proposal: crypto/boring: add FIPS() #61757
Comments
|
@golang/security |
seankhliao
added
the
Proposal-Crypto
|
/cc @FiloSottile |
|
This proposal has been added to the active column of the proposals project |
|
We've been trying very hard not to claim that using BoringCrypto gets you FIPS compliance. That's up to you and your compliance department. I'm very reluctant to add a 'FIPS' function that returns true, because it goes against all that cautious messaging. Probably the right answer is to add it to the MS fork and let people use a build tag or something like that to access that bit. |
|
Based on the discussion above, this proposal seems like a likely decline. |
|
Thanks for the answer @rsc. Your arguments are compelling. |
|
No change in consensus, so declined. |
The
crypto/boringpackage currently just exportsfunc Enabled() bool. I propose to add an additional function:When
GOEXPERIMENT=boringcryptois set,boring.FIPS()would always return true, as BoringCrypto is static-linked and its binary is owned by the Go toolchain, so we know for sure that it is FIPS-enabled.The new function would mainly benefit Go forks that provide FIPS support using libraries whose FIPS status can only be known at runtime, e.g. dynamic-linking against OpenSSL or Windows CNG.
One could argue that Go forks can add whatever API they wish, including the one here proposed, but trying to keep source compatibility with upstream Go benefits the whole community. IMO, this particular function is generic enough to deserve a place in
crypto/boring. Would have been nice to have a more generic name for this package, but that's not something that worries me that much for now.Disclaimer: I'm asking this as a maintainer of the Microsoft Go fork, but this API has been requested to us by a fork of our fork: microsoft/go#999. This proposal contains the following use-cases to support adding
FIPS() bool:@rsc
The text was updated successfully, but these errors were encountered: