From 909d2b4975f4e6b01c70e3577c8be510c7481ff6 Mon Sep 17 00:00:00 2001
From: Simon Cornish <zl9d97p02@sneakemail.com>
Date: Thu, 29 Aug 2013 21:05:50 -0700
Subject: Allow public_key:pem_entry_decode/2) to handle AES-128-CBC ciphered
 keys

Private keys generated by modern versions of ssh-keygen are ciphered
with AES-128-CBC instead of DES-EDE3-CBC.


Since DES-EDE3-CBC ciphered keys are handled, and the underlying
support for AES-128-CBC is already present, it seems a bug of omission
that AES-128-CBC ciphered keys are not.
---
 lib/public_key/src/public_key.erl | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lib/public_key/src/public_key.erl')

diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index cdbfe6e07c..a4b6b8ad15 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -118,6 +118,13 @@ pem_entry_decode({Asn1Type, CryptDer, {Cipher, Salt}} = PemEntry,
 				is_list(Cipher) andalso
 				is_binary(Salt) andalso
 				erlang:byte_size(Salt) == 8 ->
+    do_pem_entry_decode(PemEntry, Password);
+pem_entry_decode({Asn1Type, CryptDer, {"AES-128-CBC"=Cipher, IV}} = PemEntry,
+		 Password) when is_atom(Asn1Type) andalso
+				is_binary(CryptDer) andalso
+				is_list(Cipher) andalso
+				is_binary(IV) andalso
+				erlang:byte_size(IV) == 16 ->
     do_pem_entry_decode(PemEntry, Password).
 
 %%--------------------------------------------------------------------
-- 
cgit v1.2.3