From d4ec94a31f38774fc39cb6909252841bb071eaa4 Mon Sep 17 00:00:00 2001
From: Simon Pichugin <spichugi@redhat.com>
Date: Thu, 2 Jan 2025 19:02:05 -0800
Subject: [PATCH] Increase DEFAULT_PBKDF2_ROUNDS to 100_000 and make it common
 for all has functions

---
 dirsrvtests/tests/suites/pwp_storage/storage_test.py |  8 +++++---
 src/plugins/pwdchan/src/lib.rs                       | 12 +++++-------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/dirsrvtests/tests/suites/pwp_storage/storage_test.py b/dirsrvtests/tests/suites/pwp_storage/storage_test.py
index 4ee7e896b..6522f7e15 100644
--- a/dirsrvtests/tests/suites/pwp_storage/storage_test.py
+++ b/dirsrvtests/tests/suites/pwp_storage/storage_test.py
@@ -30,10 +30,12 @@
 
 pytestmark = pytest.mark.tier1
 
+PBKDF2_NUM_ITERATIONS_DEFAULT = 100000
+
 PBKDF2_SCHEMES = [
-    ('PBKDF2-SHA1', PBKDF2SHA1Plugin, 70000),
-    ('PBKDF2-SHA256', PBKDF2SHA256Plugin, 30000),
-    ('PBKDF2-SHA512', PBKDF2SHA512Plugin, 10000),
+    ('PBKDF2-SHA1', PBKDF2SHA1Plugin, PBKDF2_NUM_ITERATIONS_DEFAULT),
+    ('PBKDF2-SHA256', PBKDF2SHA256Plugin, PBKDF2_NUM_ITERATIONS_DEFAULT),
+    ('PBKDF2-SHA512', PBKDF2SHA512Plugin, PBKDF2_NUM_ITERATIONS_DEFAULT)
 ]
 
 
diff --git a/src/plugins/pwdchan/src/lib.rs b/src/plugins/pwdchan/src/lib.rs
index acccbabe8..c9a541931 100644
--- a/src/plugins/pwdchan/src/lib.rs
+++ b/src/plugins/pwdchan/src/lib.rs
@@ -9,18 +9,16 @@ use std::sync::atomic::{AtomicUsize, Ordering};
 use std::convert::TryInto;
 use std::os::raw::c_char;
 
-const DEFAULT_PBKDF2_SHA1_ROUNDS: usize = 70_000;
-const DEFAULT_PBKDF2_SHA256_ROUNDS: usize = 30_000;
-const DEFAULT_PBKDF2_SHA512_ROUNDS: usize = 10_000;
+const DEFAULT_PBKDF2_ROUNDS: usize = 100_000;
 const MIN_PBKDF2_ROUNDS: usize = 10_000;
 const MAX_PBKDF2_ROUNDS: usize = 10_000_000;
 
 const PBKDF2_ROUNDS_ATTR: &str = "nsslapd-pwdPBKDF2NumIterations";
 // Each algorithm gets its own atomic counter for thread-safe round configuration
-static PBKDF2_ROUNDS: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA1_ROUNDS);
-static PBKDF2_ROUNDS_SHA1: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA1_ROUNDS);
-static PBKDF2_ROUNDS_SHA256: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA256_ROUNDS);
-static PBKDF2_ROUNDS_SHA512: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_SHA512_ROUNDS);
+static PBKDF2_ROUNDS: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
+static PBKDF2_ROUNDS_SHA1: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
+static PBKDF2_ROUNDS_SHA256: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
+static PBKDF2_ROUNDS_SHA512: AtomicUsize = AtomicUsize::new(DEFAULT_PBKDF2_ROUNDS);
 
 const PBKDF2_SALT_LEN: usize = 24;
 const PBKDF2_SHA1_EXTRACT: usize = 20;