This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC] FIPS compliance and other crypt(3) improvements
- From: Alexandre Oliva <aoliva at redhat dot com>
- To: Roland McGrath <roland at hack dot frob dot com>
- Cc: libc-alpha at sources dot redhat dot com
- Date: Tue, 04 Sep 2012 20:22:22 -0300
- Subject: Re: [RFC] FIPS compliance and other crypt(3) improvements
- References: <or8vgtdcmg.fsf@livre.localdomain><20120515171937.D5BA92C08B@topped-with-meat.com><or1umi8iu3.fsf@livre.localdomain><20120518223856.316BB2C08B@topped-with-meat.com><ord35vnopq.fsf@livre.localdomain><20120523235800.8CAF32C0AE@topped-with-meat.com><ortxyqfhj4.fsf@livre.localdomain>
On Jun 5, 2012, Alexandre Oliva <aoliva@redhat.com> wrote:
> Me neither. Exposing any alternate entry point would make room for
> security-related abuses.
> Now, I must confess I'm surprised this FIPS-related restrictions on
> crypt are being seriously considered for glibc. I'd have thought we'd
> privilege POSIX-compliant behavior, pushing FIPS password algorithm
> rejection to code that uses crypt for actual password checking or
> modification, rather than for any code that calls crypt for whatever
> reason (e.g., password crackers).
> I've implemented your other suggestions and fixes, thanks!
Ping?
I've now updated this patchset (fixed a Makefile conflict and the
Makefile name in the ChangeLog entry) and pushed to
lxoliva/crypt-fips-bz811753 (minus ChangeLog entries; they're in git
logs only).
Ok for master?
> for ChangeLog
> 2012-06-05 Alexandre Oliva <aoliva@redhat.com>
> * crypt/crypt-private.h: Include stdbool.h.
> (_ufc_setup_salt_r): Return bool.
> * crypt/crypt-entry.c: Include errno.h.
> (__crypt_r): Return NULL with EINVAL for bad salt.
> * crypt/crypt_util.c (bad_for_salt): New.
> (_ufc_setup_salt_r): Check that salt is long enough and within
> the specified alphabet.
> * crypt/badsalttest.c: New file.
> * Makefile (tests): Add it.
> ($(objpfx)badsalttest): New.
> for ChangeLog
> 2012-06-05 Alexandre Oliva <aoliva@redhat.com>
> * crypt/crypt-entry.c: Include fips-private.h.
> (__crypt_r, __crypt): Disable MD5 and DES if FIPS is enabled.
> * crypt/md5c-test.c (main): Tolerate disabled MD5.
> * sysdeps/unix/sysv/linux/fips-private.h: New file.
> * sysdeps/generic/fips-private.h: New file, dummy fallback.
--
Alexandre Oliva, freedom fighter http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist Red Hat Brazil Compiler Engineer