Set PBKDF2 limit in PKCS#12 to 100M.
The previous limit was |UINT_MAX|. Windows limits to 600K, but that's
already causing issues. This seems like a balance between being
completely crazy and still large enough not to have to worry for a long
time. It's still probably too large for backend systems wanting to
process arbitrary PKCS#12, but I don't think any fixed value will
satisfy all desires.
Change-Id: I01a3f78d5f2df086f8dbc0e8bacfb95153738f55
Reviewed-on: https://boringssl-review.googlesource.com/30424
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c
index 811ab16..6538963 100644
--- a/crypto/pkcs8/pkcs8_x509.c
+++ b/crypto/pkcs8/pkcs8_x509.c
@@ -672,7 +672,12 @@
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
static const uint64_t kIterationsLimit = 1024;
#else
- static const uint64_t kIterationsLimit = UINT_MAX;
+ // Windows imposes a limit of 600K. Mozilla say: “so them increasing
+ // maximum to something like 100M or 1G (to have few decades of breathing
+ // room) would be very welcome”[1]. So here we set the limit to 100M.
+ //
+ // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1436873#c14
+ static const uint64_t kIterationsLimit = 100 * 1000000;
#endif
// The iteration count is optional and the default is one.
