{"id":12724,"date":"2019-09-04T09:13:20","date_gmt":"2019-09-04T07:13:20","guid":{"rendered":"https:\/\/daniel.haxx.se\/blog\/?p=12724"},"modified":"2019-09-04T09:13:20","modified_gmt":"2019-09-04T07:13:20","slug":"fips-ready-with-curl","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2019\/09\/04\/fips-ready-with-curl\/","title":{"rendered":"FIPS ready with curl"},"content":{"rendered":"\n

Download wolfSSL fips ready<\/a> (in my case I got wolfssl-4.1.0-gplv3-fips-ready.zip)<\/p>\n\n\n\n

Unzip the source code somewhere suitable<\/p>\n\n\n\n

$ cd $HOME\/src\n$ unzip wolfssl-4.1.0-gplv3-fips-ready.zip\n$ cd wolfssl-4.1.0-gplv3-fips-ready<\/code><\/pre>\n\n\n\n
Build the fips-ready wolfSSL and install it somewhere suitable<\/p>\n\n\n\n
$ .\/configure --prefix=$HOME\/wolfssl-fips --enable-harden --enable-all\n$ make -sj\n$ make install<\/pre>\n\n\n\n
Download curl<\/a>, the normal curl package. (in my case I got curl 7.65.3)<\/p>\n\n\n\n
Unzip the source code somewhere suitable<\/p>\n\n\n\n
$ cd $HOME\/src\n$ unzip curl-7.65.3.zip\n$ cd curl-7.65.3<\/pre>\n\n\n\n
Build curl with the just recently built and installed fips ready wolfSSL version.<\/p>\n\n\n\n
$ LD_LIBRARY_PATH=$HOME\/wolfssl-fips\/lib .\/configure --with-wolfssl=$HOME\/wolfssl-fips --without-ssl\n$ make -sj<\/pre>\n\n\n\n
Now, verify that your new build matches your expectations by:<\/p>\n\n\n\n
$ .\/src\/curl -V<\/pre>\n\n\n\n
It should show that it uses wolfSSL and that all the protocols and  features you want are enabled and present. If not, iterate until it does!<\/p>\n\n\n\n
FIPS Ready<\/a> means that you have included  the FIPS code into your build and that you are operating according to  the FIPS enforced best practices of default entry point, and Power On  Self Test (POST).”<\/p>\n","protected":false},"excerpt":{"rendered":"
Download wolfSSL fips ready (in my case I got wolfssl-4.1.0-gplv3-fips-ready.zip) Unzip the source code somewhere suitable $ cd $HOME\/src $ unzip wolfssl-4.1.0-gplv3-fips-ready.zip $ cd wolfssl-4.1.0-gplv3-fips-ready Build the fips-ready wolfSSL and install it somewhere suitable $ .\/configure –prefix=$HOME\/wolfssl-fips –enable-harden –enable-all $ make -sj $ make install Download curl, the normal curl package. (in my case I … Continue reading FIPS ready with curl<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":12742,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,133,477],"tags":[33,471],"class_list":["post-12724","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-curl","category-security","category-wolfssl","tag-curl-and-libcurl","tag-wolfssl"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/12724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=12724"}],"version-history":[{"count":7,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/12724\/revisions"}],"predecessor-version":[{"id":12741,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/12724\/revisions\/12741"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media\/12742"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=12724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=12724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=12724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}