* NEWS: Add note about FIPS mode. Wording suggested by Roland

McGrath.
author: Alexandre Oliva <aoliva@redhat.com> 2012-10-10 07:06:03 -0300
committer: Alexandre Oliva <aoliva@redhat.com> 2012-10-10 07:06:03 -0300
commit: 89a3ad0b6e7cfd7bc5588e8bbf243e99a0b8562d (patch)
tree: 217f9fa7dd6cb96edd1067c4b754f3d85675bdda
parent: e745142509a427ccb9b14ee94ff24f7f36f7f4b6 (diff)
download: glibc-89a3ad0b6e7cfd7bc5588e8bbf243e99a0b8562d.tar.gz
2 files changed, 11 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 98561a2530..b106e0e83b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2012-10-10  Alexandre Oliva <aoliva@redhat.com>
 
+	* NEWS: Add note about FIPS mode.  Wording suggested by Roland
+	McGrath.
+
+2012-10-10  Alexandre Oliva <aoliva@redhat.com>
+
 	* crypt/crypt-entry.c: Include fips-private.h.
 	(__crypt_r, __crypt): Disable MD5 and DES if FIPS is enabled.
 	* crypt/md5c-test.c (main): Tolerate disabled MD5.
diff --git a/NEWS b/NEWS
index 490e4dca15..4d18638131 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,12 @@ Version 2.17
   the tty file descriptor in /dev/pts or /dev if /proc is not available.  This
   allows creation of chroots without the procfs mounted on /proc.
 
+* The `crypt' function now fails if passed salt bytes that violate the
+  specification for those values.  On Linux, the `crypt' function will
+  consult /proc/sys/crypto/fips_enabled to determine if "FIPS mode" is
+  enabled, and fail on encrypted strings using the MD5 or DES algorithm
+  when the mode is enabled.
+
 
 Version 2.16
author	Alexandre Oliva <aoliva@redhat.com>	2012-10-10 07:06:03 -0300
committer	Alexandre Oliva <aoliva@redhat.com>	2012-10-10 07:06:03 -0300
commit	89a3ad0b6e7cfd7bc5588e8bbf243e99a0b8562d (patch)
tree	217f9fa7dd6cb96edd1067c4b754f3d85675bdda
parent	e745142509a427ccb9b14ee94ff24f7f36f7f4b6 (diff)
download	glibc-89a3ad0b6e7cfd7bc5588e8bbf243e99a0b8562d.tar.gz