Am Wed, Feb 16, 2022 at 12:04:16AM +0100 schrieb Niclas Rosenvik: > do you mean that the interface should be > crypt_r(const char *key, const char setting, char * storage, size_t > *storage_len) > where storage can be set to NULL to return the needed storage size in > storage_len?
No. There are two sensible interface contracts here: (1) Verification only, which takes the password and the expected hash and returns a bool. No separate settings necessary as the hash already contains all the necessary parameters. (2) Hashing password, which takes the password and the settings and returns an allocated string with the resulting hash. This is essentially the same interface as crypt(3), but the caller is responsible for free(3) the return value. Given that the goal of the crypt(3) interface is to be slow, optimizing a memory allocation away saves nothing, except making a more complicated interface. Joerg
