Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:

1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
   makes it less likely someone will mistakenly use it for security
   purposes.

2. When we ported to BoringSSL, we added "raw" versions of
   PKCS8_{encrypt,decrypt} to account for confusion about two ways to
   encode the empty password. But PKCS8_{encrypt,decrypt} already
   handled this by treating NULL and "" differently. Limiting to just
   the empty password lets us trim BoringSSL's API surface in
   preparation for decoupling it from crypto/asn1.

BUG=603319
Committed: https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0
Cr-Commit-Position: refs/heads/master@{#441365}

[davidben, 2016-12-27 18:49:54]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-27 18:50:07]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-27 20:04:29]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-27 20:04:30]

Dry run: This issue passed the CQ dry run.

[davidben, 2016-12-28 03:19:59]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-28 03:20:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[davidben, 2016-12-28 03:22:25]

davidben@chromium.org changed reviewers:
+ rsleevi@chromium.org

[davidben, 2016-12-28 03:22:26]

https://codereview.chromium.org/2608453002/diff/20001/net/ssl/channel_id_serv...
File net/ssl/channel_id_service.h (left):

https://codereview.chromium.org/2608453002/diff/20001/net/ssl/channel_id_serv...
net/ssl/channel_id_service.h:75: static const char kEPKIPassword[];
I'm assuming we don't have anything where this is swapped out for something
else?

[commit-bot: I haz the power, 2016-12-28 04:33:42]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-28 04:33:42]

Dry run: This issue passed the CQ dry run.

[Ryan Sleevi, 2016-12-28 08:03:18]

lgtm

[Ryan Sleevi, 2016-12-28 08:03:25]

The CQ bit was checked by rsleevi@chromium.org

[commit-bot: I haz the power, 2016-12-28 08:03:38]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-28 08:09:28]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-28 08:09:29]

Try jobs failed on following builders:
  chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)

[davidben, 2016-12-28 21:19:00]

davidben@chromium.org changed reviewers:
+ peter@chromium.org

[davidben, 2016-12-28 21:19:01]

+peter for components/gcm_driver

[Peter Beverloo, 2017-01-04 12:55:12]

The CQ bit was checked by peter@chromium.org

[Peter Beverloo, 2017-01-04 12:55:13]

lgtm

[commit-bot: I haz the power, 2017-01-04 12:55:20]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-04 13:54:35]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1483534512782320,
"parent_rev": "fd829ed7a3102bc73a151cee5872be6ee71cc597", "commit_rev":
"69d377c474183a6b357f6b41185b1e179a4bc1a1"}

[commit-bot: I haz the power, 2017-01-04 13:55:04]

Description was changed from

==========
Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:

1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
   makes it less likely someone will mistakenly use it for security
   purposes.

2. When we ported to BoringSSL, we added "raw" versions of
   PKCS8_{encrypt,decrypt} to account for confusion about two ways to
   encode the empty password. But PKCS8_{encrypt,decrypt} already
   handled this by treating NULL and "" differently. Limiting to just
   the empty password lets us trim BoringSSL's API surface in
   preparation for decoupling it from crypto/asn1.

BUG=603319
==========

to

==========
Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:

1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
   makes it less likely someone will mistakenly use it for security
   purposes.

2. When we ported to BoringSSL, we added "raw" versions of
   PKCS8_{encrypt,decrypt} to account for confusion about two ways to
   encode the empty password. But PKCS8_{encrypt,decrypt} already
   handled this by treating NULL and "" differently. Limiting to just
   the empty password lets us trim BoringSSL's API surface in
   preparation for decoupling it from crypto/asn1.

BUG=603319

Review-Url: https://codereview.chromium.org/2608453002
==========

[commit-bot: I haz the power, 2017-01-04 13:55:04]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2017-01-04 13:57:11]

Description was changed from

==========
Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:

1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
   makes it less likely someone will mistakenly use it for security
   purposes.

2. When we ported to BoringSSL, we added "raw" versions of
   PKCS8_{encrypt,decrypt} to account for confusion about two ways to
   encode the empty password. But PKCS8_{encrypt,decrypt} already
   handled this by treating NULL and "" differently. Limiting to just
   the empty password lets us trim BoringSSL's API surface in
   preparation for decoupling it from crypto/asn1.

BUG=603319

Review-Url: https://codereview.chromium.org/2608453002
==========

to

==========
Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:

1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
   makes it less likely someone will mistakenly use it for security
   purposes.

2. When we ported to BoringSSL, we added "raw" versions of
   PKCS8_{encrypt,decrypt} to account for confusion about two ways to
   encode the empty password. But PKCS8_{encrypt,decrypt} already
   handled this by treating NULL and "" differently. Limiting to just
   the empty password lets us trim BoringSSL's API surface in
   preparation for decoupling it from crypto/asn1.

BUG=603319

Committed: https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0
Cr-Commit-Position: refs/heads/master@{#441365}
==========

[commit-bot: I haz the power, 2017-01-04 13:57:12]

Patchset 2 (id:??) landed as
https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0
Cr-Commit-Position: refs/heads/master@{#441365}