/*
* This function expects a password and a hash to verify the password against.
* The internal implementation is tuned to avoid timing attacks.
*
* The return value will be -1 in case of errors, zero if the provided password
* matches the given hash and greater than zero if no errors are found and the
* passwords don't match.
*
*/
int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE])
{
int ret;
char outhash[BCRYPT_HASHSIZE];
ret = bcrypt_hashpw(passwd, hash, outhash);
if (ret != 0)
return -1;
return timing_safe_strcmp(hash, outhash);
}
long long bcrypt_check(UDF_INIT *initid, UDF_ARGS *args, char *is_null, char *err) {
int ret;
char *aux;
char chk_hash[BCRYPT_HASHSIZE];
char pass[PASS_MAXLEN+1];
char hash[BCRYPT_HASHSIZE];
/* password */
if (!args->args[0]) {
*is_null = 1;
return 0;
} else {
if ((ret = my_str_to_c_str(pass, sizeof(pass), args->args[0], args->lengths[0])) != 0) {
*is_null = 1;
return 0;
}
}
/* hash */
if (!args->args[1]) {
*is_null = 1;
return 0;
} else {
if ((ret = my_str_to_c_str(hash, sizeof(hash), args->args[1], args->lengths[1])) != 0) {
*is_null = 1;
return 0;
}
}
/* compute password hash */
if ((aux = crypt_rn(pass, hash, chk_hash, BCRYPT_HASHSIZE)) == NULL) {
*is_null = 1;
return 0;
}
ret = timing_safe_strcmp(hash, chk_hash);
if (ret == 0) {
return 1;
} else if (ret > 0) {
return 0;
} else {
*is_null = 1;
return 0;
}
}
