scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add warning about EA in FIPS mode (#15858)

Browse Source 
* Add warning about EA in FIPS mode

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
Alexander Scheel
2022-06-08 08:57:48 -04:00
committed by GitHub
parent 8eff5a181d
commit 2355af4ada
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/15858.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:change
core/fips: Disable and warn about entropy augmentation in FIPS 140-2 Inside mode
```

7
command/server.go
View File

@@ -34,6 +34,7 @@ import (
config2 "github.com/hashicorp/vault/command/config"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/builtinplugins"
"github.com/hashicorp/vault/helper/constants"
"github.com/hashicorp/vault/helper/metricsutil"
"github.com/hashicorp/vault/helper/namespace"
vaulthttp "github.com/hashicorp/vault/http"
@@ -424,6 +425,12 @@ func (c *ServerCommand) parseConfig() (*server.Config, []configutil.ConfigError,
config = config.Merge(current)
}
}
if config.Entropy != nil && config.Entropy.Mode == configutil.EntropyAugmentation && constants.IsFIPS() {
c.UI.Warn("WARNING: Entropy Augmentation is not supported in FIPS 140-2 Inside mode; disabling from server configuration!\n")
config.Entropy = nil
}
return config, configErrors, nil
}