[ruby/openssl] [DOC] prefer "password" to "passphrase"

Let's consistently use the word "password". Although they are considered synonymous, the mixed usage in the rdoc can cause confusion. OpenSSL::KDF.scrypt is an exception. This is because RFC 7914 refers to the input parameter as "passphrase". https://github.com/ruby/openssl/commit/06d67640e9
2023-06-29 20:26:06 +09:00 · 2023-06-29 20:26:06 +09:00 · 4541cd4cba
commit 4541cd4cba
parent 4465941e68
3 changed files with 21 additions and 21 deletions
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@ -207,7 +207,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)

    while (1) {
 	/*
-	 * when the flag is nonzero, this passphrase
+	 * when the flag is nonzero, this password
 	 * will be used to perform encryption; otherwise it will
 	 * be used to perform decryption.
 	 */
@ -676,12 +676,12 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
 *
 * Keys saved to disk without encryption are not secure as anyone who gets
 * ahold of the key may use it unless it is encrypted.  In order to securely
- * export a key you may export it with a pass phrase.
+ * export a key you may export it with a password.
 *
 *   cipher = OpenSSL::Cipher.new 'aes-256-cbc'
- *   pass_phrase = 'my secure pass phrase goes here'
+ *   password = 'my secure password goes here'
 *
- *   key_secure = key.export cipher, pass_phrase
+ *   key_secure = key.export cipher, password
 *
 *   open 'private.secure.pem', 'w' do |io|
 *     io.write key_secure
@ -705,13 +705,13 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
 *
 * === Loading an Encrypted Key
 *
- * OpenSSL will prompt you for your pass phrase when loading an encrypted key.
- * If you will not be able to type in the pass phrase you may provide it when
+ * OpenSSL will prompt you for your password when loading an encrypted key.
+ * If you will not be able to type in the password you may provide it when
 * loading the key:
 *
 *   key4_pem = File.read 'private.secure.pem'
- *   pass_phrase = 'my secure pass phrase goes here'
- *   key4 = OpenSSL::PKey.read key4_pem, pass_phrase
+ *   password = 'my secure password goes here'
+ *   key4 = OpenSSL::PKey.read key4_pem, password
 *
 * == RSA Encryption
 *
@ -904,12 +904,12 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
 * not readable by other users.
 *
 *   ca_key = OpenSSL::PKey::RSA.new 2048
- *   pass_phrase = 'my secure pass phrase goes here'
+ *   password = 'my secure password goes here'
 *
 *   cipher = OpenSSL::Cipher.new 'aes-256-cbc'
 *
 *   open 'ca_key.pem', 'w', 0400 do |io|
- *     io.write ca_key.export(cipher, pass_phrase)
+ *     io.write ca_key.export(cipher, password)
 *   end
 *
 * === CA Certificate
--- a/ext/openssl/ossl_kdf.c
+++ b/ext/openssl/ossl_kdf.c
@ -21,7 +21,7 @@ static VALUE mKDF, eKDF;
 * (https://tools.ietf.org/html/rfc2898#section-5.2).
 *
 * === Parameters
- * pass       :: The passphrase.
+ * pass       :: The password.
 * salt       :: The salt. Salts prevent attacks based on dictionaries of common
 *               passwords and attacks based on rainbow tables. It is a public
 *               value that can be safely stored along with the password (e.g.
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@ -50,8 +50,8 @@ VALUE eRSAError;
 /*
 * call-seq:
 *   RSA.new -> rsa
- *   RSA.new(encoded_key [, passphrase]) -> rsa
- *   RSA.new(encoded_key) { passphrase } -> rsa
+ *   RSA.new(encoded_key [, password ]) -> rsa
+ *   RSA.new(encoded_key) { password } -> rsa
 *   RSA.new(size [, exponent]) -> rsa
 *
 * Generates or loads an \RSA keypair.
@ -61,9 +61,9 @@ VALUE eRSAError;
 * #set_crt_params.
 *
 * If called with a String, tries to parse as DER or PEM encoding of an \RSA key.
- * Note that, if _passphrase_ is not specified but the key is encrypted with a
- * passphrase, \OpenSSL will prompt for it.
- * See also OpenSSL::PKey.read which can parse keys of any kinds.
+ * Note that if _password_ is not specified, but the key is encrypted with a
+ * password, \OpenSSL will prompt for it.
+ * See also OpenSSL::PKey.read which can parse keys of any kind.
 *
 * If called with a number, generates a new key pair. This form works as an
 * alias of RSA.generate.
@ -71,7 +71,7 @@ VALUE eRSAError;
 * Examples:
 *   OpenSSL::PKey::RSA.new 2048
 *   OpenSSL::PKey::RSA.new File.read 'rsa.pem'
- *   OpenSSL::PKey::RSA.new File.read('rsa.pem'), 'my pass phrase'
+ *   OpenSSL::PKey::RSA.new File.read('rsa.pem'), 'my password'
 */
 static VALUE
 ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
@ -217,11 +217,11 @@ can_export_rsaprivatekey(VALUE self)

 /*
 * call-seq:
- *   rsa.export([cipher, pass_phrase]) => PEM-format String
- *   rsa.to_pem([cipher, pass_phrase]) => PEM-format String
- *   rsa.to_s([cipher, pass_phrase]) => PEM-format String
+ *   rsa.export([cipher, password]) => PEM-format String
+ *   rsa.to_pem([cipher, password]) => PEM-format String
+ *   rsa.to_s([cipher, password]) => PEM-format String
 *
- * Outputs this keypair in PEM encoding.  If _cipher_ and _pass_phrase_ are
+ * Outputs this keypair in PEM encoding.  If _cipher_ and _password_ are
 * given they will be used to encrypt the key.  _cipher_ must be an
 * OpenSSL::Cipher instance.
 */