Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: FIPS Mode and Validation of Crypto Provider? #11658

Closed
ScarletTanager opened this issue Jul 10, 2015 · 2 comments
Closed

crypto: FIPS Mode and Validation of Crypto Provider? #11658

ScarletTanager opened this issue Jul 10, 2015 · 2 comments
Assignees
Milestone

Comments

@ScarletTanager
Copy link

@ScarletTanager ScarletTanager commented Jul 10, 2015

I cannot seem to find much information on using go for a solution required to be compliant with FIPS 140-2. Has any work been done on getting go's native crypto provider validated, and if not, is there any movement/interest in doing so? If not, are there current recommendations for go adopters building solutions which have to comply with FIPS 140-2?

If there were to be interest in moving this forward, I'd love to see an API for putting the provider into FIPS mode, in which any unapproved algorithm (e.g.) would simply be disallowed/disabled/generate an error.

If this is something better proposed on golang-dev, let me know, and I'll close this issue and start a thread there.

@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Jul 10, 2015
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jul 10, 2015

I suppose that if you need certification today, the simplest route is going to be to use cgo to invoke a certified library.

@agl
Copy link
Contributor

@agl agl commented Jul 10, 2015

Go's crypto is not FIPS 140 validated and I'm afraid that there is no possibility of that happening in the future either. I think Ian's suggestion of using cgo to call out to an existing, certified library is probably your best bet. However, we would not be interested in patches to add hook points all over the Go library, so you would need to carry that work yourself.

@agl agl closed this Jul 10, 2015
@mikioh mikioh changed the title FIPS Mode and Validation of Crypto Provider? crypto: FIPS Mode and Validation of Crypto Provider? Jul 11, 2015
@golang golang locked and limited conversation to collaborators Jul 11, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.