This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] FIPS compliance and other crypt(3) improvements

On May 15, 2012, Roland McGrath <roland@hack.frob.com> wrote:

> ENOSYS is the error code for a function that is entirely unimplemented.

It's the only POSIX-documented error code for crypt.  That's why I went
with it.

> For this case, ENOTSUP is a better fit.

> -  if(s[0] == __data->current_salt[0] && s[1] == __data->current_salt[1])
> -    return;
> +  if(s0 != __data->current_salt[0] && s1 == __data->current_salt[1])
> +    return 0;

> Looks like the first test got inverted.

Eeek!  Thanks, fixed.

> Is there any standard or precedent for _SC_CRYPTO_FIPS_ENABLED?

Nope.  I came up with it myself.  I thought of adding _GNU_ in there
somewhere, and bumping the number way up, as an extension without
conflicts, but I didn't get that far.

> If the only need for it is an internal one

Other userland programs and libraries test FIPS status reading /proc
files directly, but I though they (and any newer programs) could switch
to a more portable interface.

-- 
Alexandre Oliva, freedom fighter    http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]