Increase DEFAULT_PBKDF2_ROUNDS to 100_000 and make it common for all …

…has functions

dirsrvtests/tests/suites/pwp_storage/storage_test.py

@@ -30,10 +30,12 @@
 
 pytestmark = pytest.mark.tier1
 
+PBKDF2_NUM_ITERATIONS_DEFAULT = 100000
+
 PBKDF2_SCHEMES = [
-    ('PBKDF2-SHA1', PBKDF2SHA1Plugin, 70000),
-    ('PBKDF2-SHA256', PBKDF2SHA256Plugin, 30000),
-    ('PBKDF2-SHA512', PBKDF2SHA512Plugin, 10000),
+    ('PBKDF2-SHA1', PBKDF2SHA1Plugin, PBKDF2_NUM_ITERATIONS_DEFAULT),
+    ('PBKDF2-SHA256', PBKDF2SHA256Plugin, PBKDF2_NUM_ITERATIONS_DEFAULT),
+    ('PBKDF2-SHA512', PBKDF2SHA512Plugin, PBKDF2_NUM_ITERATIONS_DEFAULT)
 ]
 
 

src/plugins/pwdchan/src/lib.rs

@@ -9,18 +9,16 @@ use std::sync::atomic::{AtomicUsize, Ordering};
 use std::convert::TryInto;
 use std::os::raw::c_char;
 
-const DEFAULT_PBKDF2_SHA1_ROUNDS: usize = 70_000;
-const DEFAULT_PBKDF2_SHA256_ROUNDS: usize = 30_000;
-const DEFAULT_PBKDF2_SHA512_ROUNDS: usize = 10_000;
+const DEFAULT_PBKDF2_ROUNDS: usize = 100_000;
 const MIN_PBKDF2_ROUNDS: usize = 10_000;
 const MAX_PBKDF2_ROUNDS: usize = 10_000_000;
 
 const PBKDF2_ROUNDS_ATTR: &str = "nsslapd-pwdPBKDF2NumIterations";
 // Each algorithm gets its own atomic counter for thread-safe round configuration
-static PBKDF2_ROUNDS: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA1_ROUNDS);
-static PBKDF2_ROUNDS_SHA1: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA1_ROUNDS);
-static PBKDF2_ROUNDS_SHA256: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA256_ROUNDS);
-static PBKDF2_ROUNDS_SHA512: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA512_ROUNDS);
+static PBKDF2_ROUNDS: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
+static PBKDF2_ROUNDS_SHA1: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
+static PBKDF2_ROUNDS_SHA256: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
+static PBKDF2_ROUNDS_SHA512: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
 
 const PBKDF2_SALT_LEN: usize = 24;
 const PBKDF2_SHA1_EXTRACT: usize = 20;