Merge branch 'ia/public_key/ssl/crypto/PKCS-8/OTP-9312'

* ia/public_key/ssl/crypto/PKCS-8/OTP-9312:
  Add clause for expected input to pubkey:pseudo_random_function/2 when ASN-1 compiler is fixed.
  Clean up of public_key code adding specs and documentation
  Added PKCS-8 support in ssl
  Additions to crypto and public_key needed for full PKCS-8 support
  Add PKCS-8 support to public_key

3 files changed, 33 insertions, 8 deletions

diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index a9109c5a6e..42dc44c39b 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -2784,7 +2784,7 @@ extended_key_usage_verify_peer(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"), 
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2846,7 +2846,7 @@ extended_key_usage_verify_none(Config) when is_list(Config) ->
 
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2908,7 +2908,7 @@ no_authority_key_identifier(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     CertFile = proplists:get_value(certfile, ServerOpts),
     NewCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2966,7 +2966,7 @@ invalid_signature_server(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "server/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/invalid_cert.pem"),
@@ -3006,7 +3006,7 @@ invalid_signature_client(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "client/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ClientCertFile = proplists:get_value(certfile, ClientOpts),
     NewClientCertFile = filename:join(PrivDir, "client/invalid_cert.pem"),
@@ -3083,7 +3083,7 @@ cert_expired(Config) when is_list(Config) ->
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
     [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
-    Key = public_key:pem_entry_decode(KeyEntry),
+    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/expired_cert.pem"),
@@ -3358,14 +3358,14 @@ der_input_opts(Opts) ->
     Keyfile = proplists:get_value(keyfile, Opts),
     Dhfile = proplists:get_value(dhfile, Opts),
     [{_, Cert, _}] = ssl_test_lib:pem_to_der(Certfile),
-    [{_, Key, _}]  = ssl_test_lib:pem_to_der(Keyfile),
+    [{Asn1Type, Key, _}]  = ssl_test_lib:pem_to_der(Keyfile),
     [{_, DHParams, _}]  = ssl_test_lib:pem_to_der(Dhfile),
     CaCerts =
 	lists:map(fun(Entry) ->
 			  {_, CaCert, _} = Entry,
 			  CaCert
 		  end, ssl_test_lib:pem_to_der(CaCertsfile)),
-    {Cert, {rsa, Key}, CaCerts, DHParams}.
+    {Cert, {Asn1Type, Key}, CaCerts, DHParams}.
 
 %%--------------------------------------------------------------------
 %% different_ca_peer_sign(doc) ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index b7916b96eb..46a8112a41 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -22,6 +22,7 @@
 
 -include("test_server.hrl").
 -include("test_server_line.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
 %% Note: This directive should only be used in test suites.
 -compile(export_all).
@@ -673,3 +674,16 @@ cipher_result(Socket, Result) ->
 
 session_info_result(Socket) ->
     ssl:session_info(Socket).
+
+
+public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?rsaEncryption},
+			     privateKey = Key}) ->
+    public_key:der_decode('RSAPrivateKey', iolist_to_binary(Key));
+
+public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa'},
+			     privateKey = Key}) ->
+    public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
+public_key(Key) ->
+    Key.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 64a6a9eaf8..8ccbb3ffa1 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -109,6 +109,9 @@ special_init(TestCase, Config)
        TestCase == erlang_server_openssl_client_no_wrap_sequence_number ->
     check_sane_openssl_renegotaite(Config);
 
+special_init(ssl2_erlang_server_openssl_client, Config) ->
+    check_sane_openssl_sslv2(Config);
+
 special_init(_, Config) ->
     Config.
     
@@ -1433,3 +1436,11 @@ check_sane_openssl_renegotaite(Config) ->
 	_ ->
 	    Config
     end.
+
+check_sane_openssl_sslv2(Config) ->
+    case os:cmd("openssl version") of
+	"OpenSSL 1.0.0e" ++ _ ->
+	    {skip, "Known option bug"};
+	_ ->
+	    Config
+    end.