Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIPS] Use compliant algorithms in Optimizer #190642

Merged
merged 1 commit into from
Aug 15, 2024
Merged

[FIPS] Use compliant algorithms in Optimizer #190642

merged 1 commit into from
Aug 15, 2024

Conversation

Ikuni17
Copy link
Contributor

@Ikuni17 Ikuni17 commented Aug 15, 2024

Summary

Updates the Optimizer to user FIPS compliant algorithms, otherwise Kibana will crash during startup in development mode. This was originally part of #188887.

@Ikuni17 Ikuni17 added Team:Operations Team label for Operations Team release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting labels Aug 15, 2024
@Ikuni17 Ikuni17 self-assigned this Aug 15, 2024
@Ikuni17 Ikuni17 requested a review from a team as a code owner August 15, 2024 19:38
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-operations (Team:Operations)

@Ikuni17 Ikuni17 mentioned this pull request Aug 15, 2024
Merged
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @Ikuni17

jbudz
jbudz reviewed Aug 15, 2024
View reviewed changes
packages/kbn-optimizer/src/worker/webpack.config.ts
@@ -50,6 +50,7 @@ export function getWebpackConfig(
profile: worker.profileWebpack,

output: {
hashFunction: 'sha1',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do other webpack configs need to be updated? storybooks / kbn-ui-shared-deps-{src,npm}?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unsure about the other configs. During discussions with the Security team, we wanted to avoid as many changes as possible to build/tooling under FIPS mode because it is generally for development. Example NODE_OPTIONS='' yarn kbn bootstrap disables FIPS because some modules use non-compliant algorithms during their own build process , like sharp, and error the whole bootstrap.

So, I think we can leave it for now unless needed. Security will be triaging non-compliant algorithm usage throughout the code base with relevant teams and it will arise then. The other aspect is whenever we get on Webpack 5, it already uses FIPS compliant algorithms.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Were there issues with this config? IIRC it should be development only too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It blocks Kibana from starting in development mode, therefore blocking other teams from fixing FIPS issues in their code.

@Ikuni17 Ikuni17 merged commit 9121cb4 into elastic:main Aug 15, 2024
27 checks passed
@Ikuni17 Ikuni17 deleted the fix/optimizer-fips-compliance branch August 15, 2024 22:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbudz jbudz jbudz approved these changes

Assignees

@Ikuni17 Ikuni17

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Operations Team label for Operations Team v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Ikuni17 @elasticmachine @kibana-ci @jbudz @kibanamachine