crypto/x509: document that DecryptPEMBlock cannot detect all cases of incorrect password

author Shenghou Ma <minux@golang.org>

Sun, 15 Mar 2015 22:38:56 +0000 (18:38 -0400)

committer Minux Ma <minux@golang.org>

Fri, 20 Mar 2015 04:39:50 +0000 (04:39 +0000)
author Shenghou Ma <minux@golang.org>
Sun, 15 Mar 2015 22:38:56 +0000 (18:38 -0400)
committer Minux Ma <minux@golang.org>
Fri, 20 Mar 2015 04:39:50 +0000 (04:39 +0000)
diff --git a/src/crypto/x509/pem_decrypt.go b/src/crypto/x509/pem_decrypt.go

index 194c81bf688c8eb5be8ab03bb4878bf15d049f5d..1d2c1c6ef60a23f36fbea4c16df56b238d2bc09a 100644 (file)
--- a/src/crypto/x509/pem_decrypt.go
+++ b/src/crypto/x509/pem_decrypt.go
@@ -108,7 +108,10 @@ var IncorrectPasswordError = errors.New("x509: decryption password incorrect")
  // encrypt it and returns a slice of decrypted DER encoded bytes. It inspects
  // the DEK-Info header to determine the algorithm used for decryption. If no
  // DEK-Info header is present, an error is returned. If an incorrect password
-// is detected an IncorrectPasswordError is returned.
+// is detected an IncorrectPasswordError is returned. Because of deficiencies
+// in the encrypted-PEM format, it's not always possible to detect an incorrect
+// password. In these cases no error will be returned but the decrypted DER
+// bytes will be random noise.
  func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error) {
         dek, ok := b.Headers["DEK-Info"]
         if !ok {
author	Shenghou Ma <minux@golang.org>
	Sun, 15 Mar 2015 22:38:56 +0000 (18:38 -0400)
committer	Minux Ma <minux@golang.org>
	Fri, 20 Mar 2015 04:39:50 +0000 (04:39 +0000)