Re: [go-nuts] Re: Go 1.21 / FIPS

Yes, these questions are specific to the Microsoft fork of Go (and to varying degrees, could apply to other FIPS-focused forks of Go). To repeat from earlier, in case it helps anyone seeing this thread later: > The GOEXPERIMENT=systemcrypto is a feature of the Microsoft fork of Go, not official

Re: [go-nuts] Re: Go 1.21 / FIPS

GOFIPS doesn't appear anywhere in the official Google Go source, AFAICT. And the document at https://github.com/golang/go/blob/release-branch.go1.21/src/crypto/internal/boring/README.md is reasonably clear that simply setting GOEXPERIMENT=boringcrypto is all that is needed using the official Go imp

[go-nuts] Re: Go 1.21 / FIPS

I am using the Microsoft version of Go lang as that is what my work instructed me to use. My only task was to build Grafana using FIPS (or as close to it as i can get). As i mentioned in Microsoft Go 1.20.5 i was able to build using GOEXPERIMENT=opensslcrypto, and GOFIPS=1, but it appears now

[go-nuts] Re: Go 1.21 / FIPS

Hi Michael, Ian's clarification of "support" matches what I meant. In fact, the FIPS features in microsoft/go rely on many of the boringcrypto code changes. We've found it to be a good foundation for our implementation despite not being supported. For background information about FIPS, look fo

Re: [go-nuts] Re: Go 1.21 / FIPS

On Thu, Jul 4, 2024, 4:47 AM Michael Oguidan wrote: > Hi Dagood, > Please can you tell me what FIPS's for? And why we can't use it outside > Google. > You can use GOEXPERIMENT=boringcrypto, as described in the README. However, there is no promise that the Go team will fix any problems you encoun

[go-nuts] Re: Go 1.21 / FIPS

Hi Dagood, Please can you tell me what FIPS's for? And why we can't use it outside Google. On Thursday, July 4, 2024 at 1:45:37 AM UTC dagood wrote: > Hi Devin, > > The FIPS functionality in Go (which, to be clear, is not supported for use > outside of Google) is documented here: > go/src/cryp

[go-nuts] Re: Go 1.21 / FIPS

Hi Devin, The FIPS functionality in Go (which, to be clear, is not supported for use outside of Google) is documented here: go/src/crypto/internal/boring/README.md at release-branch.go1.21 · golang/go (github.com)

[go-nuts] Re: Go 1.21 / FIPS

"wire: err: exit status 2: stderr: panic: FIPS mode requested (environment variable GOFIPS=1) but no supported crypto backend is enabled" The problem could come from the fact that no crypto backend is enabled. So try to solve that first.. On Tuesday, July 2, 2024 at 11:06:25 PM UTC Damien A wrote

[go-nuts] Re: Go 1.21 / FIPS

Michael, I am not fully sure what you mean? Can you elaborate on what you are asking me? I am not really a Go Developer just a Linux Admin who often gets tasked with trying to build packages. On Tuesday, July 2, 2024 at 10:42:06 AM UTC-7 Michael Oguidan wrote: > Hi, > Please can we dig the "cr

[go-nuts] Re: Go 1.21 / FIPS

Hi, Please can we dig the "crypto backend" first to see? On Tuesday, July 2, 2024 at 3:45:40 PM UTC Damien A wrote: > > I have been building Grafana packages previously using Go 1.20.5 on Oracle > Enterprise Linux 9 with the following settings: > > export IMPORTPATH=%{_builddir}/grafana-%{versio