-
Notifications
You must be signed in to change notification settings - Fork 34
Description
As of writing, we've been asked about macOS FIPS support, but we haven't been asked to provide it. I'm opening this issue to keep track of any interest.
My reading of the internal Microsoft crypto policy is that using OpenSSL on macOS would be considered noncompliant. Instead, the platform-provided CommonCrypto, Security Transforms, and Secure Transport APIs must be used. If I'm wrong, or for anyone looking into this from outside Microsoft, maybe this isn't an issue. In that case, golang-fips/openssl#98 is an effort to make the OpenSSL backend work on macOS (and Windows), although we haven't determined for certain that it will work in microsoft/go releases.
I haven't looked into any of those macOS-provided libraries to see what kind of effort it would take to make a backend for it.