https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go
File src/pkg/crypto/x509/pem_decrypt.go (right):
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode95
src/pkg/crypto/x509/pem_decrypt.go:95: return nil, errors.New("x509:
wrong IV size")
s/wrong/incorrect/
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode145
src/pkg/crypto/x509/pem_decrypt.go:145: func EncryptPEMBlock(blockType
string, rand io.Reader, data, password []byte, alg string) (*pem.Block,
error) {
rand is typically the first argument.
I also think that alg should be type and not a generic string.
So
type PEMCipher int
const (
PEMCipherDES PEMCipher = iota
...
PEMCipherAES256
)
And I'd add PEMCipher as an element of rfc1423Algo and turn rfc1423Algos
into a slice, rather than a map. When we need to look one up, the code
can just iterate over the members.
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode152
src/pkg/crypto/x509/pem_decrypt.go:152: return nil, errors.New("cannot
generate IV: " + err.Error())
"x509: "
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode154
src/pkg/crypto/x509/pem_decrypt.go:154: key := ciph.deriveKey(password,
iv[:8])
I'll take your word that the IV is truncated for this but a reference
would be nice if it's written down somewhere.
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode159
src/pkg/crypto/x509/pem_decrypt.go:159: dec :=
cipher.NewCBCEncrypter(block, iv)
surely the /en/crypter shouldn't be called 'dec'?
https://codereview.appspot.com/6820114/
