4 files changed, 54 insertions, 24 deletions

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 61a1239d26..12c61e158f 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -1187,6 +1187,8 @@ sign_algorithm(#'ECPrivateKey'{parameters = Parms}, Opts) ->
                           parameters = Parms}.
 rsa_digest_oid(sha1) ->
     ?'sha1WithRSAEncryption';
+rsa_digest_oid(sha) ->
+    ?'sha1WithRSAEncryption';
 rsa_digest_oid(sha512) ->
     ?'sha512WithRSAEncryption';
 rsa_digest_oid(sha384) ->
@@ -1198,6 +1200,8 @@ rsa_digest_oid(md5) ->
 
 ecdsa_digest_oid(sha1) ->
     ?'ecdsa-with-SHA1';
+ecdsa_digest_oid(sha) ->
+    ?'ecdsa-with-SHA1';
 ecdsa_digest_oid(sha512) ->
     ?'ecdsa-with-SHA512';
 ecdsa_digest_oid(sha384) ->
diff --git a/lib/public_key/src/pubkey_pbe.erl b/lib/public_key/src/pubkey_pbe.erl
index 806f7c5b0f..e6bcedd1b1 100644
--- a/lib/public_key/src/pubkey_pbe.erl
+++ b/lib/public_key/src/pubkey_pbe.erl
@@ -42,15 +42,14 @@
 encode(Data, Password, "DES-CBC" = Cipher, KeyDevParams) ->
     {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
     crypto:block_encrypt(des_cbc, Key, IV, pbe_pad(Data, KeyDevParams));
-
 encode(Data, Password, "DES-EDE3-CBC" = Cipher, KeyDevParams) ->
     {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
     <<Key1:8/binary, Key2:8/binary, Key3:8/binary>> = Key,
     crypto:block_encrypt(des3_cbc, [Key1, Key2, Key3], IV, pbe_pad(Data));
-
 encode(Data, Password, "RC2-CBC" = Cipher, KeyDevParams) ->
     {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
     crypto:block_encrypt(rc2_cbc, Key, IV, pbe_pad(Data, KeyDevParams)).
+
 %%--------------------------------------------------------------------
 -spec decode(binary(), string(), string(), term()) -> binary().
 %%
@@ -59,21 +58,20 @@ encode(Data, Password, "RC2-CBC" = Cipher, KeyDevParams) ->
 decode(Data, Password,"DES-CBC"= Cipher, KeyDevParams) ->
     {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
     crypto:block_decrypt(des_cbc, Key, IV, Data);
-
 decode(Data, Password,"DES-EDE3-CBC" = Cipher, KeyDevParams) ->
     {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
     <<Key1:8/binary, Key2:8/binary, Key3:8/binary>> = Key,
     crypto:block_decrypt(des3_cbc, [Key1, Key2, Key3], IV, Data);
-
 decode(Data, Password,"RC2-CBC"= Cipher, KeyDevParams) ->
     {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
     crypto:block_decrypt(rc2_cbc, Key, IV, Data);
+decode(Data, Password,"AES-128-CBC"= Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    crypto:block_decrypt(aes_cbc128, Key, IV, Data);
+decode(Data, Password,"AES-256-CBC"= Cipher, KeyDevParams) ->
+    {Key, IV} = password_to_key_and_iv(Password, Cipher, KeyDevParams),
+    crypto:block_decrypt(aes_cbc256, Key, IV, Data).
 
-decode(Data, Password,"AES-128-CBC"= Cipher, IV) ->
-    %% PKCS5_SALT_LEN is 8 bytes
-    <<Salt:8/binary,_/binary>> = IV,
-    {Key, _} = password_to_key_and_iv(Password, Cipher, Salt),
-    crypto:block_decrypt(aes_cbc128, Key, IV, Data).
 
 %%--------------------------------------------------------------------
 -spec pbdkdf1(string(), iodata(), integer(), atom()) -> binary().
@@ -131,13 +129,15 @@ password_to_key_and_iv(Password, _Cipher, {#'PBEParameter'{salt = Salt,
     <<Key:8/binary, IV:8/binary, _/binary>> 
 	= pbdkdf1(Password, Salt, Count, Hash),
     {Key, IV};
-password_to_key_and_iv(Password, Cipher, Salt) ->
- KeyLen = derived_key_length(Cipher, undefined),
+password_to_key_and_iv(Password, Cipher, KeyDevParams) ->
+    %% PKCS5_SALT_LEN is 8 bytes
+    <<Salt:8/binary,_/binary>> = KeyDevParams,
+    KeyLen = derived_key_length(Cipher, undefined),
     <<Key:KeyLen/binary, _/binary>> = 
 	pem_encrypt(<<>>, Password, Salt, ceiling(KeyLen div 16), <<>>, md5),
     %% Old PEM encryption does not use standard encryption method
-    %% pbdkdf1 and uses then salt as IV 
-    {Key, Salt}.
+    %% pbdkdf1 
+    {Key, KeyDevParams}.
 pem_encrypt(_, _, _, 0, Acc, _) ->
     Acc;
 pem_encrypt(Prev, Password, Salt, Count, Acc, Hash) ->
@@ -267,7 +267,9 @@ derived_key_length(Cipher,_) when (Cipher == ?'des-EDE3-CBC') or
 				  (Cipher == "DES-EDE3-CBC") ->
     24;
 derived_key_length(Cipher,_) when (Cipher == "AES-128-CBC") ->
-    16.
+    16;
+derived_key_length(Cipher,_) when (Cipher == "AES-256-CBC") ->
+    32.
 
 cipher(#'PBES2-params_encryptionScheme'{algorithm = ?'desCBC'}) ->
     "DES-CBC";
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index d7e5bc3ad8..0fd1453f7c 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -101,10 +101,10 @@ encode_pem_entry({'PrivateKeyInfo', Der, EncParams}) ->
     EncDer = encode_encrypted_private_keyinfo(Der, EncParams),
     StartStr = pem_start('EncryptedPrivateKeyInfo'),
     [StartStr, "\n", b64encode_and_split(EncDer), "\n", pem_end(StartStr) ,"\n\n"];
-encode_pem_entry({Type, Der, {Cipher, Salt}}) ->
+encode_pem_entry({Type, Decrypted, {Cipher, Salt}}) ->
     StartStr = pem_start(Type),
     [StartStr,"\n", pem_decrypt(),"\n", pem_decrypt_info(Cipher, Salt),"\n\n",
-     b64encode_and_split(Der), "\n", pem_end(StartStr) ,"\n\n"].
+     b64encode_and_split(Decrypted), "\n", pem_end(StartStr) ,"\n\n"].
 
 decode_pem_entries([], Entries) ->
     lists:reverse(Entries);
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 47c5dbb95a..47266c514c 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -112,6 +112,7 @@
 -type ssh_file()             :: openssh_public_key | rfc4716_public_key | known_hosts |
 				auth_keys.
 -type digest_type()          :: none % None is for backwards compatibility
+                              | sha1 % Backwards compatibility
                               | crypto:rsa_digest_type()
                               | crypto:dss_digest_type()
                               | crypto:ecdsa_digest_type().
@@ -406,8 +407,7 @@ decrypt_private(CipherText,
 		Options)
   when is_binary(CipherText),
        is_list(Options) ->
-    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding),
-    crypto:private_decrypt(rsa, CipherText, format_rsa_private_key(Key), Padding).
+    crypto:private_decrypt(rsa, CipherText, format_rsa_private_key(Key), default_options(Options)).
 
 %%--------------------------------------------------------------------
 %% Description: Public key decryption using the public key.
@@ -428,8 +428,7 @@ decrypt_public(CipherText, Key) ->
                                      PlainText :: binary() .
 decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, 
 	       Options) when is_binary(CipherText), is_list(Options)  ->
-    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding),
-    crypto:public_decrypt(rsa, CipherText,[E, N], Padding).
+    crypto:public_decrypt(rsa, CipherText,[E, N], default_options(Options)).
 
 %%--------------------------------------------------------------------
 %% Description: Public key encryption using the public key.
@@ -451,8 +450,7 @@ encrypt_public(PlainText, Key) ->
                                        CipherText :: binary() .
 encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E}, 
 	       Options) when is_binary(PlainText), is_list(Options) ->
-    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding),
-    crypto:public_encrypt(rsa, PlainText, [E,N], Padding).
+    crypto:public_encrypt(rsa, PlainText, [E,N], default_options(Options)).
 
 %%--------------------------------------------------------------------
 %%
@@ -480,8 +478,7 @@ encrypt_private(PlainText,
   when is_binary(PlainText),
        is_integer(N), is_integer(E), is_integer(D),
        is_list(Options) ->
-    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding),
-    crypto:private_encrypt(rsa, PlainText, format_rsa_private_key(Key), Padding).
+    crypto:private_encrypt(rsa, PlainText, format_rsa_private_key(Key), default_options(Options)).
 
 %%--------------------------------------------------------------------
 %% Description: List available group sizes among the pre-computed dh groups
@@ -1234,6 +1231,33 @@ pkix_test_root_cert(Name, Opts) ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
+default_options([]) ->
+    [{rsa_padding, rsa_pkcs1_padding}];
+default_options(Opts) ->
+    case proplists:get_value(rsa_pad, Opts) of
+        undefined ->
+            case proplists:get_value(rsa_padding, Opts) of
+                undefined ->
+                    case lists:dropwhile(fun erlang:is_tuple/1, Opts) of
+                        [Pad|_] ->
+                            set_padding(Pad, Opts);
+                        [] ->
+                            set_padding(rsa_pkcs1_padding, Opts)
+                    end;
+                Pad ->
+                    set_padding(Pad, Opts)
+            end;
+        Pad ->
+            set_padding(Pad, Opts)
+    end.
+
+set_padding(Pad, Opts) ->
+    [{rsa_padding,Pad} | [{T,V} || {T,V} <- Opts,
+                                   T =/= rsa_padding,
+                                   T =/= rsa_pad]
+    ].
+
+
 format_sign_key(Key = #'RSAPrivateKey'{}) ->
     {rsa, format_rsa_private_key(Key)};
 format_sign_key(#'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->