mirror of
https://gitlab.gnome.org/GNOME/libsecret.git
synced 2024-12-21 20:28:52 +00:00
ac1367056d
The SecretSession protocol uses a weak Diffie-Hellman parameters which are not approved by FIPS. While this is not ideal, the protocol is not designed as a general protection mechanism of data in transit, but just as a safety net against when the dbus-daemon (or dbus-broker) crashes and dumps a core, and thus bumping the protocol to use a larger DH group would be overkill. This patch temporarily disables the FIPS check around the GnuTLS DH API calls to avoid errors. Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
37 lines
996 B
C
37 lines
996 B
C
/*
|
|
* libsecret
|
|
*
|
|
* Copyright (C) 2024 Red Hat, Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as
|
|
* published by the Free Software Foundation; either version 2.1 of
|
|
* the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "config.h"
|
|
|
|
#include "egg-fips.h"
|
|
|
|
#include <gnutls/gnutls.h>
|
|
|
|
EggFipsMode
|
|
egg_fips_get_mode (void)
|
|
{
|
|
return gnutls_fips140_mode_enabled ();
|
|
}
|
|
|
|
void
|
|
egg_fips_set_mode (EggFipsMode mode)
|
|
{
|
|
gnutls_fips140_set_mode (mode, GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
}
|