• davidben's avatar
    Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey. · 1c02c94c
    davidben authored
    Even with a password, the encryption scheme used here is really not what
    we'd want people to use. This does two things:
    
    1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
       makes it less likely someone will mistakenly use it for security
       purposes.
    
    2. When we ported to BoringSSL, we added "raw" versions of
       PKCS8_{encrypt,decrypt} to account for confusion about two ways to
       encode the empty password. But PKCS8_{encrypt,decrypt} already
       handled this by treating NULL and "" differently. Limiting to just
       the empty password lets us trim BoringSSL's API surface in
       preparation for decoupling it from crypto/asn1.
    
    BUG=603319
    
    Review-Url: https://codereview.chromium.org/2608453002
    Cr-Commit-Position: refs/heads/master@{#441365}
    1c02c94c
ec_private_key_unittest.cc 20.4 KB