Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a FIPS-compliant build of Vector #16535

Open
syedriko opened this issue Feb 21, 2023 · 2 comments
Open

Provide a FIPS-compliant build of Vector #16535

syedriko opened this issue Feb 21, 2023 · 2 comments
Labels
domain: releasing Anything related to releasing Vector domain: security Anything related to security type: feature A value-adding code addition that introduce new functionality.

Comments

@syedriko
Copy link
Contributor

syedriko commented Feb 21, 2023
edited
Loading

A note for the community

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Use Cases

Run Vector in a FIPS environment

Attempted Solutions

Hand-built subset of Vector avoiding the dependency on ring while replacing it with OpenSSL. In some cases, patching the crates with a hard dependency on ring with a feature that calls into OpenSSL instead.
OpenSSL needs to be linked to vector as a shared object.

Proposal

Provide a cross-cutting feature that builds vector and its dependencies so that the only crypto implementation used is OpenSSL, linked as a shared object.

References

#8435

Version

No response
@syedriko syedriko added the type: feature A value-adding code addition that introduce new functionality. label Feb 21, 2023
@jszwedko jszwedko added domain: security Anything related to security domain: releasing Anything related to releasing Vector labels Mar 1, 2023
@jszwedko
Copy link
Member

jszwedko commented Mar 7, 2023

We chatted about this some today. We think a next step we can take here is to provide feature flags to build Vector without components that would violate FIPS compliance (like ring). We can then include this in CI to test that no disallowed crates are included. This would be a step towards providing official FIPS-compliant builds by ensuring that others can continue to build at least a subset of Vector to run in FIPS compliant environments.

@syedriko
Copy link
Contributor Author

syedriko commented Mar 8, 2023

Thank you, @jszwedko! That indeed would be a start.

@jszwedko jszwedko mentioned this issue Aug 14, 2023
Closed
@jszwedko jszwedko mentioned this issue Nov 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
domain: releasing Anything related to releasing Vector domain: security Anything related to security type: feature A value-adding code addition that introduce new functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jszwedko @syedriko