The Go 1.24 cryptography packages have been through a heavy refactoring to allow the Go standard library to be FIPS 140-3 compliant. This was done per the proposal #69536: crypto: obtain a FIPS 140-3 validation. The benefit is that the FIPS 140-3 compliant cryptographic module is written in pure Go (and Go assembly) rather than using cgo or syscalls to call into third-party libraries. This is a major leap forward for the Go standard library, and it is a significant milestone for the Go community. Take a look at the Go FIPS 140-3 Compliance for more information.

In Go 1.23, it’s possible to use Go to build a FIPS-compliant application using GOEXPERIMENT=boringcrypto, but it’s not supported for use outside of Google. This works by using cgo to link in the FIPS-certified BoringCrypto library. The cryptography packages then call into BoringCrypto to perform cryptographic operations.

Microsoft Go takes an alternative approach to FIPS compliance: it uses system libraries to perform cryptographic operations. This premise hasn’t changed in Microsoft Go 1.24, and it will continue using OpenSSL on Linux and CNG on Windows. Microsoft Go 1.24 also improves compatibility with Azure Linux and introduces preview support for macOS.

We evaluated changing Microsoft Go to use the new Go FIPS module rather than system libraries. However, we ultimately determined that this approach doesn’t align with Microsoft internal cryptography strategy and policies. We recommend, though, that Go developers requiring FIPS 140-3 compliance use the official Go FIPS module, once it is certified, if it fits their needs.

Here are some more details about what’s changed in Microsoft Go 1.24:

FIPS configuration

The Microsoft Go toolchain has been updated to accept the FIPS-related settings that have been added to the upstream Go toolchain. These new settings are preferred over the old ones, but the old ones are still supported until we remove them in Microsoft Go 1.25.

These are the new environment variable settings:

• GODEBUG=fips140=on (runtime setting) enables the FIPS 140-3 compliant cryptographic module. Supersedes GOFIPS=1, which is now deprecated.
• GODEBUG=fips140=only (runtime setting) acts as on, but panics if a non-FIPS 140-3 compliant algorithm is used. This setting is partially supported in Go 1.24, and will be fully supported in Go 1.25.
• GOFIPS140=latest (build setting) sets GODEBUG=fips140 to on by default. Replaces -tags=requirefips.

To know more about these settings, please refer to the Microsoft Go FIPS documentation.

Note that the Go runtime will automatically enter FIPS mode when running on a FIPS-compliant system, such as Azure Linux or Windows, so you don’t need to set GODEBUG=fips140=on on those systems.

New Platform: macOS support

We are excited to announce that Microsoft Go 1.24 will include preview support for macOS system libraries. The FIPS-certified Common Crypto and CryptoKit libraries are now supported. This means that developers can leverage these libraries to perform cryptographic operations in a FIPS-compliant manner on macOS. The integration ensures that cryptographic functions are executed using the system’s FIPS-certified libraries. To use these libraries, build your macOS application with the systemcrypto goexperiment. This support is currently experimental, and we are working to make it production-ready in Microsoft Go 1.25. Feedback is welcome, so please don’t hesitate to file an issue!

Enhanced Azure Linux 3 support

Azure Linux is a Linux distribution for Microsoft’s cloud infrastructure, edge products and services. One of the key features of Azure Linux is that it is FIPS 140-3 compliant out of the box thanks to using the SCOSSL (SymCrypt provider for OpenSSL) provider.

Microsoft Go 1.24 has been improved to better support third-party OpenSSL providers like SCOSSL. Important fixes were also backported to 1.22 and 1.23. This allows Microsoft Go to take full advantage of the FIPS 140-3 compliant SymCrypt provider on Azure Linux.