int crypt_checkpass(const char *pass, const char *goodhash) { char dummy[_PASSWORD_LEN]; if (goodhash == NULL) { /* fake it */ goto fake; } /* empty password */ if (strlen(goodhash) == 0 && strlen(pass) == 0) return 0; if (goodhash[0] == '$' && goodhash[1] == '2') { if (bcrypt_checkpass(pass, goodhash)) goto fail; return 0; } /* unsupported. fake it. */ fake: bcrypt_newhash(pass, 8, dummy, sizeof(dummy)); fail: errno = EACCES; return -1; }
int crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen) { int rv = -1; const char *defaultpref = "blowfish,8"; const char *errstr; int rounds; if (pref == NULL) pref = defaultpref; if (strncmp(pref, "blowfish,", 9) != 0) { errno = EINVAL; goto err; } if (strcmp(pref + 9, "a") == 0) { rounds = bcrypt_autorounds(); } else { rounds = strtonum(pref + 9, 4, 31, &errstr); if (errstr) { errno = EINVAL; goto err; } } rv = bcrypt_newhash(pass, rounds, hash, hashlen); err: return rv; }
int crypt_checkpass(const char *pass, const char *goodhash) { char dummy[_PASSWORD_LEN]; char *res; if (goodhash == NULL) { /* fake it */ bcrypt_newhash(pass, 8, dummy, sizeof(dummy)); goto fail; } /* empty password */ if (strlen(goodhash) == 0 && strlen(pass) == 0) return 0; if (goodhash[0] == '$' && goodhash[1] == '2') { return bcrypt_checkpass(pass, goodhash); } /* have to do it the hard way */ res = crypt(pass, goodhash); if (strlen(res) != strlen(goodhash) || timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) { goto fail; } return 0; fail: errno = EACCES; return -1; }