Google Git
Sign in
flutter/third_party/openssl/8481434439e421d513350a81a01ba2e2a8e61b6e^!/.
commit
8481434439e421d513350a81a01ba2e2a8e61b6e
[log]
author
Richard Levitte <levitte@openssl.org>
Sun May 13 11:35:14 2018 +0200
committer
Richard Levitte <levitte@openssl.org>
Mon May 14 15:56:59 2018 +0200
tree
30c5b1ccface9bc6d9374c82b8bf120de6df5b1f
parent
491c35324c9f4392ec3d59bb260bf9b7e588f881 [diff]
Link in passphrase-encoding(7) in relevant documentation

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6179)

diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 03c07c0..a713269 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod

@@ -439,6 +439,9 @@
 prompted to enter one: this will typically be read from the current
 terminal with echoing turned off.
 
+Note that character encoding may be relevant, please see
+L<passphrase-encoding(7)>.
+
 =over 4
 
 =item B<pass:password>

diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 13f3722..b1467f4 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod

@@ -112,6 +112,14 @@
 failures); if the URI was parsable but the scheme unregistered, the
 top error will have the reason C<OSSL_STORE_R_UNREGISTERED_SCHEME>.
 
+These functions make no direct assumption regarding the pass phrase received
+from the password callback.
+The loaders may make assumptions, however.
+For example, the B<file:> scheme loader inherits the assumptions made by
+OpenSSL functionality that handles the different file types; this is mostly
+relevant for PKCS#12 objects.
+See L<passphrase-encoding(7)> for further information.
+
 =head1 RETURN VALUES
 
 OSSL_STORE_open() returns a pointer to a B<OSSL_STORE_CTX> on success, or
@@ -132,7 +140,8 @@
 
 =head1 SEE ALSO
 
-L<ossl_store(7)>, L<OSSL_STORE_INFO(3)>, L<OSSL_STORE_register_loader(3)>
+L<ossl_store(7)>, L<OSSL_STORE_INFO(3)>, L<OSSL_STORE_register_loader(3)>,
+L<passphrase-encoding(7)>
 
 =head1 HISTORY
 

diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod
index d16ccd8..cd05582 100644
--- a/doc/man3/PEM_bytes_read_bio.pod
+++ b/doc/man3/PEM_bytes_read_bio.pod

@@ -55,6 +55,10 @@
 functionality, which includes buffering as a feature; BIO_s_fd() is likely
 to be more appropriate in such cases.
 
+These functions make no assumption regarding the pass phrase received from the
+password callback.
+It will simply be treated as a byte sequence.
+
 =head1 RETURN VALUES
 
 PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or
@@ -63,7 +67,8 @@
 =head1 SEE ALSO
 
 L<PEM(3)>,
-L<PEM_read_bio_ex(3)>
+L<PEM_read_bio_ex(3)>,
+L<passphrase-encoding(7)>
 
 =head1 HISTORY
 

diff --git a/doc/man3/PEM_read.pod b/doc/man3/PEM_read.pod
index 66cbc7d..2a017c6 100644
--- a/doc/man3/PEM_read.pod
+++ b/doc/man3/PEM_read.pod

@@ -110,10 +110,15 @@
 v2.0 PBE.
 See L<PEM_write_PrivateKey(3)> and L<d2i_PKCS8PrivateKey_bio(3)>.
 
+PEM_do_header() makes no assumption regarding the pass phrase received from the
+password callback.
+It will simply be treated as a byte sequence.
+
 =head1 SEE ALSO
 
 L<ERR_peek_last_error(3)>, L<ERR_GET_LIB(3)>,
-L<d2i_PKCS8PrivateKey_bio(3)>.
+L<d2i_PKCS8PrivateKey_bio(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod
index 65a114d..0c22618 100644
--- a/doc/man3/PEM_read_CMS.pod
+++ b/doc/man3/PEM_read_CMS.pod

@@ -73,6 +73,12 @@
 
 PEM_write_bio_TYPE() similarly writes to the BIO B<bp>.
 
+=head1 NOTES
+
+These functions make no assumption regarding the pass phrase received from the
+password callback.
+It will simply be treated as a byte sequence.
+
 =head1 RETURN VALUES
 
 PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated
@@ -83,7 +89,8 @@
 
 =head1 SEE ALSO
 
-L<PEM_read(3)>
+L<PEM_read(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod
index 4ff5b2d..9f62140 100644
--- a/doc/man3/PEM_read_bio_PrivateKey.pod
+++ b/doc/man3/PEM_read_bio_PrivateKey.pod

@@ -386,6 +386,10 @@
 this is a bug because an attempt will be made to reuse the data at B<x>
 which is an uninitialised pointer.
 
+These functions make no assumption regarding the pass phrase received from the
+password callback.
+It will simply be treated as a byte sequence.
+
 =head1 PEM ENCRYPTION FORMAT
 
 These old B<PrivateKey> routines use a non standard technique for encryption.
@@ -465,7 +469,8 @@
 
 =head1 SEE ALSO
 
-L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
+L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod
index 37b53be..0dcd2ab 100644
--- a/doc/man3/PKCS12_create.pod
+++ b/doc/man3/PKCS12_create.pod

@@ -60,13 +60,18 @@
 
 B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
 
+PKCS12_create() makes assumptions regarding the encoding of the given pass
+phrase.
+See L<passphrase-encoding(7)> for more information.
+
 =head1 RETURN VALUES
 
 PKCS12_create() returns a valid B<PKCS12> structure or NULL if an error occurred.
 
 =head1 SEE ALSO
 
-L<d2i_PKCS12(3)>
+L<d2i_PKCS12(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/PKCS12_newpass.pod b/doc/man3/PKCS12_newpass.pod
index 58207f5..c27c652 100644
--- a/doc/man3/PKCS12_newpass.pod
+++ b/doc/man3/PKCS12_newpass.pod

@@ -102,7 +102,8 @@
 
 =head1 SEE ALSO
 
-L<PKCS12_create(3)>, L<ERR_get_error(3)>
+L<PKCS12_create(3)>, L<ERR_get_error(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod
index c03c371..d61b172 100644
--- a/doc/man3/PKCS12_parse.pod
+++ b/doc/man3/PKCS12_parse.pod

@@ -57,7 +57,8 @@
 
 =head1 SEE ALSO
 
-L<d2i_PKCS12(3)>
+L<d2i_PKCS12(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod
index e5d1689..174831d 100644
--- a/doc/man3/PKCS5_PBKDF2_HMAC.pod
+++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod

@@ -52,6 +52,9 @@
 harder for an attacker to perform a brute force attack using a large number
 of candidate passwords.
 
+These functions make no assumption regarding the given password.
+It will simply be treated as a byte sequence.
+
 =head1 RETURN VALUES
 
 PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.
@@ -59,7 +62,8 @@
 =head1 SEE ALSO
 
 L<evp(7)>, L<RAND_bytes(3)>,
-L<EVP_BytesToKey(3)>
+L<EVP_BytesToKey(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod
index cc588df..43a218a 100644
--- a/doc/man3/d2i_PKCS8PrivateKey_bio.pod
+++ b/doc/man3/d2i_PKCS8PrivateKey_bio.pod

@@ -45,6 +45,10 @@
 work directly on memory: this can be readily worked around by converting the buffers
 to memory BIOs, see L<BIO_s_mem(3)> for details.
 
+These functions make no assumption regarding the pass phrase received from the
+password callback.
+It will simply be treated as a byte sequence.
+
 =head1 RETURN VALUES
 
 d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid B<EVP_PKEY>
@@ -55,7 +59,8 @@
 
 =head1 SEE ALSO
 
-L<PEM_read_PrivateKey(3)>
+L<PEM_read_PrivateKey(3)>,
+L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT