You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently with go fips toolchain binaries appear to be universal - i.e. on linux, when fips is enabled, openssl fips is attempted, otherwise regular golang crypto is in use.
Specifically, ideally any given project that imports golang.org/x/crypto/sha3 and uses it either directly or via crypto APIs, utilises the regular golang crypto.
I am not sure how to design and implement this, hence opening this issue to explore possibilities.
at the very least I hope that hash registration can be highjacked and prevented overrides using x/crypto when in Fips mode.
The content you are editing has changed. Please copy your edits and refresh the page.
i wonder if sha3 package in golang-fips/openssl is sort of pointless. as really crypto/sha3 should be exposed by the toolchain and golang.org/x/crypto/sha3 should be patched to know how to use it.
Currently with go fips toolchain binaries appear to be universal - i.e. on linux, when fips is enabled, openssl fips is attempted, otherwise regular golang crypto is in use.
With newly contributed SHA3 implementation (microsoft/go-crypto-openssl#58 or golang-fips/openssl#88 ) it would be nice to preserve the same capability for SHA3 imports.
Specifically, ideally any given project that imports
golang.org/x/crypto/sha3
and uses it either directly or via crypto APIs, utilises the regular golang crypto.I am not sure how to design and implement this, hence opening this issue to explore possibilities.
at the very least I hope that hash registration can be highjacked and prevented overrides using x/crypto when in Fips mode.
Tasks
The text was updated successfully, but these errors were encountered: