This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC] FIPS compliance and other crypt(3) improvements
- From: Andreas Jaeger <aj at suse dot com>
- To: libc-alpha at sourceware dot org
- Date: Wed, 05 Sep 2012 10:27:30 +0200
- Subject: Re: [RFC] FIPS compliance and other crypt(3) improvements
- References: <or8vgtdcmg.fsf@livre.localdomain> <ortxyqfhj4.fsf@livre.localdomain> <orwr094bm9.fsf@livre.localdomain>
On Tuesday, September 04, 2012 20:22:22 Alexandre Oliva wrote:
> On Jun 5, 2012, Alexandre Oliva <aoliva@redhat.com> wrote:
> > Me neither. Exposing any alternate entry point would make room for
> > security-related abuses.
> >
> > Now, I must confess I'm surprised this FIPS-related restrictions on
> > crypt are being seriously considered for glibc. I'd have thought
> > we'd privilege POSIX-compliant behavior, pushing FIPS password
> > algorithm rejection to code that uses crypt for actual password
> > checking or modification, rather than for any code that calls crypt
> > for whatever reason (e.g., password crackers).
> >
> > I've implemented your other suggestions and fixes, thanks!
>
> Ping?
>
> I've now updated this patchset (fixed a Makefile conflict and the
> Makefile name in the ChangeLog entry) and pushed to
> lxoliva/crypt-fips-bz811753 (minus ChangeLog entries; they're in git
> logs only).
>
> Ok for master?
Please post the complete patch set again - and remove the Contributed by
lines you have in the new files:
+ Contributed by Alexandre Oliva <aoliva@redhat.com>, 2012.
We don't add those anymore for new files.
Thanks,
Andreas
-
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126