This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] FIPS compliance and other crypt(3) improvements

On May 15, 2012, Roland McGrath <> wrote:

> ENOSYS is the error code for a function that is entirely unimplemented.

It's the only POSIX-documented error code for crypt.  That's why I went
with it.

> For this case, ENOTSUP is a better fit.

> -  if(s[0] == __data->current_salt[0] && s[1] == __data->current_salt[1])
> -    return;
> +  if(s0 != __data->current_salt[0] && s1 == __data->current_salt[1])
> +    return 0;

> Looks like the first test got inverted.

Eeek!  Thanks, fixed.

> Is there any standard or precedent for _SC_CRYPTO_FIPS_ENABLED?

Nope.  I came up with it myself.  I thought of adding _GNU_ in there
somewhere, and bumping the number way up, as an extension without
conflicts, but I didn't get that far.

> If the only need for it is an internal one

Other userland programs and libraries test FIPS status reading /proc
files directly, but I though they (and any newer programs) could switch
to a more portable interface.

Alexandre Oliva, freedom fighter
You must be the change you wish to see in the world. -- Gandhi
Be Free! --   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]