[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patches] [PATCH] EGLIBC_CRYPT and EGLIBC_CRYPT_UFC option groups
- To: Maxim Kuvyrkov <maxim@xxxxxxxxxxxxxxxx>
- Subject: Re: [patches] [PATCH] EGLIBC_CRYPT and EGLIBC_CRYPT_UFC option groups
- From: "Joseph S. Myers" <joseph@xxxxxxxxxxxxxxxx>
- Date: Sun, 15 Nov 2009 21:04:37 +0000 (UTC)
On Sun, 15 Nov 2009, Maxim Kuvyrkov wrote:
> > The different algorithms have different salt syntax. If DES support has
> > been disabled, the use of a salt with DES syntax should make crypt return an
> > error rather than doing something with MD5; only a salt starting $1$ should
> > cause MD5 to be used. Will such errors be properly given if DES is disabled
> > with this patch?
>
> Thank you for pointing this out. I've fixed the crypt[_r] functions to fail
> when DES is requested but not available, the fail condition is the same as
> with DES not being available due to export restrictions: result == NULL, errno
> set to ENOSYS.
>
> Both incremental and full updated patches are attached. Any further comments?
This revised patch is OK. I wonder if each algorithm should have its own
option group - I could imagine that many systems would only need one
algorithm - but maybe the others don't take up much space. (Of course
enabling libcrypt but disabling *all* algorithms would be a nonsensical
combination.)
--
Joseph S. Myers
joseph@xxxxxxxxxxxxxxxx