libsecret

Cypher_Stack/libsecret

Fork 0

mirror of https://gitlab.gnome.org/GNOME/libsecret.git synced 2024-12-22 04:38:55 +00:00

Commit Graph

Author	SHA1	Message	Date
Daiki Ueno	ac1367056d	session: Tolerate non-approved DH parameter usage in FIPS mode The SecretSession protocol uses a weak Diffie-Hellman parameters which are not approved by FIPS. While this is not ideal, the protocol is not designed as a general protection mechanism of data in transit, but just as a safety net against when the dbus-daemon (or dbus-broker) crashes and dumps a core, and thus bumping the protocol to use a larger DH group would be overkill. This patch temporarily disables the FIPS check around the GnuTLS DH API calls to avoid errors. Signed-off-by: Daiki Ueno <dueno@src.gnome.org>	2024-07-23 06:00:10 +09:00

Author

SHA1

Message

Date

Daiki Ueno

ac1367056d

session: Tolerate non-approved DH parameter usage in FIPS mode

The SecretSession protocol uses a weak Diffie-Hellman parameters which
are not approved by FIPS. While this is not ideal, the protocol is not
designed as a general protection mechanism of data in transit, but
just as a safety net against when the dbus-daemon (or dbus-broker)
crashes and dumps a core, and thus bumping the protocol to use a
larger DH group would be overkill.

This patch temporarily disables the FIPS check around the GnuTLS DH
API calls to avoid errors.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>

2024-07-23 06:00:10 +09:00

1 Commits