From 2355af4ada2adbc0fe2d5f480871453babc35bf3 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <alex.scheel@hashicorp.com>
Date: Wed, 8 Jun 2022 08:57:48 -0400
Subject: [PATCH] Add warning about EA in FIPS mode (#15858)

* Add warning about EA in FIPS mode

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---
 changelog/15858.txt | 3 +++
 command/server.go   | 7 +++++++
 2 files changed, 10 insertions(+)
 create mode 100644 changelog/15858.txt

diff --git a/changelog/15858.txt b/changelog/15858.txt
new file mode 100644
index 000000000000..24f448833347
--- /dev/null
+++ b/changelog/15858.txt
@@ -0,0 +1,3 @@
+```release-note:change
+core/fips: Disable and warn about entropy augmentation in FIPS 140-2 Inside mode
+```
diff --git a/command/server.go b/command/server.go
index 9a0cdb77b891..179a4f112d49 100644
--- a/command/server.go
+++ b/command/server.go
@@ -34,6 +34,7 @@ import (
 	config2 "github.com/hashicorp/vault/command/config"
 	"github.com/hashicorp/vault/command/server"
 	"github.com/hashicorp/vault/helper/builtinplugins"
+	"github.com/hashicorp/vault/helper/constants"
 	"github.com/hashicorp/vault/helper/metricsutil"
 	"github.com/hashicorp/vault/helper/namespace"
 	vaulthttp "github.com/hashicorp/vault/http"
@@ -424,6 +425,12 @@ func (c *ServerCommand) parseConfig() (*server.Config, []configutil.ConfigError,
 			config = config.Merge(current)
 		}
 	}
+
+	if config.Entropy != nil && config.Entropy.Mode == configutil.EntropyAugmentation && constants.IsFIPS() {
+		c.UI.Warn("WARNING: Entropy Augmentation is not supported in FIPS 140-2 Inside mode; disabling from server configuration!\n")
+		config.Entropy = nil
+	}
+
 	return config, configErrors, nil
 }