Table of Contents
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
There are REVERSE MERGE dev.boringcrypto (cdcb4b6) into master commits in golang on May/3, 2022.
What's boringcrypto?
BoringCrypto (BoringSSL based crypto) maintained by Google is an open-source, general-purpose cryptographic library that provides FIPS 140–2 approved cryptographic algorithms to serve BoringSSL and other user-space applications.
BoringSSL is Google’s forked version of OpenSSL cryptographic library and BoringSSL is used in all Google website product’s TLS stacks since June 2014 — including Google Android OS and Google Chrome. Google initially forked the OpenSSL code with BoringSSL, but have now formally released Google Tink.
The native go crypto is not FIPS compliant and there are few open proposals to facilitate Go code to meet FIPS requirements. Users can use prominent go compilers/toolsets backed by FIPS validated SSL libraries provided by Google or Redhat which enables Go to bypass the standard library cryptographic routines and instead call into a FIPS 140–2 validated cryptographic library. These toolsets are available as container images, where users can use the same to compile any Go based applications.
The impact to this package
Mainly the compatibility issues with new golang sdk.
Reference
Go Crypto and Kubernetes — FIPS 140–2 and FedRAMP Compliance