1 files changed, 230 insertions, 2 deletions
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 7d3a85326f..574353ce7a 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2016</year>
+      <year>1999</year><year>2017</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,6 +31,234 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 4.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    LibreSSL can now be used by the modernized crypto app.</p>
+          <p>
+	    Own Id: OTP-14247</p>
+        </item>
+        <item>
+          <p>
+	    Add compile option <c>-compile(no_native)</c> in modules
+	    with <c>on_load</c> directive which is not yet supported
+	    by HiPE.</p>
+          <p>
+	    Own Id: OTP-14316 Aux Id: PR-1390 </p>
+        </item>
+        <item>
+          <p>
+	    Fix a bug in aes cfb128 function introduced by the bug
+	    fix in GitHub pull request <url
+	    href="https://github.com/erlang/otp/pull/1393">#1393</url>.</p>
+          <p>
+	    Own Id: OTP-14435 Aux Id: PR-1462, PR-1393, OTP-14313 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Add basic support for CMAC</p>
+          <p>
+	    Own Id: OTP-13779 Aux Id: ERL-82 PR-1138 </p>
+        </item>
+        <item>
+          <p>
+	    Removed functions deprecated in crypto-3.0 first released
+	    in OTP-R16B01</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-13873</p>
+        </item>
+        <item>
+          <p>
+	    The <c>crypto</c> application now supports OpenSSL 1.1.</p>
+          <p>
+	    Own Id: OTP-13900</p>
+        </item>
+        <item>
+          <p>
+	    Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in
+	    order to satisfy specific security requirements (mostly
+	    by different parts of the US federal government). </p>
+          <p>
+	    See the new crypto users guide "FIPS mode" chapter about
+	    building and using the FIPS support which is disabled by
+	    default.</p>
+          <p>
+	    (Thanks to dszoboszlay and legoscia)</p>
+          <p>
+	    Own Id: OTP-13921 Aux Id: PR-1180 </p>
+        </item>
+        <item>
+          <p>
+	    Crypto chacha20-poly1305 as in RFC 7539 enabled for
+	    OpenSSL >= 1.1.</p>
+          <p>
+	    Thanks to mururu.</p>
+          <p>
+	    Own Id: OTP-14092 Aux Id: PR-1291 </p>
+        </item>
+        <item>
+          <p>
+	    RSA key generation added to <c>crypto:generate_key/2</c>.
+	    Thanks to wiml.</p>
+          <p>
+	    An interface is also added to
+	    <c>public_key:generate_key/1</c>.</p>
+          <p>
+	    Own Id: OTP-14140 Aux Id: ERL-165, PR-1299 </p>
+        </item>
+        <item>
+          <p>
+	    Raised minimum requirement for OpenSSL version to
+	    OpenSSL-0.9.8.c although we recommend a much higher
+	    version, that is a version that is still maintained
+	    officially by the OpenSSL project. Note that using such
+	    an old version may restrict the crypto algorithms
+	    supported.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-14171</p>
+        </item>
+        <item>
+          <p>
+	    Deprecate crypto:rand_uniform/2 as it is not
+	    cryptographically strong</p>
+          <p>
+	    Own Id: OTP-14274</p>
+        </item>
+        <item>
+          <p>
+	    The Crypto application now supports generation of
+	    cryptographically strong random numbers (floats &lt; 1.0
+	    and integer arbitrary ranges) as a plugin to the 'rand'
+	    module.</p>
+          <p>
+	    Own Id: OTP-14317 Aux Id: PR-1372 </p>
+        </item>
+        <item>
+          <p>
+	    This replaces the hard coded test values for AES, CMAC
+	    and GCM ciphers with the full validation set from NIST's
+	    CAVP program.</p>
+          <p>
+	    Own Id: OTP-14436 Aux Id: PR-1396 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Crypto 3.7.4</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix a bug with AES CFB 128 for 192 and 256 bit keys.
+	    Thanks to kellymclaughlin !</p>
+          <p>
+	    Own Id: OTP-14313 Aux Id: PR-1393 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Crypto 3.7.3</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The implementation of the key exchange algorithms
+	    diffie-hellman-group-exchange-sha* are optimized, up to a
+	    factor of 11 for the slowest ( = biggest and safest)
+	    group size.</p>
+          <p>
+	    Own Id: OTP-14169 Aux Id: seq-13261 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Crypto 3.7.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    The crypto application has been fixed to not use RC2
+	    against OpenSSL built with RC2 disabled.</p>
+          <p>
+	    Own Id: OTP-13895 Aux Id: PR-1163 </p>
+        </item>
+        <item>
+          <p>
+	    The crypto application has been fixed to not use RC4
+	    against OpenSSL built with RC4 disabled.</p>
+          <p>
+	    Own Id: OTP-13896 Aux Id: PR-1169 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    To ease troubleshooting, <c>erlang:load_nif/2</c> now
+	    includes the return value from a failed call to
+	    load/reload/upgrade in the text part of the error tuple.
+	    The <c>crypto</c> NIF makes use of this feature by
+	    returning the source line where/if the initialization
+	    fails.</p>
+          <p>
+	    Own Id: OTP-13951</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Crypto 3.7.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Crypto has been fixed to work against OpenSSL versions
+	    with disabled DES ciphers. Correct spelling of cipher
+	    algorithm 'des3_cfb' has been introduced; the previous
+	    misspeling still works.</p>
+          <p>
+	    Own Id: OTP-13783 Aux Id: ERL-203 </p>
+        </item>
+        <item>
+          <p>
+	    The size of an internal array in crypto has been fixed to
+	    not segfault when having all possible ciphers. Bug fix by
+	    Duncan Overbruck.</p>
+          <p>
+	    Own Id: OTP-13789 Aux Id: PR-1140 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 3.7</title>
 
     <section><title>Improvements and New Features</title>
@@ -815,7 +1043,7 @@
 	    also been extended. </item><item> The <c>configure</c>
 	    scripts of <c>erl_interface</c> and <c>odbc</c> now
 	    search for thread libraries and thread library quirks the
-	    same way as <c>erts</c> do. </item><item> The
+	    same way as ERTS do. </item><item> The
 	    <c>configure</c> script of the <c>odbc</c> application
 	    now also looks for odbc libraries in <c>lib64</c> and
 	    <c>lib/64</c> directories when building on a 64-bit