Bug 1560806 - Increased the max size supported for softoken passwords. r=jcj
authorMarcus Burghardt <mburghardt@mozilla.com>
Fri, 26 Jul 2019 16:27:21 +0000
changeset 15239 d57bae1204fa4643d75ca20e3a5b518a4e21c6df
parent 15238 c29b58d70d289686cede10f67acd106afdc7c2d6
child 15240 caf5d97f786fc3dad2f9318b228007a233b5f0bd
push id3451
push userjjones@mozilla.com
push dateFri, 26 Jul 2019 16:28:36 +0000
reviewersjcj
bugs1560806
Bug 1560806 - Increased the max size supported for softoken passwords. r=jcj Differential Revision: https://phabricator.services.mozilla.com/D39444
cmd/lib/secpwd.c
cmd/pk11mode/pk11mode.c
cmd/shlibsign/shlibsign.c
gtests/softoken_gtest/softoken_gtest.cc
lib/softoken/pkcs11i.h
--- a/cmd/lib/secpwd.c
+++ b/cmd/lib/secpwd.c
@@ -61,17 +61,17 @@ SEC_GetPassword(FILE *input, FILE *outpu
 #if defined(_WINDOWS)
     int isTTY = (input == stdin);
 #define echoOn(x)
 #define echoOff(x)
 #else
     int infd = fileno(input);
     int isTTY = isatty(infd);
 #endif
-    char phrase[200] = { '\0' }; /* ensure EOF doesn't return junk */
+    char phrase[500] = { '\0' }; /* ensure EOF doesn't return junk */
 
     for (;;) {
         /* Prompt for password */
         if (isTTY) {
             fprintf(output, "%s", prompt);
             fflush(output);
             echoOff(infd);
         }
--- a/cmd/pk11mode/pk11mode.c
+++ b/cmd/pk11mode/pk11mode.c
@@ -5224,17 +5224,17 @@ PKM_Digest(CK_FUNCTION_LIST_PTR pFunctio
     }
 
     return crv;
 }
 
 char *
 PKM_FilePasswd(char *pwFile)
 {
-    unsigned char phrase[200];
+    unsigned char phrase[500];
     PRFileDesc *fd;
     PRInt32 nb;
     int i;
 
     if (!pwFile)
         return 0;
 
     fd = PR_Open(pwFile, PR_RDONLY, 0);
--- a/cmd/shlibsign/shlibsign.c
+++ b/cmd/shlibsign/shlibsign.c
@@ -609,17 +609,17 @@ cleanup:
     }
 
     return crv;
 }
 
 static char *
 filePasswd(char *pwFile)
 {
-    unsigned char phrase[200];
+    unsigned char phrase[500];
     PRFileDesc *fd;
     PRInt32 nb;
     int i;
 
     if (!pwFile)
         return 0;
 
     fd = PR_Open(pwFile, PR_RDONLY, 0);
--- a/gtests/softoken_gtest/softoken_gtest.cc
+++ b/gtests/softoken_gtest/softoken_gtest.cc
@@ -115,16 +115,37 @@ TEST_F(SoftokenTest, CreateObjectChangeP
   EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
   EXPECT_EQ(SECSuccess, PK11_ChangePW(slot.get(), "", "password"));
   EXPECT_EQ(SECSuccess, PK11_Logout(slot.get()));
   ScopedPK11GenericObject obj(PK11_CreateGenericObject(
       slot.get(), attributes, PR_ARRAY_SIZE(attributes), true));
   EXPECT_EQ(nullptr, obj);
 }
 
+/* The size limit for a password is 500 characters as defined in pkcs11i.h */
+TEST_F(SoftokenTest, CreateObjectChangeToBigPassword) {
+  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+  ASSERT_TRUE(slot);
+  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
+  EXPECT_EQ(
+      SECSuccess,
+      PK11_ChangePW(slot.get(), "",
+                    "rUIFIFr2bxKnbJbitsfkyqttpk6vCJzlYMNxcxXcaN37gSZKbLk763X7iR"
+                    "yeVNWZHQ02lSF69HYjzTyPW3318ZD0DBFMMbALZ8ZPZP73CIo5uIQlaowV"
+                    "IbP8eOhRYtGUqoLGlcIFNEYogV8Q3GN58VeBMs0KxrIOvPQ9s8SnYYkqvt"
+                    "zzgntmAvCgvk64x6eQf0okHwegd5wi6m0WVJytEepWXkP9J629FSa5kNT8"
+                    "FvL3jvslkiImzTNuTvl32fQDXXMSc8vVk5Q3mH7trMZM0VDdwHWYERjHbz"
+                    "kGxFgp0VhediHx7p9kkz6H6ac4et9sW4UkTnN7xhYc1Zr17wRSk2heQtcX"
+                    "oZJGwuzhiKm8A8wkuVxms6zO56P4JORIk8oaUW6lyNTLo2kWWnTA"));
+  EXPECT_EQ(SECSuccess, PK11_Logout(slot.get()));
+  ScopedPK11GenericObject obj(PK11_CreateGenericObject(
+      slot.get(), attributes, PR_ARRAY_SIZE(attributes), true));
+  EXPECT_EQ(nullptr, obj);
+}
+
 TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) {
   ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
   ASSERT_TRUE(slot);
   EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "password"));
   EXPECT_EQ(SECSuccess, PK11_ChangePW(slot.get(), "password", ""));
   // PK11_Logout returnes an error and SEC_ERROR_TOKEN_NOT_LOGGED_IN if the user
   // is not "logged in".
   EXPECT_EQ(SECFailure, PK11_Logout(slot.get()));
--- a/lib/softoken/pkcs11i.h
+++ b/lib/softoken/pkcs11i.h
@@ -454,17 +454,17 @@ struct SFTKItemTemplateStr {
 /* certdb (high bit == 1) */
 #define SFTK_TOKEN_TYPE_TRUST 0x40000000L
 #define SFTK_TOKEN_TYPE_CRL 0x50000000L
 #define SFTK_TOKEN_TYPE_SMIME 0x60000000L
 #define SFTK_TOKEN_TYPE_CERT 0x70000000L
 
 #define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC | SFTK_TOKEN_TYPE_CRL | 1)
 /* how big (in bytes) a password/pin we can deal with */
-#define SFTK_MAX_PIN 255
+#define SFTK_MAX_PIN 500
 /* minimum password/pin length (in Unicode characters) in FIPS mode */
 #define FIPS_MIN_PIN 7
 
 /* slot ID's */
 #define NETSCAPE_SLOT_ID 1
 #define PRIVATE_KEY_SLOT_ID 2
 #define FIPS_SLOT_ID 3