Sign in or sign up before continuing. Don't have an account yet? Register now to get started.

Password/PAT authentication fails in Ubuntu 22.04 FIPS

From omnibus-gitlab!8164 (comment 2555258000)

The FIPS-compliant OpenSSL from canonical enforces a minimum salt length for PBKDF2 hashes to comply with SP800-132 5.1. The salt used in https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/doorkeeper_secret_storing/token/pbkdf2_sha512.rb#L14 is null, and for a good reason. This prevents cloning/pushing using password/PAT authentication.

Proposal

See #548736 (comment 2580119830)

Edited Jun 23, 2025 by 🤖 GitLab Bot 🤖