1 files changed, 54 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c
new file mode 100644
index 0000000000..36deda778e
--- /dev/null
+++ b/src/lib/libc/crypt/cryptutil.c
@@ -0,0 +1,54 @@
+/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */
+/*
+ * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <pwd.h>
+#include <errno.h>
+int
+crypt_checkpass(const char *pass, const char *goodhash)
+{
+        char dummy[_PASSWORD_LEN];
+        char *res;
+        if (goodhash == NULL) {
+                /* fake it */
+                bcrypt_newhash(pass, 8, dummy, sizeof(dummy));
+                goto fail;
+        }
+        /* empty password */
+        if (strlen(goodhash) == 0 && strlen(pass) == 0)
+                return 0;
+        if (goodhash[0] == '$' && goodhash[1] == '2') {
+                return bcrypt_checkpass(pass, goodhash);
+        }
+        /* have to do it the hard way */
+        res = crypt(pass, goodhash);
+        if (strlen(res) != strlen(goodhash) ||
+            timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
+                goto fail;
+        }
+        return 0;
+fail:
+        errno = EACCES;
+        return -1;
+}

diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c new file mode 100644 index 0000000000..36deda778e --- /dev/null +++ b/src/lib/libc/crypt/cryptutil.c
@@ -0,0 +1,54 @@
	1	/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */
	2	/*
	3	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17	#include <stdlib.h>
	18	#include <unistd.h>
	19	#include <string.h>
	20	#include <pwd.h>
	21	#include <errno.h>
	22
	23	int
	24	crypt_checkpass(const char pass, const char goodhash)
	25	{
	26	char dummy[_PASSWORD_LEN];
	27	char *res;
	28
	29	if (goodhash == NULL) {
	30	/* fake it */
	31	bcrypt_newhash(pass, 8, dummy, sizeof(dummy));
	32	goto fail;
	33	}
	34
	35	/* empty password */
	36	if (strlen(goodhash) == 0 && strlen(pass) == 0)
	37	return 0;
	38
	39	if (goodhash[0] == '$' && goodhash[1] == '2') {
	40	return bcrypt_checkpass(pass, goodhash);
	41	}
	42
	43	/* have to do it the hard way */
	44	res = crypt(pass, goodhash);
	45	if (strlen(res) != strlen(goodhash) \|\|
	46	timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
	47	goto fail;
	48	}
	49
	50	return 0;
	51	fail:
	52	errno = EACCES;
	53	return -1;
	54	}