[CDRIVER-1113] FIPS Compliance on Darwin using Common Crypto Created: 12/Feb/16  Updated: 13/Oct/16  Resolved: 13/Oct/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.5.0

Type: Improvement Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Epic Link: TLS Improvements

 Description   

Our SCRAM-SHA-1 implementation uses raw CC_SHA1() from Darwins Common Crypto.
This is unlikely FIPS compliant (similar to SHA1() in libcrypto is not FIPS compliant).

Not sure if anyone would actually use the driver on FIPS enabled Darwin client, but we should probably look at it.



 Comments   
Comment by Hannes Magnusson [ 13/Oct/16 ]

https://support.apple.com/en-us/HT202877

The OS X Mavericks Cryptographic Modules, Apple OS X CoreCrypto Module v4.0 and Apple OS X CoreCrypto Kernel Module v4.0, require no setup or configuration to be in “FIPS Mode” for FIPS 140-2 compliance on devices running OS X Mavericks v10.9.

I guess it works fine then

Generated at Wed Feb 07 21:11:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.