Skip to content

[8.x](backport #42582) feat(fips): disable usage of flowhash/communityid in fips mode #43353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kruskall merged 1 commit into from
Mar 18, 2025
Merged

[8.x](backport #42582) feat(fips): disable usage of flowhash/communityid in fips mode #43353

kruskall merged 1 commit into from
Mar 18, 2025

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Mar 18, 2025

Proposed commit message

In version 1 of the ID, the hash algorithm is SHA1

usage of flowhash fails with the following message when the stdlib is in fips only mode:

crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode

PR hides the communityid usage behind a method which returns an empty string in fips mode, to avoid any potential misuse and better encapsulation.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

This is an automatic backport of pull request #42582 done by [Mergify](https://mergify.com).

@kruskall @mergify
feat(fips): disable usage of flowhash/communityid in fips mode (#42582)
7988b1d 
* feat(fips): disable usage of flowhash/communityid in fips mode

In version 1 of the ID, the hash algorithm is SHA1

usage of flowhash fails with the following message when the stdlib
is in fips only mode:

crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode

* test: skip communityid tests in fips mode

* test: skip communityid tests in fips mode

* fix: resolve compile errors

* lint: fix linter issues

* refactor: add fips noop community implementation

* lint: fix linter issues

(cherry picked from commit 3b00fcb)
@mergify mergify bot added the backport label Mar 18, 2025
@mergify mergify bot requested a review from a team as a code owner March 18, 2025 21:41
@mergify mergify bot requested review from a team as code owners March 18, 2025 21:41
@mergify mergify bot requested review from khushijain21 and leehinman and removed request for a team March 18, 2025 21:41
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Mar 18, 2025
@github-actions github-actions bot added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Mar 18, 2025
@elasticmachine
Copy link
Contributor

elasticmachine commented Mar 18, 2025

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 18, 2025
@kruskall kruskall enabled auto-merge (squash) March 18, 2025 22:35
@kruskall kruskall merged commit 9b6f823 into 8.x Mar 18, 2025
145 checks passed
@kruskall kruskall deleted the mergify/bp/8.x/pr-42582 branch March 18, 2025 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kruskall kruskall kruskall approved these changes

@leehinman leehinman Awaiting requested review from leehinman leehinman was automatically assigned from elastic/elastic-agent-data-plane

@khushijain21 khushijain21 Awaiting requested review from khushijain21 khushijain21 was automatically assigned from elastic/elastic-agent-data-plane

Assignees

@kruskall kruskall

Labels

backport Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticmachine @kruskall