This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC] FIPS compliance and other crypt(3) improvements
On May 15, 2012, Roland McGrath <roland@hack.frob.com> wrote:
> ENOSYS is the error code for a function that is entirely unimplemented.
It's the only POSIX-documented error code for crypt. That's why I went
with it.
> For this case, ENOTSUP is a better fit.
> - if(s[0] == __data->current_salt[0] && s[1] == __data->current_salt[1])
> - return;
> + if(s0 != __data->current_salt[0] && s1 == __data->current_salt[1])
> + return 0;
> Looks like the first test got inverted.
Eeek! Thanks, fixed.
> Is there any standard or precedent for _SC_CRYPTO_FIPS_ENABLED?
Nope. I came up with it myself. I thought of adding _GNU_ in there
somewhere, and bumping the number way up, as an extension without
conflicts, but I didn't get that far.
> If the only need for it is an internal one
Other userland programs and libraries test FIPS status reading /proc
files directly, but I though they (and any newer programs) could switch
to a more portable interface.
--
Alexandre Oliva, freedom fighter http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist Red Hat Brazil Compiler Engineer