-
davidben authored
Even with a password, the encryption scheme used here is really not what we'd want people to use. This does two things: 1. Cut down on the number of ways to use ExportEncryptedPrivateKey and makes it less likely someone will mistakenly use it for security purposes. 2. When we ported to BoringSSL, we added "raw" versions of PKCS8_{encrypt,decrypt} to account for confusion about two ways to encode the empty password. But PKCS8_{encrypt,decrypt} already handled this by treating NULL and "" differently. Limiting to just the empty password lets us trim BoringSSL's API surface in preparation for decoupling it from crypto/asn1. BUG=603319 Review-Url: https://codereview.chromium.org/2608453002 Cr-Commit-Position: refs/heads/master@{#441365}
1c02c94c