New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev.boringcrypto: update BoringCrypto module #30158
Comments
/cc @agl |
CC @rsc |
@agl Can we / should we update the reference to 140sp3318.pdf? AFAIK we have not updated the BoringCrypto module itself. (Should we do that when a new validation comes through?) |
Ideally, yes.
The reference should match the BoringCrypto module in use. |
I'll give this a shot for Go 1.14 then. |
Change https://golang.org/cl/218000 mentions this issue: |
… to certificate 3318 Use OPENSSL_malloc for set0 functions as OPENSSL_free now catches us using the libc malloc and aborts. While at it, move the runtime.KeepAlive to the location of the key use. Fixes #30158 Change-Id: I968a98d8974ca5f220e822841beb6c34290eefe9 Reviewed-on: https://go-review.googlesource.com/c/go/+/218000 Reviewed-by: Katie Hockman <katie@golang.org>
Hi @FiloSottile, I see that the new BoringCrypto security policy version sp3318 is planned to be part of Golang 1.15. Did you replace the implementation of Thanks! |
The new BoringCrypto object has landed in dev.boringcrypto. @dorsha I'm not sure I understand the question, could you elaborate in a new issue or by email? I'm filippo at golang. |
(I think this is requesting extra patching out from crypto/tls. NIST has weird names for things, but I suspect that the functions in question are probably |
We are exploring the usage of dev.boringcrypto branches for our compliance needs. The current dev.boringcrypto branches refer the older security policy, sp2964.
What are the plans to update the dev.boringcrypto branches to updated security policies (sp3318 is current)?
Older security policy: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2964.pdf
Current security policy: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3318.pdf
The text was updated successfully, but these errors were encountered: