[Swan-dev] heads up; FIPS and AUDIT enabled by default on fedora
Andrew Cagney
andrew.cagney at gmail.com
Fri Jul 24 23:39:30 EEST 2015
FYI,
I've pushed a changes to the build system so that, on fedora like
systems, both FIPS and AUDIT are enabled by default (someone should
double triple confirm this :-).
When building on fedora, and the fedora test machines, you no longer
need to have stuff in Makefile.inc.local enabling those options.
One BTW, I've noticed is that pluto contains code along the lines of:
#ifdef FIPS
int fips_mode()
{
}
#endif
...
#ifdef FIPS
if (fips_mode()) {
do something
} else {
#endif
do something else
#ifdef FIPS
}
#endif
I think it would be better to instead write the code as:
int fips_mode()
{
#ifdef FIPS
something
#else
return 0;
#endif
}
...
if (fips_mode()) {
do something
} else {
do something else
}
so that as many code paths as possible are always exposed to the compiler.
Andrew
PS: I'm wondering if this empties a few Makefile.inc.local files, it
certainly empties mine :-)
More information about the Swan-dev
mailing list