/* * This function expects a password and a hash to verify the password against. * The internal implementation is tuned to avoid timing attacks. * * The return value will be -1 in case of errors, zero if the provided password * matches the given hash and greater than zero if no errors are found and the * passwords don't match. * */ int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]) { int ret; char outhash[BCRYPT_HASHSIZE]; ret = bcrypt_hashpw(passwd, hash, outhash); if (ret != 0) return -1; return timing_safe_strcmp(hash, outhash); }
long long bcrypt_check(UDF_INIT *initid, UDF_ARGS *args, char *is_null, char *err) { int ret; char *aux; char chk_hash[BCRYPT_HASHSIZE]; char pass[PASS_MAXLEN+1]; char hash[BCRYPT_HASHSIZE]; /* password */ if (!args->args[0]) { *is_null = 1; return 0; } else { if ((ret = my_str_to_c_str(pass, sizeof(pass), args->args[0], args->lengths[0])) != 0) { *is_null = 1; return 0; } } /* hash */ if (!args->args[1]) { *is_null = 1; return 0; } else { if ((ret = my_str_to_c_str(hash, sizeof(hash), args->args[1], args->lengths[1])) != 0) { *is_null = 1; return 0; } } /* compute password hash */ if ((aux = crypt_rn(pass, hash, chk_hash, BCRYPT_HASHSIZE)) == NULL) { *is_null = 1; return 0; } ret = timing_safe_strcmp(hash, chk_hash); if (ret == 0) { return 1; } else if (ret > 0) { return 0; } else { *is_null = 1; return 0; } }