all platforms. The FIPS provider will
+silently ignore seed sources that were not validated.
I) On operating systems which provide a suitable randomness source (in
form of a system call or system device), OpenSSL will use the optimal