DescriptionRemove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.
Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:
1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
makes it less likely someone will mistakenly use it for security
purposes.
2. When we ported to BoringSSL, we added "raw" versions of
PKCS8_{encrypt,decrypt} to account for confusion about two ways to
encode the empty password. But PKCS8_{encrypt,decrypt} already
handled this by treating NULL and "" differently. Limiting to just
the empty password lets us trim BoringSSL's API surface in
preparation for decoupling it from crypto/asn1.
BUG=603319
Committed: https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0
Cr-Commit-Position: refs/heads/master@{#441365}
Patch Set 1 #Patch Set 2 : fmt #
Total comments: 1
Messages
Total messages: 25 (16 generated)
|