This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] FIPS compliance and other crypt(3) improvements


> +static const char *tests[][2] = {

Brace on new line, indent appropriately.

>  /*
> + * Return false iff C is in the specified alphabet for crypt salt.
> + */
> +
> +static bool
> +bad_for_salt (c)
> +     char c;

Use a prototype defn.

> +fips_enabled_p (void)
> +{
> +  static enum {

Brace on new line, indent appropriately.

> +* Recognize and enable FIPS mode from Linux's /proc/sys/crypto/fips_enabled,
> +  disabling MD5 and DES crypt algorithms when the mode is enabled.  Reject
> +  out-of-spec salt bytes in DES implementation.

This looks like a log entry more than a NEWS entry.  
A NEWS entry should describe things meaningful to a user:

* The `crypt' function now fails if passed salt bytes that violate the
  specification for those values.  On Linux, the `crypt' function will
  consult /proc/sys/crypto/fips_enabled to determine if "FIPS mode" is
  enabled, and fail on encrypted strings using the MD5 or DES algorithm
  when the mode is enabled.


Thanks,
Roland


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]