Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto: FIPS Mode and Validation of Crypto Provider? #11658
I cannot seem to find much information on using go for a solution required to be compliant with FIPS 140-2. Has any work been done on getting go's native crypto provider validated, and if not, is there any movement/interest in doing so? If not, are there current recommendations for go adopters building solutions which have to comply with FIPS 140-2?
If there were to be interest in moving this forward, I'd love to see an API for putting the provider into FIPS mode, in which any unapproved algorithm (e.g.) would simply be disallowed/disabled/generate an error.
If this is something better proposed on golang-dev, let me know, and I'll close this issue and start a thread there.
Go's crypto is not FIPS 140 validated and I'm afraid that there is no possibility of that happening in the future either. I think Ian's suggestion of using cgo to call out to an existing, certified library is probably your best bet. However, we would not be interested in patches to add hook points all over the Go library, so you would need to carry that work yourself.