Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

crypto/ec_private_key.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/ec_private_key.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <utility>
@@ skipping 77 matching lines @@
   if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC)
     return nullptr;
 
   std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
   result->key_ = std::move(pkey);
   return result;
 }
 
 // static
 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
-    const std::string& password,
     const std::vector<uint8_t>& encrypted_private_key_info,
     const std::vector<uint8_t>& subject_public_key_info) {
   // NOTE: The |subject_public_key_info| can be ignored here, it is only
   // useful for the NSS implementation (which uses the public key's SHA1
   // as a lookup key when storing the private one in its store).
   if (encrypted_private_key_info.empty())
     return nullptr;
 
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   const uint8_t* data = &encrypted_private_key_info[0];
   const uint8_t* ptr = data;
   bssl::UniquePtr<X509_SIG> p8_encrypted(
       d2i_X509_SIG(nullptr, &ptr, encrypted_private_key_info.size()));
   if (!p8_encrypted || ptr != data + encrypted_private_key_info.size())
     return nullptr;
 
-  bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8_decrypted;
-  if (password.empty()) {
-    // Hack for reading keys generated by an older version of the OpenSSL
-    // code. OpenSSL used to use "\0\0" rather than the empty string because it
-    // would treat the password as an ASCII string to be converted to UCS-2
-    // while NSS used a byte string.
-    p8_decrypted.reset(PKCS8_decrypt_pbe(
-        p8_encrypted.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2));
-  }
-  if (!p8_decrypted) {
-    p8_decrypted.reset(PKCS8_decrypt_pbe(
-        p8_encrypted.get(),
-        reinterpret_cast<const uint8_t*>(password.data()),
-        password.size()));
-  }
+  // Hack for reading keys generated by an older version of the OpenSSL code.
+  // Some implementations encode the empty password as "\0\0" (passwords are
+  // normally encoded in big-endian UCS-2 with a NUL terminator) and some
+  // encode as the empty string. PKCS8_decrypt distinguishes the two by whether
+  // the password is nullptr.
+  bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8_decrypted(
+      PKCS8_decrypt(p8_encrypted.get(), "", 0));
+  if (!p8_decrypted)
+    p8_decrypted.reset(PKCS8_decrypt(p8_encrypted.get(), nullptr, 0));
 
   if (!p8_decrypted)
     return nullptr;
 
   // Create a new EVP_PKEY for it.
   std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
   result->key_.reset(EVP_PKCS82PKEY(p8_decrypted.get()));
   if (!result->key_ || EVP_PKEY_id(result->key_.get()) != EVP_PKEY_EC)
     return nullptr;
 
@@ skipping 18 matching lines @@
       !EVP_marshal_private_key(cbb.get(), key_.get()) ||
       !CBB_finish(cbb.get(), &der, &der_len)) {
     return false;
   }
   output->assign(der, der + der_len);
   OPENSSL_free(der);
   return true;
 }
 
 bool ECPrivateKey::ExportEncryptedPrivateKey(
-    const std::string& password,
-    int iterations,
     std::vector<uint8_t>* output) const {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
   // Convert into a PKCS#8 object.
   bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> pkcs8(EVP_PKEY2PKCS8(key_.get()));
   if (!pkcs8)
     return false;
 
   // Encrypt the object.
   // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
   // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL
   // equivalent.
   bssl::UniquePtr<X509_SIG> encrypted(
-      PKCS8_encrypt_pbe(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr,
-                        reinterpret_cast<const uint8_t*>(password.data()),
-                        password.size(), nullptr, 0, iterations, pkcs8.get()));
+      PKCS8_encrypt(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, nullptr, 0,
+                    nullptr, 0, 1, pkcs8.get()));
   if (!encrypted)
     return false;
 
   // Write it into |*output|
   return ExportKeyWithBio(encrypted.get(),
                           reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio),
                           output);
 }
 
 bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const {
@@ skipping 29 matching lines @@
     return false;
   }
 
   output->assign(reinterpret_cast<const char*>(buf), sizeof(buf));
   return true;
 }
 
 ECPrivateKey::ECPrivateKey() {}
 
 }  // namespace crypto