Is crypto/hmac FIPS compliant?

vijay.pandey · February 26, 2021, 6:18am

Can anyone help me here to clear the confusion regarding golang package crypto/hmac:

Reference: https://golang.org/pkg/crypto/
The below detail is taken from the above referred link which states that HMAC package is FIPS compliant.
“Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as defined in U.S. Federal Information Processing Standards Publication 198.”

While, at the other hand, this link https://kupczynski.info/2019/12/15/fips-golang.html
says that golang crypto package itself is not FIPS compliant. They advocates using BoringSSL, RedHat instead.

I am pretty new to go-lang and need immediate help on this. Please help

Thanks in advance

skillian · February 26, 2021, 11:25pm

I don’t know anything about FIPS or HMAC, but according to the the package documentation you quoted, the Go package implements the algorithm but, according to the screenshot, the implementation is not “verified.”

system · May 27, 2021, 11:25pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.