-
Notifications
You must be signed in to change notification settings - Fork 821
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIPS compliancy #23354
Comments
What would be the replacement for the current crypto module? |
I don't know exactly. I am not sure if there is an alternative in the main |
Only |
Hi @pavolloffay. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
Hi @pavolloffay, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you! |
@chlowell I got this reply from our FIPS folks:
|
Sure, that makes sense. What I want to understand is whether this is a static analysis or a runtime problem. Our cert authentication implementation doesn't require applications to call |
Hi @pavolloffay. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
Hi @pavolloffay, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you! |
This is supposed to be a runtime problem. Are you saying that the app importing azure SDK will never cause invoking |
Yes.
😅 Great! Then we have a couple straightforward workarounds:
|
Hi @pavolloffay. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation. |
This is great, thanks :) Would it be possible to deprecate->remove |
Removing it would be a breaking change and that bar is very high, so it's unlikely. In addition, others without FIPS requirements might find value in the helper. |
|
You're quite right, |
Feature Request
Related to #21047
This library depends on x/crypto which does not have FIPS validated crypto algorithms:
Not FIPS compliant: pkcs12.ToPEM() performs a MAC check operation, for which it uses getSafeContents(), which calls verifyMac(), which calls pbkdf(), which is implemented in x/crypto, and thus not FIPS validated.
References:
Would you accept a patch to fix this?
The text was updated successfully, but these errors were encountered: