agent: Raise the maximum password length. Don't hard code it.

* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.

--
Signed-off-by: Neal H. Walfield <[email protected]>.
GnuPG-bug-id: 2038

5 files changed, 17 insertions, 12 deletions

diff --git a/agent/agent.h b/agent/agent.h
index 958e3be6c..a1b37943c 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -47,6 +47,11 @@
 /* Maximum length of a digest.  */
 #define MAX_DIGEST_LEN 64
 
+/* The maximum length of a passphrase (in bytes).  Note: this is
+   further contrained by the Assuan line length (and any other text on
+   the same line).  However, the Assuan line length is 1k bytes so
+   this shouldn't be a problem in practice.  */
+#define MAX_PASSPHRASE_LEN 255
 
 
 /* A large struct name "opt" to keep global flags */
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 2a3037cd4..3d29f9744 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3094,17 +3094,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
       goto out;
     }
 
-  pi = gcry_calloc_secure (2, sizeof (*pi) + 100 + 1);
+  pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
   if (!pi)
     {
       err = gpg_error_from_syserror ();
       goto out;
     }
-  pi2 = pi + (sizeof *pi + 100 + 1);
-  pi->max_length = 100;
+  pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+  pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->max_tries = 1;
   pi->with_repeat = 1;
-  pi2->max_length = 100;
+  pi2->max_length = MAX_PASSPHRASE_LEN + 1;
   pi2->max_tries = 1;
   pi2->check_cb = reenter_compare_cb;
   pi2->check_cb_arg = pi->pin;
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 8bf587342..6d2221015 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -918,10 +918,10 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp,
       struct pin_entry_info_s *pi;
       struct try_do_unprotect_arg_s pi_arg;
 
-      pi = xtrycalloc_secure (1, sizeof (*pi) + 100);
+      pi = xtrycalloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
       if (!pi)
         return gpg_error_from_syserror ();
-      pi->max_length = 100;
+      pi->max_length = MAX_PASSPHRASE_LEN + 1;
       pi->min_digits = 0;  /* We want a real passphrase.  */
       pi->max_digits = 16;
       pi->max_tries = 3;
diff --git a/agent/findkey.c b/agent/findkey.c
index e7cd79e6c..c49c37a55 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -450,10 +450,10 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
         }
     }
 
-  pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
+  pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
   if (!pi)
     return gpg_error_from_syserror ();
-  pi->max_length = 100;
+  pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->min_digits = 0;  /* we want a real passphrase */
   pi->max_digits = 16;
   pi->max_tries = 3;
diff --git a/agent/genkey.c b/agent/genkey.c
index af53c60ad..13858cae3 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -374,13 +374,13 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
 	return err;
     }
 
-  pi = gcry_calloc_secure (2, sizeof (*pi) + 100);
-  pi2 = pi + (sizeof *pi + 100);
-  pi->max_length = 100;
+  pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
+  pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+  pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->max_tries = 3;
   pi->with_qualitybar = 1;
   pi->with_repeat = 1;
-  pi2->max_length = 100;
+  pi2->max_length = MAX_PASSPHRASE_LEN + 1;
   pi2->max_tries = 3;
   pi2->check_cb = reenter_compare_cb;
   pi2->check_cb_arg = pi->pin;