diff options
Diffstat (limited to 'lib/crypto/doc/src/notes.xml')
| -rw-r--r-- | lib/crypto/doc/src/notes.xml | 574 |
1 files changed, 573 insertions, 1 deletions
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml index 887aeca680..c0b302734e 100644 --- a/lib/crypto/doc/src/notes.xml +++ b/lib/crypto/doc/src/notes.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>1999</year><year>2016</year> + <year>1999</year><year>2018</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -31,6 +31,578 @@ </header> <p>This document describes the changes made to the Crypto application.</p> +<section><title>Crypto 4.4.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fixes a bug that caused <c>crypto:sign</c> and + <c>crypto:verify</c> to return the error message + <c>badarg</c> instead of <c>notsup</c> in one case. That + case was when signing or verifying with eddsa keys (that + is, ed15519 or ed448), but only when FIPS was supported + and enabled.</p> + <p> + Own Id: OTP-15634</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Added a crypto benchmark test suite.</p> + <p> + Own Id: OTP-15447</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.4</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Updated the RSA options part in the crypto application's + C-code, documentation and tests.</p> + <p> + Own Id: OTP-15302</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Added ed25519 and ed448 sign/verify.</p> + <p> + Requires OpenSSL 1.1.1 or higher as cryptolib under the + OTP application <c>crypto</c>.</p> + <p> + Own Id: OTP-15419 Aux Id: OTP-15094 </p> + </item> + <item> + <p> + Fixed valgrind warnings.</p> + <p> + Own Id: OTP-15467</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.3.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + The RSA options <c>rsa_mgf1_md</c>, <c>rsa_oaep_md</c>, + and <c>rsa_oaep_label</c> were always disabled. They will + now be enabled when a suitable cryptolib is used.</p> + <p> + They are still experimental and may change without prior + notice.</p> + <p> + Own Id: OTP-15212 Aux Id: ERL-675, PR1899, PR838 </p> + </item> + <item> + <p> + The ciphers <c>aes_ige256</c> and <c>blowfish_cbc</c> had + naming issues in <c>crypto:next_iv/2</c>.</p> + <p> + Own Id: OTP-15283</p> + </item> + <item> + <p> + the <c>RSA_SSLV23_PADDING</c> is disabled if LibreSSL is + used as cryptlib. This is due to compilation problems.</p> + <p> + This will be investigated further in the future.</p> + <p> + Own Id: OTP-15303</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + The supported named elliptic curves are now reported in + <c>crypto:supports/0</c> in a new entry tagged by + <c>'curves'</c>.</p> + <p> + The function <c>crypto:ec_curves/0</c> is kept for + compatibility.</p> + <p> + Own Id: OTP-14717 Aux Id: OTP-15244 </p> + </item> + <item> + <p> + The typing in the CRYPTO and PUBLIC_KEY applications are + reworked and a few mistakes are corrected.</p> + <p> + The documentation is now generated from the typing and + some clarifications are made.</p> + <p> + A new chapter on Algorithm Details such as key sizes and + availability is added to the CRYPTO User's Guide.</p> + <p> + Own Id: OTP-15134</p> + </item> + <item> + <p> + Support for SHA3 both as a separate hash and in HMAC is + now available if OpenSSL 1.1.1 or higher is used as + cryptolib.</p> + <p> + Available lengths are reported in the <c>'hashs'</c> + entry in <c>crypto:supports/0</c> as <c>sha3_*</c>.</p> + <p> + Own Id: OTP-15153</p> + </item> + <item> + <p> + The mac algorithm <c>poly1305</c> and the cipher + algorithm <c>chacha20</c> are now supported if OpenSSL + 1.1.1 or higher is used as cryptolib.</p> + <p> + Own Id: OTP-15164 Aux Id: OTP-15209 </p> + </item> + <item> + <p> + The key exchange Edward curves <c>x25519</c> and + <c>x448</c> are now supported if OpenSSL 1.1.1 or higher + is used as cryptolib.</p> + <p> + Own Id: OTP-15240 Aux Id: OTP-15133 </p> + </item> + <item> + <p> + The supported RSA options for sign/verify and + encrypt/decrypt are now reported in + <c>crypto:supports/0</c> in a new entry tagged by + '<c>rsa_opts</c>'.</p> + <p> + The exakt set is still experimental and may change + without prior notice.</p> + <p> + Own Id: OTP-15260</p> + </item> + <item> + <p> + The cipher <c>aes_ccm</c> is added.</p> + <p> + Own Id: OTP-15286</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.3.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> Update the crypto engine functions to handle multiple + loads of an engine. </p> <p><c>engine_load/3/4</c> is + updated so it doesn't add the engine ID to OpenSSLs + internal list of engines which makes it possible to run + the engine_load more than once if it doesn't contain + global data.</p> <p>Added <c>ensure_engine_loaded/2/3</c> + which guarantees that the engine just is loaded once and + the following calls just returns a reference to it. This + is done by add the ID to the internal OpenSSL list and + check if it is already registered when the function is + called.</p> <p>Added <c>ensure_engine_unloaded/1/2</c> to + unload engines loaded with ensure_engine_loaded.</p> + <p>Then some more utility functions are added.</p> + <p><c>engine_add/1</c>, adds the engine to OpenSSL + internal list</p> <p><c>engine_remove/1</c>, remove the + engine from OpenSSL internal list</p> + <p><c>engine_get_id/1</c>, fetch the engines id</p> + <p><c>engine_get_name/1</c>, fetch the engine name</p> + <p> + Own Id: OTP-15233</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.3.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p>Fixed a node crash in <c>crypto:compute_key(ecdh, + ...)</c> when passing a wrongly typed Others + argument.</p> + <p> + Own Id: OTP-15194 Aux Id: ERL-673 </p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Removed two undocumented and erroneous functions + (<c>crypto:dh_generate_parameters/2</c> and + <c>crypto:dh_check/1</c>).</p> + <p> + Own Id: OTP-14956 Aux Id: ERL-579 </p> + </item> + <item> + <p> + Fixed bug causing VM crash if doing runtime upgrade of a + crypto module built against OpenSSL older than 0.9.8h. + Bug exists since OTP-20.2.</p> + <p> + Own Id: OTP-15088</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + A new <c>rand</c> plugin algorithm has been implemented + in <c>crypto</c>, that is: <c>crypto_cache</c>. It uses + strong random bytes as randomness source and caches them + to get good speed. See <c>crypto:rand_seed_alg/1</c>.</p> + <p> + Own Id: OTP-13370 Aux Id: PR-1573 </p> + </item> + <item> + <p> + Diffie-Hellman key functions are re-written with the + EVP_PKEY api.</p> + <p> + Own Id: OTP-14864</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.2.2.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p>Fixed a node crash in <c>crypto:compute_key(ecdh, + ...)</c> when passing a wrongly typed Others + argument.</p> + <p> + Own Id: OTP-15194 Aux Id: ERL-673 </p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.2.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + If OPENSSL_NO_EC was set, the compilation of the crypto + nifs failed.</p> + <p> + Own Id: OTP-15073</p> + </item> + <item> + <p> + C-compile errors for LibreSSL 2.7.0 - 2.7.2 fixed</p> + <p> + Own Id: OTP-15074 Aux Id: ERL-618 </p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.2.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fix build error caused by removed RSA padding functions + in LibreSSL >= 2.6.1</p> + <p> + Own Id: OTP-14873</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + The compatibility function <c>void HMAC_CTX_free</c> in + <c>crypto.c</c> erroneously tried to return a value.</p> + <p> + Own Id: OTP-14720</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Rewrite public and private key encode/decode with EVP + api. New RSA padding options added. This is a modified + half of PR-838.</p> + <p> + Own Id: OTP-14446</p> + </item> + <item> + <p> + The crypto API is extended to use private/public keys + stored in an Engine for sign/verify or encrypt/decrypt + operations.</p> + <p> + The ssl application provides an API to use this new + engine concept in TLS.</p> + <p> + Own Id: OTP-14448</p> + </item> + <item> + <p> Add support to plug in alternative implementations + for some or all of the cryptographic operations supported + by the OpenSSL Engine API. When configured appropriately, + OpenSSL calls the engine's implementation of these + operations instead of its own. </p> + <p> + Own Id: OTP-14567</p> + </item> + <item> + <p> + Replaced a call of the OpenSSL deprecated function + <c>DH_generate_parameters</c> in <c>crypto.c</c>.</p> + <p> + Own Id: OTP-14639</p> + </item> + <item> + <p> + Documentation added about how to use keys stored in an + Engine.</p> + <p> + Own Id: OTP-14735 Aux Id: OTP-14448 </p> + </item> + <item> + <p> Add engine_ ctrl_cmd_string/3,4 the OpenSSL Engine + support in crypto. </p> + <p> + Own Id: OTP-14801</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p>On macOS, <c>crypto</c> would crash if <c>observer</c> + had been started before <c>crypto</c>. On the beta for + macOS 10.13 (High Sierra), <c>crypto</c> would crash. + Both of those bugs have been fixed.</p> + <p> + Own Id: OTP-14499 Aux Id: ERL-251 ERL-439 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Extend crypto:sign, crypto:verify, public_key:sign and + public_key:verify with:</p> + <p> + * support for RSASSA-PS padding for signatures and for + saltlength setting<br/> * X9.31 RSA padding.<br/> * sha, + sha224, sha256, sha384, and sha512 for dss signatures as + mentioned in NIST SP 800-57 Part 1.<br/> * ripemd160 to + be used for rsa signatures.</p> + <p> + This is a manual merge of half of the pull request 838 by + potatosalad from Sept 2015.</p> + <p> + Own Id: OTP-13704 Aux Id: PR838 </p> + </item> + <item> + <p> + A new tuple in <c>crypto:supports/0</c> reports supported + MAC algorithms.</p> + <p> + Own Id: OTP-14504</p> + </item> + </list> + </section> + +</section> + +<section><title>Crypto 4.0</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + LibreSSL can now be used by the modernized crypto app.</p> + <p> + Own Id: OTP-14247</p> + </item> + <item> + <p> + Add compile option <c>-compile(no_native)</c> in modules + with <c>on_load</c> directive which is not yet supported + by HiPE.</p> + <p> + Own Id: OTP-14316 Aux Id: PR-1390 </p> + </item> + <item> + <p> + Fix a bug in aes cfb128 function introduced by the bug + fix in GitHub pull request <url + href="https://github.com/erlang/otp/pull/1393">#1393</url>.</p> + <p> + Own Id: OTP-14435 Aux Id: PR-1462, PR-1393, OTP-14313 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Add basic support for CMAC</p> + <p> + Own Id: OTP-13779 Aux Id: ERL-82 PR-1138 </p> + </item> + <item> + <p> + Removed functions deprecated in crypto-3.0 first released + in OTP-R16B01</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-13873</p> + </item> + <item> + <p> + The <c>crypto</c> application now supports OpenSSL 1.1.</p> + <p> + Own Id: OTP-13900</p> + </item> + <item> + <p> + Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in + order to satisfy specific security requirements (mostly + by different parts of the US federal government). </p> + <p> + See the new crypto users guide "FIPS mode" chapter about + building and using the FIPS support which is disabled by + default.</p> + <p> + (Thanks to dszoboszlay and legoscia)</p> + <p> + Own Id: OTP-13921 Aux Id: PR-1180 </p> + </item> + <item> + <p> + Crypto chacha20-poly1305 as in RFC 7539 enabled for + OpenSSL >= 1.1.</p> + <p> + Thanks to mururu.</p> + <p> + Own Id: OTP-14092 Aux Id: PR-1291 </p> + </item> + <item> + <p> + RSA key generation added to <c>crypto:generate_key/2</c>. + Thanks to wiml.</p> + <p> + An interface is also added to + <c>public_key:generate_key/1</c>.</p> + <p> + Own Id: OTP-14140 Aux Id: ERL-165, PR-1299 </p> + </item> + <item> + <p> + Raised minimum requirement for OpenSSL version to + OpenSSL-0.9.8.c although we recommend a much higher + version, that is a version that is still maintained + officially by the OpenSSL project. Note that using such + an old version may restrict the crypto algorithms + supported.</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-14171</p> + </item> + <item> + <p> + Deprecate crypto:rand_uniform/2 as it is not + cryptographically strong</p> + <p> + Own Id: OTP-14274</p> + </item> + <item> + <p> + The Crypto application now supports generation of + cryptographically strong random numbers (floats < 1.0 + and integer arbitrary ranges) as a plugin to the 'rand' + module.</p> + <p> + Own Id: OTP-14317 Aux Id: PR-1372 </p> + </item> + <item> + <p> + This replaces the hard coded test values for AES, CMAC + and GCM ciphers with the full validation set from NIST's + CAVP program.</p> + <p> + Own Id: OTP-14436 Aux Id: PR-1396 </p> + </item> + </list> + </section> + +</section> + <section><title>Crypto 3.7.4</title> <section><title>Fixed Bugs and Malfunctions</title> |