aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/doc/src/notes.xml
diff options
context:
space:
mode:
Diffstat (limited to 'lib/crypto/doc/src/notes.xml')
-rw-r--r--lib/crypto/doc/src/notes.xml411
1 files changed, 409 insertions, 2 deletions
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 21ce2891dc..5f47981855 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -4,7 +4,7 @@
<chapter>
<header>
<copyright>
- <year>1999</year><year>2017</year>
+ <year>1999</year><year>2018</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
@@ -31,11 +31,355 @@
</header>
<p>This document describes the changes made to the Crypto application.</p>
-<section><title>Crypto 4.2.2.2</title>
+<section><title>Crypto 4.5.1</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ The cipher aes-ctr was disabled by misstake in
+ crypto:supports for cryptolibs before 1.0.1. It worked
+ however in the encrypt and decrypt functions.</p>
+ <p>
+ Own Id: OTP-15829</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Crypto 4.5</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Fixed a bug in error return for <c>crypto:poly1305/2</c>.
+ It returned the atom <c>notsup</c> instead of the
+ exception <c>notsup</c>.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-15677</p>
+ </item>
+ <item>
+ <p>
+ The cipher chacha20 was introduced in OpenSSL 1.1.0.
+ However, it could in a very odd situation, fail for
+ versions less than OpenSSL 1.1.0d. It is therefore
+ disabled for those versions.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-15678</p>
+ </item>
+ </list>
+ </section>
+
<section><title>Improvements and New Features</title>
<list>
<item>
+ <p> A new <c>rand</c> module algorithm, <c>exro928ss</c>
+ (Xoroshiro928**), has been implemented. It has got a
+ really long period and good statistical quality for all
+ output bits, while still being only about 50% slower than
+ the default algorithm. </p><p> The same generator is also
+ used as a long period counter in a new <c>crypto</c>
+ plugin for the <c>rand</c> module, algorithm
+ <c>crypto_aes</c>. This plugin uses AES-256 to scramble
+ the counter which buries any detectable statistical
+ artifacts. Scrambling is done in chunks which are cached
+ to get good amortized speed (about half of the default
+ algorithm). </p>
+ <p>
+ Own Id: OTP-14461 Aux Id: PR-1857 </p>
+ </item>
+ <item>
+ <p>
+ Crypto's single C-file is split into multiple files. The
+ different coding styles in the different parts are
+ unified into a single style.</p>
+ <p>
+ Own Id: OTP-14732 Aux Id: PR-2068, PR-2095 </p>
+ </item>
+ <item>
+ <p>
+ Build configuration of the <c>crypto</c> application has
+ been moved from the <c>erts</c> application into the
+ <c>crypto</c> application.</p>
+ <p>
+ Own Id: OTP-15129</p>
+ </item>
+ <item>
+ <p>
+ Adds two hash functions <c>blake2b</c> and <c>blake2s</c>
+ (64 bit hash and 32 bit hash respectively). These are
+ modern and standard hash functions used in blockchains
+ and encrypted communication protocols. The hash functions
+ are available in OpenSSL since version 1.1.1.</p>
+ <p>
+ Own Id: OTP-15564 Aux Id: PR-2129 </p>
+ </item>
+ <item>
+ <p>
+ A new API is implemented in crypto. See the CRYPTO user's
+ guide, chapter <i>New and Old API</i> for more
+ information.</p>
+ <p>
+ The old api with the <c>crypto:block_*</c> and
+ <c>crypto:stream_*</c> interfaces are kept for
+ compatibility, but implemented with the new api. Please
+ note that since the error checking is more thorough,
+ there <i>might</i> be arguments with for example faulty
+ lengths that are no longer accepted.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-15644 Aux Id: OTP-14732 , OTP-15451, PR-1857
+ , PR-2068, PR-2095 </p>
+ </item>
+ <item>
+ <p>
+ The new hash_info/1 and cipher_info/1 functions returns
+ maps with information about the hash or cipher in the
+ argument.</p>
+ <p>
+ Own Id: OTP-15655 Aux Id: PR-2173, ERL-864, PR-2186 </p>
+ </item>
+ <item>
+ <p>
+ Obey additional OpenSSL configure flags when compiling
+ the C-part of the CRYPTO application: <c>no-bf</c>,
+ <c>no-blake2</c>, <c>no-chacha</c>, <c>no-cmac</c>,
+ <c>no-dh</c>, <c>no-dsa</c>, <c>no-md4</c>,
+ <c>no-poly1305</c>, <c>no-rc2</c>, <c>no-rc4</c> and
+ <c>no-rmd160</c>.</p>
+ <p>
+ Own Id: OTP-15683</p>
+ </item>
+ <item>
+ <p>
+ A new function <c>crypto:supports/1</c> is introduced.
+ The single argument takes an atom as argument:
+ <c>hashes</c>, <c>public_keys</c>, <c>ciphers</c>,
+ <c>macs</c>, <c>curves</c> or <c>rsa_opts</c>. The return
+ value is a list of supported algorithms.</p>
+ <p>
+ The difference with the existing <c>crypto:supports/0</c>
+ is, apart from the argument and the return value, that
+ the old function reports what is supported by the old
+ api, and the new function reports algorithms in the new
+ api.</p>
+ <p>
+ Own Id: OTP-15771</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Crypto 4.4.2</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Fixed build link error on Windows. Unresolved symbol
+ 'bcmp'.</p>
+ <p>
+ Own Id: OTP-15750 Aux Id: ERL-905 </p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Crypto 4.4.1</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Fixes a bug that caused <c>crypto:sign</c> and
+ <c>crypto:verify</c> to return the error message
+ <c>badarg</c> instead of <c>notsup</c> in one case. That
+ case was when signing or verifying with eddsa keys (that
+ is, ed15519 or ed448), but only when FIPS was supported
+ and enabled.</p>
+ <p>
+ Own Id: OTP-15634</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Added a crypto benchmark test suite.</p>
+ <p>
+ Own Id: OTP-15447</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Crypto 4.4</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Updated the RSA options part in the crypto application's
+ C-code, documentation and tests.</p>
+ <p>
+ Own Id: OTP-15302</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Added ed25519 and ed448 sign/verify.</p>
+ <p>
+ Requires OpenSSL 1.1.1 or higher as cryptolib under the
+ OTP application <c>crypto</c>.</p>
+ <p>
+ Own Id: OTP-15419 Aux Id: OTP-15094 </p>
+ </item>
+ <item>
+ <p>
+ Fixed valgrind warnings.</p>
+ <p>
+ Own Id: OTP-15467</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Crypto 4.3.3</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ The RSA options <c>rsa_mgf1_md</c>, <c>rsa_oaep_md</c>,
+ and <c>rsa_oaep_label</c> were always disabled. They will
+ now be enabled when a suitable cryptolib is used.</p>
+ <p>
+ They are still experimental and may change without prior
+ notice.</p>
+ <p>
+ Own Id: OTP-15212 Aux Id: ERL-675, PR1899, PR838 </p>
+ </item>
+ <item>
+ <p>
+ The ciphers <c>aes_ige256</c> and <c>blowfish_cbc</c> had
+ naming issues in <c>crypto:next_iv/2</c>.</p>
+ <p>
+ Own Id: OTP-15283</p>
+ </item>
+ <item>
+ <p>
+ the <c>RSA_SSLV23_PADDING</c> is disabled if LibreSSL is
+ used as cryptlib. This is due to compilation problems.</p>
+ <p>
+ This will be investigated further in the future.</p>
+ <p>
+ Own Id: OTP-15303</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ The supported named elliptic curves are now reported in
+ <c>crypto:supports/0</c> in a new entry tagged by
+ <c>'curves'</c>.</p>
+ <p>
+ The function <c>crypto:ec_curves/0</c> is kept for
+ compatibility.</p>
+ <p>
+ Own Id: OTP-14717 Aux Id: OTP-15244 </p>
+ </item>
+ <item>
+ <p>
+ The typing in the CRYPTO and PUBLIC_KEY applications are
+ reworked and a few mistakes are corrected.</p>
+ <p>
+ The documentation is now generated from the typing and
+ some clarifications are made.</p>
+ <p>
+ A new chapter on Algorithm Details such as key sizes and
+ availability is added to the CRYPTO User's Guide.</p>
+ <p>
+ Own Id: OTP-15134</p>
+ </item>
+ <item>
+ <p>
+ Support for SHA3 both as a separate hash and in HMAC is
+ now available if OpenSSL 1.1.1 or higher is used as
+ cryptolib.</p>
+ <p>
+ Available lengths are reported in the <c>'hashs'</c>
+ entry in <c>crypto:supports/0</c> as <c>sha3_*</c>.</p>
+ <p>
+ Own Id: OTP-15153</p>
+ </item>
+ <item>
+ <p>
+ The mac algorithm <c>poly1305</c> and the cipher
+ algorithm <c>chacha20</c> are now supported if OpenSSL
+ 1.1.1 or higher is used as cryptolib.</p>
+ <p>
+ Own Id: OTP-15164 Aux Id: OTP-15209 </p>
+ </item>
+ <item>
+ <p>
+ The key exchange Edward curves <c>x25519</c> and
+ <c>x448</c> are now supported if OpenSSL 1.1.1 or higher
+ is used as cryptolib.</p>
+ <p>
+ Own Id: OTP-15240 Aux Id: OTP-15133 </p>
+ </item>
+ <item>
+ <p>
+ The supported RSA options for sign/verify and
+ encrypt/decrypt are now reported in
+ <c>crypto:supports/0</c> in a new entry tagged by
+ '<c>rsa_opts</c>'.</p>
+ <p>
+ The exakt set is still experimental and may change
+ without prior notice.</p>
+ <p>
+ Own Id: OTP-15260</p>
+ </item>
+ <item>
+ <p>
+ The cipher <c>aes_ccm</c> is added.</p>
+ <p>
+ Own Id: OTP-15286</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Crypto 4.3.2</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
<p> Update the crypto engine functions to handle multiple
loads of an engine. </p> <p><c>engine_load/3/4</c> is
updated so it doesn't add the engine ID to OpenSSLs
@@ -62,6 +406,69 @@
</section>
+<section><title>Crypto 4.3.1</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>Fixed a node crash in <c>crypto:compute_key(ecdh,
+ ...)</c> when passing a wrongly typed Others
+ argument.</p>
+ <p>
+ Own Id: OTP-15194 Aux Id: ERL-673 </p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Crypto 4.3</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Removed two undocumented and erroneous functions
+ (<c>crypto:dh_generate_parameters/2</c> and
+ <c>crypto:dh_check/1</c>).</p>
+ <p>
+ Own Id: OTP-14956 Aux Id: ERL-579 </p>
+ </item>
+ <item>
+ <p>
+ Fixed bug causing VM crash if doing runtime upgrade of a
+ crypto module built against OpenSSL older than 0.9.8h.
+ Bug exists since OTP-20.2.</p>
+ <p>
+ Own Id: OTP-15088</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ A new <c>rand</c> plugin algorithm has been implemented
+ in <c>crypto</c>, that is: <c>crypto_cache</c>. It uses
+ strong random bytes as randomness source and caches them
+ to get good speed. See <c>crypto:rand_seed_alg/1</c>.</p>
+ <p>
+ Own Id: OTP-13370 Aux Id: PR-1573 </p>
+ </item>
+ <item>
+ <p>
+ Diffie-Hellman key functions are re-written with the
+ EVP_PKEY api.</p>
+ <p>
+ Own Id: OTP-14864</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
<section><title>Crypto 4.2.2.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-23 16:20:05 +0000