Implement FIPSCapable #245
Conversation
qmuntal
requested review from
karianna,
derekparker,
dagood,
mertakman,
gdams and
Copilot
There was a problem hiding this comment.
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
openssl_test.go:146
- The error message 'HasFIPSProvider mismatch' is unclear. It should be updated to 'FIPSCapable mismatch' to better describe the test.
t.Fatalf("HasFIPSProvider mismatch: want %v, got %v", want, got)
Tip: Turn on automatic Copilot reviews for this repository to get quick feedback on every pull request. Learn more
Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more
There was a problem hiding this comment.
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more
When using OpenSSL 3,
openssl.FIPSprove that FIPS mode is enabled by checking that the default properties containfips=yesand that SHA-256 can be fetched with the default properties. This behavior is useful to know if there is an explicit intent to only run in FIPS mode.On the other hand,
openssl.FIPSdoesn't cover the use case of wanting to know whether the provider configured by default is FIPS-capable regardless if the default properties. In fact, most times users don't care about the default properties, they just want to ensure they are running in FIPS mode, aka the default provider is FIPS capable.This PR adds the
openssl.FIPSCapablefunction to cover this new use case.For microsoft/go#1445.