summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/compat/hash.php51
-rw-r--r--user_guide_src/source/changelog.rst14
2 files changed, 61 insertions, 4 deletions
diff --git a/system/core/compat/hash.php b/system/core/compat/hash.php
index 477535dca..15954559c 100644
--- a/system/core/compat/hash.php
+++ b/system/core/compat/hash.php
@@ -174,9 +174,56 @@ if ( ! function_exists('hash_pbkdf2'))
}
$hash_length = strlen(hash($algo, NULL, TRUE));
- if (empty($length))
+ empty($length) && $length = $hash_length;
+
+ // Pre-hash password inputs longer than the algorithm's block size
+ // (i.e. prepare HMAC key) to mitigate potential DoS attacks.
+ static $block_sizes;
+ empty($block_sizes) && $block_sizes = array(
+ 'gost' => 32,
+ 'haval128,3' => 128,
+ 'haval160,3' => 128,
+ 'haval192,3' => 128,
+ 'haval224,3' => 128,
+ 'haval256,3' => 128,
+ 'haval128,4' => 128,
+ 'haval160,4' => 128,
+ 'haval192,4' => 128,
+ 'haval224,4' => 128,
+ 'haval256,4' => 128,
+ 'haval128,5' => 128,
+ 'haval160,5' => 128,
+ 'haval192,5' => 128,
+ 'haval224,5' => 128,
+ 'haval256,5' => 128,
+ 'md2' => 16,
+ 'md4' => 64,
+ 'md5' => 64,
+ 'ripemd128' => 64,
+ 'ripemd160' => 64,
+ 'ripemd256' => 64,
+ 'ripemd320' => 64,
+ 'salsa10' => 64,
+ 'salsa20' => 64,
+ 'sha1' => 64,
+ 'sha224' => 64,
+ 'sha256' => 64,
+ 'sha384' => 128,
+ 'sha512' => 128,
+ 'snefru' => 32,
+ 'snefru256' => 32,
+ 'tiger128,3' => 64,
+ 'tiger160,3' => 64,
+ 'tiger192,3' => 64,
+ 'tiger128,4' => 64,
+ 'tiger160,4' => 64,
+ 'tiger192,4' => 64,
+ 'whirlpool' => 64
+ );
+
+ if (isset($block_sizes[$algo]) && strlen($password) > $block_sizes[$algo])
{
- $length = $hash_length;
+ $password = hash($algo, $password, TRUE);
}
$hash = '';
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 45780ddb3..e6e3e9d17 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -2,11 +2,21 @@
Change Log
##########
-Version 3.0 (planned)
-=======================
+Version 3.0.1
+=============
Release Date: Not Released
+- Core
+
+ - Added DoS mitigation to :php:func:`hash_pbkdf2()` :doc:`compatibility function <general/compatibility_functions>`.
+
+
+Version 3.0.0
+=============
+
+Release Date: March 30, 2015
+
- License
- CodeIgniter has been relicensed with the `MIT License <http://opensource.org/licenses/MIT>`_, eliminating its old proprietary licensing.