Merge branch 'nick/ssh_crypto/strengthened_random/OTP-9225' into maint-r14

* nick/ssh_crypto/strengthened_random/OTP-9225:
  Renamed the function strong_rand_uniform to strong_rand_mpint. Added some checks in crypto.erl and crypto.c. Changed ssh_bits to use strong_rand_mpint.
  Fixed SSH appup, copyright headers SSH vsn and SSH release note.
  Adds NIFs for cryptographically strong random number generation. Also adds documentation and unit tests.

2 files changed, 57 insertions, 2 deletions

diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index c407350c47..dd40378f29 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1999</year><year>2010</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -615,6 +615,21 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
     <func>
+      <name>strong_rand_bytes(N) -> binary()</name>
+      <fsummary>Generate a binary of random bytes</fsummary>
+      <type>
+        <v>N = integer()</v>
+      </type>
+      <desc>
+        <p>Generates N bytes randomly uniform 0..255, and returns the
+        result in a binary. Uses a cryptographically secure prng seeded and
+        periodically mixed with operating system provided entropy. By default
+        this is the <c>RAND_bytes</c> method from OpenSSL.</p>
+	<p>May throw exception <c>low_entropy</c> in case the random generator
+	failed due to lack of secure "randomness".</p>
+      </desc>
+    </func>
+    <func>
       <name>rand_uniform(Lo, Hi) -> N</name>
       <fsummary>Generate a random number</fsummary>
       <type>
@@ -629,6 +644,31 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
     <func>
+      <name>strong_rand_mpint(N, Top, Bottom) -> Mpint</name>
+      <fsummary>Generate an N bit random number</fsummary>
+      <type>
+        <v>N = non_neg_integer()</v>
+        <v>Top = -1 | 0 | 1</v>
+        <v>Bottom = 0 | 1</v>
+        <v>Mpint = binary()</v>
+      </type>
+      <desc>
+        <p>Generate an N bit random number using OpenSSL's
+        cryptographically strong pseudo random number generator
+        <c>BN_rand</c>.</p>
+        <p>The parameter <c>Top</c> places constraints on the most
+        significant bits of the generated number. If <c>Top</c> is 1, then the
+        two most significant bits will be set to 1, if <c>Top</c> is 0, the
+        most significant bit will be 1, and if <c>Top</c> is -1 then no
+        constraints are applied and thus the generated number may be less than
+        N bits long.</p>
+        <p>If <c>Bottom</c> is 1, then the generated number is
+        constrained to be odd.</p>
+	<p>May throw exception <c>low_entropy</c> in case the random generator
+	failed due to lack of secure "randomness".</p>
+      </desc>
+    </func>
+    <func>
       <name>mod_exp(N, P, M) -> Result</name>
       <fsummary>Perform N ^ P mod M</fsummary>
       <type>
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 5e9bda3920..ab1ffa9e5c 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2010</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 2.0.2.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Strengthened random number generation. (Thanks to Geoff Cant)</p>
+          <p>
+	    Own Id: OTP-9225</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 2.0.2.1</title>
 
     <section><title>Improvements and New Features</title>