modify the max password length of 'gs_guc encrypt/generate' from 16 to 15

（cherry picked commit from <gitee.com//opengauss/openGauss-server/commit/3b198f3ec25fdd72a7109c7dd5087172837c3c86>

src/bin/gs_guc/pg_guc.cpp

@@ -1985,7 +1985,8 @@ static void do_help_encrypt_options(void)
     (void)printf(_("\nOptions for encrypt: \n"));
     (void)printf(_("  -M, --keymode=MODE     the cipher files will be applies in server, client or source,default "
                    "value is server mode\n"));
-    (void)printf(_("  -K PASSWORD            the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters\n"));
+    (void)printf(_("  -K PASSWORD            the plain password you want to encrypt, which length should between "
+                   "8~15 and at least 3 different types of characters\n"));
     (void)printf(_("  -U, --keyuser=USER     if appointed, the cipher files will name with the user name\n"));
     (void)printf(_("  -R RANDFILEDIR         set the dir that put the rand file\n"));
     (void)printf(_("  -C CIPHERFILEDIR       set the dir that put the cipher file\n"));
@@ -1997,7 +1998,8 @@ static void do_help_generate_options(void)
 
     (void)printf(_("\nOptions for generate: \n"));
     (void)printf(_("  -o PREFIX               the cipher files prefix. default value is obsserver\n"));
-    (void)printf(_("  -S CIPHERKEY            the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters\n"));
+    (void)printf(_("  -S CIPHERKEY            the plain password you want to encrypt, which length should between "
+                   "8~15 and at least 3 different types of characters\n"));
 }
 
 /*
@@ -2367,11 +2369,11 @@ void checkDataDir(const char* datadir)
 void checkCipherkey()
 {
     if (g_cipherkey == NULL) {
-        g_cipherkey = simple_prompt("Password: ", MAX_KEY_LEN + 1, false);
-        if (!check_input_password(g_cipherkey)) {
+        g_cipherkey = simple_prompt("Password: ", MAX_GUC_PASS_LEN + 1, false);
+        if (!check_input_password(g_cipherkey, MAX_GUC_PASS_LEN)) {
             write_stderr(_("%s: The input key must be %d~%d bytes and "
                 "contain at least three kinds of characters!\n"),
-                progname, MIN_KEY_LEN, MAX_KEY_LEN);
+                progname, MIN_KEY_LEN, MAX_GUC_PASS_LEN);
             do_advice();
             exit(1);
         }
@@ -2421,10 +2423,10 @@ void doGenerateOperation(const char* datadir, const char* loginfo)
         OPENSSL_free(g_cipherkey);
         g_cipherkey = NULL;
     } else {
-        if (!check_input_password(g_cipherkey)) {
+        if (!check_input_password(g_cipherkey, MAX_GUC_PASS_LEN)) {
             write_stderr(_("%s: The input key must be %d~%d bytes and "
                 "contain at least three kinds of characters!\n"),
-                progname, MIN_KEY_LEN, MAX_KEY_LEN);
+                progname, MIN_KEY_LEN, MAX_GUC_PASS_LEN);
             GS_FREE(g_cipherkey);
             do_advice();
             exit(1);
@@ -2848,7 +2850,7 @@ int main(int argc, char** argv)
                 }
                 case 'K': {
                     char key_str[MAX_KEY_LEN] = {0};
-                    if (!check_input_password(optarg)) {
+                    if (!check_input_password(optarg, MAX_GUC_PASS_LEN)) {
                         do_advice();
                         exit(1);
                     }
@@ -3749,11 +3751,11 @@ static void check_encrypt_options(void)
         return;
     }
     if (g_plainkey == NULL) {
-        g_plainkey = simple_prompt("Password: ", MAX_KEY_LEN + 1, false);
-        if (!check_input_password(g_plainkey)) {
+        g_plainkey = simple_prompt("Password: ", MAX_GUC_PASS_LEN + 1, false);
+        if (!check_input_password(g_plainkey, MAX_GUC_PASS_LEN)) {
             write_stderr(_("%s: The input key must be %d~%d bytes and "
                 "contain at least three kinds of characters!\n"),
-                progname, MIN_KEY_LEN, MAX_KEY_LEN);
+                progname, MIN_KEY_LEN, MAX_GUC_PASS_LEN);
             do_advice();
             exit(1);
         }

src/common/port/cipher.cpp

@@ -102,7 +102,7 @@ bool init_vector_random(GS_UCHAR* init_vector, size_t vector_len)
 }
 
 /* check whether the input password(for key derivation) meet the requirements of the length and complexity */
-bool check_input_password(const char* password)
+bool check_input_password(const char* password, int maxlen)
 {
 #define PASSWD_KINDS 4
     int key_input_len = 0;
@@ -119,8 +119,8 @@ bool check_input_password(const char* password)
         (void)fprintf(stderr, _("Invalid password,it must contain at least eight characters\n"));
         return false;
     }
-    if (key_input_len > MAX_KEY_LEN) {
-        (void)fprintf(stderr, _("Invalid password,the length exceed %d\n"), MAX_KEY_LEN);
+    if (key_input_len > maxlen) {
+        (void)fprintf(stderr, _("Invalid password,the length exceed %d\n"), maxlen);
         return false;
     }
     ptr = password;

src/include/cipher.h

@@ -65,6 +65,7 @@ typedef unsigned char GS_UCHAR;
 #define MAC_LEN 20
 #define MIN_KEY_LEN 8
 #define MAX_KEY_LEN 16
+#define MAX_GUC_PASS_LEN 15
 #define AK_LEN 512
 #define SK_LEN 512
 #define AK_VALID_CHRS "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
@@ -119,7 +120,7 @@ extern void gen_cipher_rand_files(
     KeyMode mode, const char* plain_key, const char* user_name, const char* datadir, const char* preStr);
 extern void decode_cipher_files(
     KeyMode mode, const char* user_name, const char* datadir, GS_UCHAR* plainpwd, bool obs_server_mode = false);
-extern bool check_input_password(const char* password);
+extern bool check_input_password(const char* password, int maxlen = MAX_KEY_LEN);
 extern bool EncryptInputKey(GS_UCHAR* pucPlainText, GS_UCHAR* initrand, GS_UCHAR* keySaltVector,
     GS_UCHAR* encryptVector, GS_UCHAR* pucCipherText, GS_UINT32* pulCLen);
 extern bool ReadContentFromFile(const char* filename, void* content, size_t csize);

src/test/regress/output/gs_encrypt.source

@@ -36,9 +36,9 @@
 --?.*
 \! @abs_bindir@/gs_encrypt -B MTIzNDU2Nzg5MGFiY2RlZg== -v 0123456789abcdef plaintext 
 Invalid password,it must contain at least three kinds of characters
-gs_encrypt: The input key must be 8~16 bytes and contain at least three kinds of characters!
+gs_encrypt: The input key must be 8~15 bytes and contain at least three kinds of characters!
 \! @abs_bindir@/gs_encrypt -B MTIzNDU2Nzg5MGFiY2RlZg== -D MTIzNDU2Nzg5MGFiY2RlZg== plaintext 
 Invalid password,it must contain at least three kinds of characters
-gs_encrypt: The input key must be 8~16 bytes and contain at least three kinds of characters!
+gs_encrypt: The input key must be 8~15 bytes and contain at least three kinds of characters!
 \! rm -f @abs_bindir@/tde.key.cipher
 \! rm -f @abs_bindir@/tde.key.rand

src/test/regress/output/gs_guc.source

@@ -68,7 +68,7 @@ Options for set and reload with -h host-auth-policy:
 
 Options for encrypt: 
   -M, --keymode=MODE     the cipher files will be applies in server, client or source,default value is server mode
-  -K PASSWORD            the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters
+  -K PASSWORD            the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters
   -U, --keyuser=USER     if appointed, the cipher files will name with the user name
   -R RANDFILEDIR         set the dir that put the rand file
   -C CIPHERFILEDIR       set the dir that put the cipher file
@@ -76,7 +76,7 @@ Options for encrypt:
 
 Options for generate: 
   -o PREFIX               the cipher files prefix. default value is obsserver
-  -S CIPHERKEY            the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters
+  -S CIPHERKEY            the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters
 -----Check(GUC)
 \! /usr3/data1/jiangyan/openGauss-server/src/test/regress/./tmp_check/install//data1/jiangyan/openGauss-server//dest/bin/gs_guc check -D /usr3/data1/jiangyan/openGauss-server/src/test/regress/tmp_check/datanode1/ -c cstore_buffers
 The gs_guc run with the following arguments: [/usr3/data1/jiangyan/openGauss-server/src/test/regress/./tmp_check/install//data1/jiangyan/openGauss-server//dest/bin/gs_guc -D /usr3/data1/jiangyan/openGauss-server/src/test/regress/tmp_check/datanode1/ -c cstore_buffers check ].

src/test/regress/wastebin/output/guc_help.source

@@ -53,7 +53,7 @@ Options for set and reload with -h host-auth-policy:
 
 Options for encrypt: 
   -M, --keymode=MODE     the cipher files will be applies in server, client or source,default value is server mode
-  -K PASSWORD            the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters
+  -K PASSWORD            the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters
   -U, --keyuser=USER     if appointed, the cipher files will name with the user name
   -R RANDFILEDIR         set the dir that put the rand file
   -C CIPHERFILEDIR       set the dir that put the cipher file
@@ -61,4 +61,4 @@ Options for encrypt:
 
 Options for generate: 
   -o PREFIX               the cipher files prefix. default value is obsserver
-  -S CIPHERKEY            the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters
+  -S CIPHERKEY            the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters