summaryrefslogtreecommitdiff
path: root/src/crypt
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2012-09-15 03:03:21 -0400
committerRich Felker <dalias@aerifal.cx>2012-09-15 03:03:21 -0400
commitaeaceb1fa89b865eb0bca739da9c450b5a054866 (patch)
tree7fb333d7d9cab1198053973d39b62630d588cfd2 /src/crypt
parent881868382a54b851b37d0b0f5f2d44f77af998a7 (diff)
downloadmusl-aeaceb1fa89b865eb0bca739da9c450b5a054866.tar.gz
musl-aeaceb1fa89b865eb0bca739da9c450b5a054866.tar.bz2
musl-aeaceb1fa89b865eb0bca739da9c450b5a054866.tar.xz
musl-aeaceb1fa89b865eb0bca739da9c450b5a054866.zip
revert low rounds-count limits in crypt hashes
it was determined in discussion that these kind of limits are not sufficient to protect single-threaded servers against denial of service attacks from maliciously large round counts. the time scales simply vary too much; many users will want login passwords with rounds counts on a scale that gives decisecond latency, while highly loaded webservers will need millisecond latency or shorter. still some limit is left in place; the idea is not to protect against attacks, but to avoid the runtime of a single call to crypt being, for all practical purposes, infinite, so that configuration errors can be caught and fixed without bringing down whole systems. these limits are very high, on the order of minute-long runtimes for modest systems.
Diffstat (limited to 'src/crypt')
-rw-r--r--src/crypt/crypt_blowfish.c2
-rw-r--r--src/crypt/crypt_des.c2
-rw-r--r--src/crypt/crypt_sha256.c2
-rw-r--r--src/crypt/crypt_sha512.c2
4 files changed, 4 insertions, 4 deletions
diff --git a/src/crypt/crypt_blowfish.c b/src/crypt/crypt_blowfish.c
index bd37be84..d3f79851 100644
--- a/src/crypt/crypt_blowfish.c
+++ b/src/crypt/crypt_blowfish.c
@@ -625,7 +625,7 @@ static char *BF_crypt(const char *key, const char *setting,
}
count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
- if (count < min || count > 2048 || BF_decode(data.binary.salt, &setting[7], 16)) {
+ if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
return NULL;
}
BF_swap(data.binary.salt, 4);
diff --git a/src/crypt/crypt_des.c b/src/crypt/crypt_des.c
index d7b2b15a..4454a130 100644
--- a/src/crypt/crypt_des.c
+++ b/src/crypt/crypt_des.c
@@ -911,7 +911,7 @@ static char *_crypt_extended_r_uut(const char *_key, const char *_setting, char
return NULL;
count |= value << (i - 1) * 6;
}
- if (!count || count > 262143)
+ if (!count)
return NULL;
for (i = 5, salt = 0; i < 9; i++) {
diff --git a/src/crypt/crypt_sha256.c b/src/crypt/crypt_sha256.c
index 2dc27ee7..076e4b16 100644
--- a/src/crypt/crypt_sha256.c
+++ b/src/crypt/crypt_sha256.c
@@ -172,7 +172,7 @@ static char *to64(char *s, unsigned int u, int n)
#define SALT_MAX 16
#define ROUNDS_DEFAULT 5000
#define ROUNDS_MIN 1000
-#define ROUNDS_MAX 50000
+#define ROUNDS_MAX 9999999
/* hash n bytes of the repeated md message digest */
static void hashmd(struct sha256 *s, unsigned int n, const void *md)
diff --git a/src/crypt/crypt_sha512.c b/src/crypt/crypt_sha512.c
index 2c0de698..0f1de814 100644
--- a/src/crypt/crypt_sha512.c
+++ b/src/crypt/crypt_sha512.c
@@ -193,7 +193,7 @@ static char *to64(char *s, unsigned int u, int n)
#define SALT_MAX 16
#define ROUNDS_DEFAULT 5000
#define ROUNDS_MIN 1000
-#define ROUNDS_MAX 20000
+#define ROUNDS_MAX 9999999
/* hash n bytes of the repeated md message digest */
static void hashmd(struct sha512 *s, unsigned int n, const void *md)