-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No support for OpenSSL FIPS mode #37
Comments
I'm also curious as to whether any testing has been done using Go with a FIPS-enabled OpenSSL library (one with the OpenSSL FIPS module built in)? |
@ScarletTanager, I maintain fork at https://github.com/10gen/openssl . It's not up to date, and most of the changes I have are specific to our needs, but we do have a fips.go that I wrote. It's very simple. Of course you're welcome grab that file and give it a try. I wouldn't base anything off of my repo, as I do rebase it from time to time. And, we do have some basic FIPS mode tests that we run against our software built on this library. They pass for us. |
@gabrielrussell I'd be thrilled to get 10gen's necessary changes merged upstream. Let me know what I need to do. |
I'll get a pull request together for you in the next couple of days. |
This introduces this file: https://github.com/10gen/openssl/blob/master/fips.go Which was pointed to from this issue: spacemonkeygo#37
Unless I'm mistaken, this module does not wrap the OpenSSL library function for enabling FIPS mode. Since this is the only OpenSSL binding library of which I'm aware for golang, it would be really great to be able to have this function available. For reference:
https://wiki.openssl.org/index.php/FIPS_mode_set%28%29
The text was updated successfully, but these errors were encountered: