Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.
Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:
1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
makes it less likely someone will mistakenly use it for security
purposes.
2. When we ported to BoringSSL, we added "raw" versions of
PKCS8_{encrypt,decrypt} to account for confusion about two ways to
encode the empty password. But PKCS8_{encrypt,decrypt} already
handled this by treating NULL and "" differently. Limiting to just
the empty password lets us trim BoringSSL's API surface in
preparation for decoupling it from crypto/asn1.
BUG=603319
Review-Url: https://codereview.chromium.org/2608453002
Cr-Original-Commit-Position: refs/heads/master@{#441365}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 1c02c94c34e1c57154914d51c44e818aa290f7a0
4 files changed