Re: crypt_r()?

To: tech-userlevel%NetBSD.org@localhost
Subject: Re: crypt_r()?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Wed, 16 Feb 2022 00:30:30 +0100

Am Wed, Feb 16, 2022 at 12:04:16AM +0100 schrieb Niclas Rosenvik:
> do you mean that the interface should be 
> crypt_r(const char *key, const char setting, char * storage, size_t
> *storage_len)
> where storage can be set to NULL to return the needed storage size in
> storage_len?

No. There are two sensible interface contracts here:

(1) Verification only, which takes the password and the expected hash
and returns a bool. No separate settings necessary as the hash already
contains all the necessary parameters.

(2) Hashing password, which takes the password and the settings and
returns an allocated string with the resulting hash. This is essentially
the same interface as crypt(3), but the caller is responsible for
free(3) the return value. Given that the goal of the crypt(3) interface
is to be slow, optimizing a memory allocation away saves nothing, except
making a more complicated interface.

Joerg

Follow-Ups:
- Re: crypt_r()?
  - From: Mouse
- Re: crypt_r()?
  - From: Jason Thorpe

References:
- crypt_r()?
  - From: Thomas Klausner
- Re: crypt_r()?
  - From: Niclas Rosenvik
- Re: crypt_r()?
  - From: Joerg Sonnenberger
- Re: crypt_r()?
  - From: Niclas Rosenvik

Prev by Date: Re: crypt_r()?
Next by Date: Re: crypt_r()?
Previous by Thread: Re: crypt_r()?
Next by Thread: Re: crypt_r()?
Indexes:

Home | Main Index | Thread Index | Old Index