Closed ScarletTanager closed 7 years ago
I'm also curious as to whether any testing has been done using Go with a FIPS-enabled OpenSSL library (one with the OpenSSL FIPS module built in)?
@ScarletTanager, I maintain fork at https://github.com/10gen/openssl . It's not up to date, and most of the changes I have are specific to our needs, but we do have a fips.go that I wrote. It's very simple. Of course you're welcome grab that file and give it a try. I wouldn't base anything off of my repo, as I do rebase it from time to time.
And, we do have some basic FIPS mode tests that we run against our software built on this library. They pass for us.
@gabrielrussell I'd be thrilled to get 10gen's necessary changes merged upstream. Let me know what I need to do.
I'll get a pull request together for you in the next couple of days.
Unless I'm mistaken, this module does not wrap the OpenSSL library function for enabling FIPS mode. Since this is the only OpenSSL binding library of which I'm aware for golang, it would be really great to be able to have this function available. For reference:
https://wiki.openssl.org/index.php/FIPS_mode_set%28%29