-
Notifications
You must be signed in to change notification settings - Fork 61
go crypto and BoringCrypto
There are REVERSE MERGE dev.boringcrypto (cdcb4b6) into master commits in golang on May/3, 2022.
BoringCrypto (BoringSSL based crypto) maintained by Google is an open-source, general-purpose cryptographic library that provides FIPS 140–2 approved cryptographic algorithms to serve BoringSSL and other user-space applications.
BoringSSL is Google’s forked version of OpenSSL cryptographic library and BoringSSL is used in all Google website product’s TLS stacks since June 2014 — including Google Android OS and Google Chrome. Google initially forked the OpenSSL code with BoringSSL, but have now formally released Google Tink.
The native go crypto is not FIPS compliant and there are few open proposals to facilitate Go code to meet FIPS requirements. Users can use prominent go compilers/toolsets backed by FIPS validated SSL libraries provided by Google or Redhat which enables Go to bypass the standard library cryptographic routines and instead call into a FIPS 140–2 validated cryptographic library. These toolsets are available as container images, where users can use the same to compile any Go based applications.
Mainly the compatibility issues with new golang sdk.
Go Crypto and Kubernetes — FIPS 140–2 and FedRAMP Compliance