2012-10-10 Alexandre Oliva <aoliva@redhat.com>
+ * NEWS: Add note about FIPS mode. Wording suggested by Roland
+ McGrath.
+
+2012-10-10 Alexandre Oliva <aoliva@redhat.com>
+
* crypt/crypt-entry.c: Include fips-private.h.
(__crypt_r, __crypt): Disable MD5 and DES if FIPS is enabled.
* crypt/md5c-test.c (main): Tolerate disabled MD5.
the tty file descriptor in /dev/pts or /dev if /proc is not available. This
allows creation of chroots without the procfs mounted on /proc.
+* The `crypt' function now fails if passed salt bytes that violate the
+ specification for those values. On Linux, the `crypt' function will
+ consult /proc/sys/crypto/fips_enabled to determine if "FIPS mode" is
+ enabled, and fail on encrypted strings using the MD5 or DES algorithm
+ when the mode is enabled.
+
\f
Version 2.16