aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src
AgeCommit message (Collapse)Author
2016-06-14Merge branch 'legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530'Ingela Anderton Andin
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530: Skip crl_hash_dir_expired test for LibreSSL Add ssl_crl_hash_dir module Function for generating OpenSSL-style name hashes Add public_key:pkix_match_dist_point Improve formatting for crl_{check,cache} options Add issuer arg to ssl_crl_cache_api lookup callback Conflicts: lib/public_key/test/public_key_SUITE.erl
2016-06-03public_key: Support more general name typesIngela Anderton Andin
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-05Function for generating OpenSSL-style name hashesMagnus Henoch
OpenSSL has functions to generate short (eight hex digits) hashes of issuers of certificates and CRLs. These hashes are used by the "c_rehash" script to populate directories of CA certificates and CRLs, e.g. in the Apache web server. Adding this function lets an Erlang program find the right CRL for a given certificate in such a directory.
2016-04-01Add public_key:pkix_match_dist_pointMagnus Henoch
2016-03-15update copyright-yearHenrik Nord
2016-03-10public_key: Handle PEM encoded EC public keysIngela Anderton Andin
Also add missing test for PEM encoded private EC keys.
2016-02-29public_key: An encapsulated PEM header shall be followed by a blank lineIngela Anderton Andin
RFC 1421 Privacy Enhancement for Electronic Mail February 1993 Encapsulated Message Pre-Encapsulation Boundary (Pre-EB) -----BEGIN PRIVACY-ENHANCED MESSAGE----- Encapsulated Header Portion (Contains encryption control fields inserted in plaintext. Examples include "DEK-Info:" and "Key-Info:". Note that, although these control fields have line-oriented representations similar to RFC 822 header fields, the set of fields valid in this context is disjoint from those used in RFC 822 processing.) Blank Line (Separates Encapsulated Header from subsequent Encapsulated Text Portion) Encapsulated Text Portion (Contains message data encoded as specified in Section 4.3.) Post-Encapsulation Boundary (Post-EB) -----END PRIVACY-ENHANCED MESSAGE-----
2015-11-05ssh, public_key: updates after doc reviewHans Nilsson
2015-11-04ssh, public_key: random selection of diffie-hellman moduliHans Nilsson
Also tool (public_key:gen_moduli_hrl) to convert an openssh moduli file to erlang format.
2015-10-16public_key: add/update -spec for ssh functionsHans Nilsson
2015-10-16ssh, public_key: use pubkey encode/decode in app public_keyHans Nilsson
2015-10-16ssh, public_key: Change EC Public Key representation to what was intendedHans Nilsson
2015-10-08public_key: Add ssh2 ECDSA pub key handling + test caseHans Nilsson
Added encode/decode for ecdsa public keys in openssh and rfc4716 format. This is for the ssh public key algorithm ecdsa-sha2-*.
2015-06-18Change license text to APLv2Bruce Yinhe
2015-04-20public_key: Reject bad signatures as early as possibleIngela Anderton Andin
Erlang bitstring type only uses as many bits as required, and does not use padding to create complete bytes as ASN1 compact_bitstring did. crypto:verify/5 will now fail, for some incorrect signatures as it expects complete bytes which an incorrect signature may not have. Instead of catching the failing crypto function and then returning false we check the input and reject it right away.
2015-04-20public_key: Remove legacy switch compact_bit_stringIngela Anderton Andin
* E.I bitstrings will not be decode as {Unused, Binary}, they are now Erlang bitstrings. * Also the compact_bit_string implies the legacy_erlang_types switch - So removing the switch will also make OCTET STRING values be represented as binaries. - Undecoded open type will now be wrapped in a asn1_OPENTYPE tuple. We need to handle this in pubkey_pbe.erl, maybe this can be eliminated later by updating/refreshing ASN1-specs. This will change some values in records returned by the public_key API making this change a potentiall incompatibility.
2015-03-13public_key: dialyzer fixesIngela Anderton Andin
2015-03-09public_key: Improve CRL handling supportIngela Anderton Andin
2014-08-27public_key: Fix spec and documentation for pkix_crls_validateIngela Anderton Andin
2014-08-27public_key: Fix spec and documentation for PBESIngela Anderton Andin
2014-08-25public_key: Add encodeing functionality for PBES1 and PBES2Ingela Anderton Andin
2014-08-22public_key: Add PBES1 decoding supportIngela Anderton Andin
2014-08-08public_key: Correct ASN1-type EcpkParameters in PEM handlingIngela Anderton Andin
2014-03-26ssl, pubkey: Code and test adjustmentsHans Nilsson
2014-03-26Rework IDP validation according to the RFC, fix public_key testsAndrew Thompson
2014-03-26Various improvements to CRL handlingAndrew Thompson
* Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended.
2014-03-25pubkey: Fixed unicode conversionHans Nilsson
2014-03-20Introduce runtime_dependencies in .app filesRickard Green
Most dependencies introduced are exactly the dependencies to other applications found by xref. That is, there might be real dependencies missing. There might also be pure debug dependencies listed that probably should be removed. Each application has to be manually inspected in order to ensure that all real dependencies are listed. All dependencies introduced are to application versions used in OTP 17.0. This since the previously used version scheme wasn't designed for this, and in order to minimize the work of introducing the dependencies.
2014-02-18Fix library application appup filesTobias Schlager
As discussed in issue #240 *all* OTP library applications use the '.*' wildcard as up and down version. This makes library applications always up- and downgradeable. Using the wildcard version obsoletes all maintenance tasks regarding library applications' appup files. Additionally, it prevents upgrade problems caused by automatically included application dependencies when using reltool to create releases. Missing copyright headers are now consistently present.
2014-02-06public_key: Export some dialyzer typesIngela Anderton Andin
Move dilayzer types from include file to erl file and use -export_type
2014-01-13public_key: add brainpool elliptic curves (RFC-5639)Andreas Schultz
2013-12-02Merge branch 'maint'Ingela Anderton Andin
2013-12-02ssl, public_key: Dialyzer fixesIngela Anderton Andin
2013-11-15Merge branch 'maint'Fredrik Gustafsson
2013-11-07public_key: Workaround for incorrectly encoded utf8 emailAddressAndrew Bennett
Author: Daniel Barney <[email protected]> Date: Thu Oct 25 14:33:11 2012 -0600 Most common browsers are lax in thier handling of how the emailAddress field is encoded. RFC 3280 section 4.1.2.6 defines the encoding as IA5String, however browsers will also handle certificates with the emailAddress field encoded as UTF8String. This fix allows the emailAddress to be decoded as both an IA5String and an UTF8String. Reviewed by: Andrew Bennett <[email protected]>
2013-09-02Merge branch 'maint'Fredrik Gustafsson
2013-08-29Allow public_key:pem_entry_decode/2) to handle AES-128-CBC ciphered keysSimon Cornish
Private keys generated by modern versions of ssh-keygen are ciphered with AES-128-CBC instead of DES-EDE3-CBC. Since DES-EDE3-CBC ciphered keys are handled, and the underlying support for AES-128-CBC is already present, it seems a bug of omission that AES-128-CBC ciphered keys are not.
2013-06-12Update copyright yearsBjörn-Egil Dahlberg
2013-06-10Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-06-10Merge branch 'ia/public_key/crypto/prepare-for-release' into maintIngela Anderton Andin
* ia/public_key/crypto/prepare-for-release: public_key & ssl: Add ASN-1 dependency crypto & public_key: prepare for release
2013-06-10Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-06-07public_key & ssl: Add ASN-1 dependencyIngela Anderton Andin
As the ASN-1 application relies on a nif in R16 for decodeing (that was not the case in R15), public_key currently has a runtime dependency on ASN-1. Hopefully we will be able to remove this dependency again in the future.
2013-06-07ssl: Correct rebase mistakesIngela Anderton Andin
2013-05-28Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
Conflicts: bootstrap/lib/stdlib/ebin/beam_lib.beam lib/public_key/test/erl_make_certs.erl
2013-05-24crypto, public_key & ssl: Make more functions accept integer keysSverker Eriksson
2013-05-20crypto,public_key,ssl: Change return value of crypto:generate_key(ecdh,..)Sverker Eriksson
to conform with the return value of the other types.
2013-05-20public_key: Remove use of deprecated crypto functionsIngela Anderton Andin
2013-05-08Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
Conflicts: lib/crypto/doc/src/crypto_app.xml
2013-05-08ssl & public_key: Use standard nameIngela Anderton Andin