[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Wed May 24 20:17:48 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  df73fcdc1bfab4125d8e79d4a0b6e9c2c2e85787 (commit)
      from  b024891f7f84d657d1c9b1f0d364dc1c3c42f411 (commit)


- Log -----------------------------------------------------------------
commit df73fcdc1bfab4125d8e79d4a0b6e9c2c2e85787
Author: David Woodhouse <dwmw2 at infradead.org>
Date:   Wed May 24 12:18:14 2017 +0100

    Document that PKCS#12 functions assume UTF-8 for passwords
    
    Part of issue #3531
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3535)
    (cherry picked from commit cff85f39e438830cb5bc8bf7cb2ed6458670c5be)

-----------------------------------------------------------------------

Summary of changes:
 doc/crypto/PKCS12_newpass.pod | 12 ++++++++++++
 doc/crypto/PKCS12_parse.pod   |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/doc/crypto/PKCS12_newpass.pod b/doc/crypto/PKCS12_newpass.pod
index b910511..6b22fd7 100644
--- a/doc/crypto/PKCS12_newpass.pod
+++ b/doc/crypto/PKCS12_newpass.pod
@@ -17,6 +17,18 @@ PKCS12_newpass() changes the password of a PKCS12 structure.
 B<p12> is a pointer to a PKCS12 structure. B<oldpass> is the existing password
 and B<newpass> is the new password.
 
+=head1 NOTES
+
+Each of B<oldpass> and B<newpass> is independently interpreted as a string in
+the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1
+instead.
+
+In particular, this means that passwords in the locale character set
+(or code page on Windows) must potentially be converted to UTF-8 before
+use. This may include passwords from local text files, or input from
+the terminal or command line. Refer to the documentation of
+L<UI_OpenSSL(3)>, for example.
+
 =head1 RETURN VALUES
 
 PKCS12_newpass() returns 1 on success or 0 on failure. Applications can
diff --git a/doc/crypto/PKCS12_parse.pod b/doc/crypto/PKCS12_parse.pod
index 2dfa7e2..c03c371 100644
--- a/doc/crypto/PKCS12_parse.pod
+++ b/doc/crypto/PKCS12_parse.pod
@@ -29,6 +29,15 @@ The B<friendlyName> and B<localKeyID> attributes (if present) on each
 certificate will be stored in the B<alias> and B<keyid> attributes of the
 B<X509> structure.
 
+The parameter B<pass> is interpreted as a string in the UTF-8 encoding. If it
+is not valid UTF-8, then it is assumed to be ISO8859-1 instead.
+
+In particular, this means that passwords in the locale character set
+(or code page on Windows) must potentially be converted to UTF-8 before
+use. This may include passwords from local text files, or input from
+the terminal or command line. Refer to the documentation of
+L<UI_OpenSSL(3)>, for example.
+
 =head1 RETURN VALUES
 
 PKCS12_parse() returns 1 for success and zero if an error occurred.


More information about the openssl-commits mailing list