What version of BoringCrypto is used in the dev.boringcrypto branch?
549 views
Skip to first unread message
ancientlore
Apr 6, 2020, 5:00:28 PM4/6/20
to golang-nuts
Hi, we’re needing to use FIPS-validated crypto in a particular deployment. It looks like the dev.boringcrypto branch would meet our needs well. But I’m struggling to verify which BoringCrypto version is actually meant when the Go version is 1.14.1b4. Looking at BoringSSL I’m trying map b4 to a specific validated version like https://boringssl.googlesource.com/boringssl/+/refs/tags/fips-20170615. Does anyone know what the mapping is? i.e. what specifically is version 4 of BoringCrypto?
Thanks,
Mike
Ian Lance Taylor
Apr 6, 2020, 5:46:18 PM4/6/20
to ancientlore, Filippo Valsorda, golang-nuts
[ + filippo ]
> --
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/0b0e1779-1f6c-46fb-b570-bd90a02d6dbd%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/0b0e1779-1f6c-46fb-b570-bd90a02d6dbd%40googlegroups.com.
Filippo Valsorda
Apr 7, 2020, 12:40:52 PM4/7/20
to ancientlore, golang-nuts, Ian Lance Taylor
On Mon, Apr 6, 2020 at 5:45 PM Ian Lance Taylor <ia...@golang.org> wrote:
[ + filippo ]
On Mon, Apr 6, 2020 at 2:00 PM ancientlore <michae...@gmail.com> wrote:
>
> Hi, we’re needing to use FIPS-validated crypto in a particular deployment. It looks like the dev.boringcrypto branch would meet our needs well. But I’m struggling to verify which BoringCrypto version is actually meant when the Go version is 1.14.1b4. Looking at BoringSSL I’m trying map b4 to a specific validated version like https://boringssl.googlesource.com/boringssl/+/refs/tags/fips-20170615. Does anyone know what the mapping is? i.e. what specifically is version 4 of BoringCrypto?
Go 1.14 and earlier ship a module built according to the instructions in certificate 2964, which maps to BoringSSL tag fips-20170615.
Go 1.15 and later will hopefully ship a module built according to the instructions in certificate 3318, which maps to BoringSSL tag fips-20180730.
ancientlore
Apr 7, 2020, 12:52:46 PM4/7/20
to golang-nuts
Thanks so much for the quick reply. I see where that comes from now.
On Tuesday, April 7, 2020 at 12:40:52 PM UTC-4, Filippo Valsorda wrote:
On Mon, Apr 6, 2020 at 5:45 PM Ian Lance Taylor <ia...@golang.org> wrote:
[ + filippo ]
On Mon, Apr 6, 2020 at 2:00 PM ancientlore <micha...@gmail.com> wrote:
>
> Hi, we’re needing to use FIPS-validated crypto in a particular deployment. It looks like the dev.boringcrypto branch would meet our needs well. But I’m struggling to verify which BoringCrypto version is actually meant when the Go version is 1.14.1b4. Looking at BoringSSL I’m trying map b4 to a specific validated version like https://boringssl.googlesource.com/boringssl/+/refs/tags/fips-20170615. Does anyone know what the mapping is? i.e. what specifically is version 4 of BoringCrypto?
Go 1.14 and earlier ship a module built according to the instructions in certificate 2964, which maps to BoringSSL tag fips-20170615.Go 1.15 and later will hopefully ship a module built according to the instructions in certificate 3318, which maps to BoringSSL tag fips-20180730.
> Thanks,
>
> Mike
>
> --
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golan...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages