When talking about this with mulander@ it came out that the docs could
use a touch.
The commit message for the diff that didn't update the docs was:
permit "bcrypt" as an alias for "blowfish". this is, after all, what
99% of the world calls it.
allow just "bcrypt" without params to mean auto-tune ("bcrypt,a").
default remains 8 rounds (for now)
Comments? OK?
Index: lib/libc/crypt/crypt_checkpass.3
===================================================================
RCS file: /cvs/src/lib/libc/crypt/crypt_checkpass.3,v
retrieving revision 1.9
diff -u -p -r1.9 crypt_checkpass.3
--- lib/libc/crypt/crypt_checkpass.3 23 Jul 2015 22:20:02 -0000 1.9
+++ lib/libc/crypt/crypt_checkpass.3 6 Jun 2017 19:06:59 -0000
@@ -58,17 +58,29 @@ The provided
.Fa password
is randomly salted and hashed and stored in
.Fa hash .
+.Fa hash
+must already be allocated, and
+.Fa hashsize
+must contain its size, which cannot be less than 61 bytes.
The
.Fa pref
argument identifies the preferred hashing algorithm and parameters.
+If set to
+.Dv NULL
+it defaults to
+.Dq bcrypt,8 .
Possible values are:
.Bl -tag -width Ds
-.It Dq bcrypt,<rounds>
+.It Dq bcrypt[,<rounds>]
The bcrypt algorithm, where the value of rounds can be between 4 and 31 and
specifies the base 2 logarithm of the number of rounds.
The special rounds value
.Sq a
automatically selects rounds based on system performance.
+This is the default if rounds is omitted.
+.Dq blowfish
+can be used as an alias for
+.Dq bcrypt .
.El
.Sh RETURN VALUES
.Rv -std crypt_checkpass crypt_newhash
@@ -89,7 +101,9 @@ to
.Er EINVAL
if
.Fa pref
-is unsupported.
+is unsupported, or the value of
+.Fa hashsize
+is insufficient.
.Sh SEE ALSO
.Xr crypt 3 ,
.Xr login.conf 5 ,
--
Michal Mazurek
