diff options
Diffstat (limited to 'lib/crypto/doc/src')
-rw-r--r-- | lib/crypto/doc/src/book.xml | 4 | ||||
-rw-r--r-- | lib/crypto/doc/src/crypto.xml | 108 | ||||
-rw-r--r-- | lib/crypto/doc/src/crypto_app.xml | 4 | ||||
-rw-r--r-- | lib/crypto/doc/src/fascicules.xml | 2 | ||||
-rw-r--r-- | lib/crypto/doc/src/insidecover.xml | 2 | ||||
-rw-r--r-- | lib/crypto/doc/src/licenses.xml | 4 | ||||
-rw-r--r-- | lib/crypto/doc/src/notes.xml | 106 | ||||
-rw-r--r-- | lib/crypto/doc/src/ref_man.xml | 4 | ||||
-rw-r--r-- | lib/crypto/doc/src/release_notes.xml | 4 | ||||
-rw-r--r-- | lib/crypto/doc/src/usersguide.xml | 4 |
10 files changed, 201 insertions, 41 deletions
diff --git a/lib/crypto/doc/src/book.xml b/lib/crypto/doc/src/book.xml index f07208482c..c477791bf2 100644 --- a/lib/crypto/doc/src/book.xml +++ b/lib/crypto/doc/src/book.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE book SYSTEM "book.dtd"> <book xmlns:xi="http://www.w3.org/2001/XInclude"> <header titlestyle="normal"> <copyright> - <year>1999</year><year>2009</year> + <year>1999</year><year>2013</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 99d167bfa9..7712173ed8 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="iso-8859-1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE erlref SYSTEM "erlref.dtd"> <erlref> <header> <copyright> - <year>1999</year><year>2013</year> + <year>1999</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -99,7 +99,9 @@ <p><code>ecdh_private() = key_value() </code></p> - <p><code>ecdh_params() = ec_named_curve() | + <p><code>ecdh_params() = ec_named_curve() | ec_explicit_curve()</code></p> + + <p><code>ec_explicit_curve() = {ec_field(), Prime :: key_value(), Point :: key_value(), Order :: integer(), CoFactor :: none | integer()} </code></p> <p><code>ec_field() = {prime_field, Prime :: integer()} | @@ -114,11 +116,19 @@ secp192k1| secp160r2| secp128r2| secp128r1| sect233r1| sect233k1| sect193r2| sect193r1| sect131r2| sect131r1| sect283r1| sect283k1| sect163r2| secp256k1| secp160k1| secp160r1| secp112r2| secp112r1| sect113r2| sect113r1| sect239k1| sect163r1| sect163k1| secp256r1| - secp192r1 </code></p> + secp192r1| + brainpoolP160r1| brainpoolP160t1| brainpoolP192r1| brainpoolP192t1| brainpoolP224r1| + brainpoolP224t1| brainpoolP256r1| brainpoolP256t1| brainpoolP320r1| brainpoolP320t1| + brainpoolP384r1| brainpoolP384t1| brainpoolP512r1| brainpoolP512t1 + </code> + Note that the <em>sect</em> curves are GF2m (characteristic two) curves and are only supported if the + underlying OpenSSL has support for them. + See also <seealso marker="#supports-0">crypto:supports/0</seealso> + </p> <p><code>stream_cipher() = rc4 | aes_ctr </code></p> - <p><code>block_cipher() = aes_cbc128 | aes_cfb128 | blowfish_cbc | + <p><code>block_cipher() = aes_cbc128 | aes_cfb8 | aes_cfb128 | aes_ige256 | blowfish_cbc | blowfish_cfb64 | des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | rc2_cbc </code></p> @@ -142,9 +152,12 @@ Note that both md4 and md5 are recommended only for compatibility with existing applications. </p> <p><code> cipher_algorithms() = des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | - blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb128| aes_cbc256 | rc2_cbc | aes_ctr| rc4 </code> </p> - <p><code> public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh </code> </p> - + blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb8 | aes_cfb128| aes_cbc256 | aes_ige256 | rc2_cbc | aes_ctr| rc4 </code> </p> + <p><code> public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh | ec_gf2m</code> + Note that ec_gf2m is not strictly a public key algorithm, but a restriction on what curves are supported + with ecdsa and ecdh. + </p> + </section> <funcs> @@ -159,8 +172,9 @@ </type> <desc> <p>Encrypt <c>PlainText</c>according to <c>Type</c> block cipher. - <c>IVec</c> is an arbitrary initializing vector. - </p> + <c>IVec</c> is an arbitrary initializing vector.</p> + <p>May throw exception <c>notsup</c> in case the chosen <c>Type</c> + is not supported by the underlying OpenSSL implementation.</p> </desc> </func> @@ -175,8 +189,9 @@ </type> <desc> <p>Decrypt <c>CipherText</c>according to <c>Type</c> block cipher. - <c>IVec</c> is an arbitrary initializing vector. - </p> + <c>IVec</c> is an arbitrary initializing vector.</p> + <p>May throw exception <c>notsup</c> in case the chosen <c>Type</c> + is not supported by the underlying OpenSSL implementation.</p> </desc> </func> @@ -351,7 +366,11 @@ or to one of the functions <seealso marker="#hmac_final-1">hmac_final</seealso> and <seealso marker="#hmac_final_n-2">hmac_final_n</seealso> </p> - + <warning><p>Do not use a <c>Context</c> as argument in more than one + call to hmac_update or hmac_final. The semantics of reusing old contexts + in any way is undefined and could even crash the VM in earlier releases. + The reason for this limitation is a lack of support in the underlying + OpenSSL API.</p></warning> </desc> </func> @@ -437,17 +456,17 @@ </func> <func> - <name>private_decrypt(Type, ChipherText, PrivateKey, Padding) -> PlainText</name> - <fsummary>Decrypts ChipherText using the private Key.</fsummary> + <name>private_decrypt(Type, CipherText, PrivateKey, Padding) -> PlainText</name> + <fsummary>Decrypts CipherText using the private Key.</fsummary> <type> <v>Type = rsa</v> - <v>ChipherText = binary()</v> + <v>CipherText = binary()</v> <v>PrivateKey = rsa_private()</v> <v>Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding | rsa_no_padding</v> <v>PlainText = binary()</v> </type> <desc> - <p>Decrypts the <c>ChipherText</c>, encrypted with + <p>Decrypts the <c>CipherText</c>, encrypted with <seealso marker="#public_encrypt-4">public_encrypt/4</seealso> (or equivalent function) using the <c>PrivateKey</c>, and returns the plaintext (message digest). This is a low level signature verification operation @@ -458,7 +477,7 @@ </func> <func> - <name>private_encrypt(Type, PlainText, PrivateKey, Padding) -> ChipherText</name> + <name>private_encrypt(Type, PlainText, PrivateKey, Padding) -> CipherText</name> <fsummary>Encrypts PlainText using the private Key.</fsummary> <type> <v>Type = rsa</v> @@ -469,7 +488,7 @@ used, where N is public modulus of the RSA key.</d> <v>PrivateKey = rsa_private()</v> <v>Padding = rsa_pkcs1_padding | rsa_no_padding</v> - <v>ChipherText = binary()</v> + <v>CipherText = binary()</v> </type> <desc> <p>Encrypts the <c>PlainText</c> using the <c>PrivateKey</c> @@ -481,17 +500,17 @@ </desc> </func> <func> - <name>public_decrypt(Type, ChipherText, PublicKey, Padding) -> PlainText</name> - <fsummary>Decrypts ChipherText using the public Key.</fsummary> + <name>public_decrypt(Type, CipherText, PublicKey, Padding) -> PlainText</name> + <fsummary>Decrypts CipherText using the public Key.</fsummary> <type> <v>Type = rsa</v> - <v>ChipherText = binary()</v> + <v>CipherText = binary()</v> <v>PublicKey = rsa_public() </v> <v>Padding = rsa_pkcs1_padding | rsa_no_padding</v> <v>PlainText = binary()</v> </type> <desc> - <p>Decrypts the <c>ChipherText</c>, encrypted with + <p>Decrypts the <c>CipherText</c>, encrypted with <seealso marker="#private_encrypt-4">private_encrypt/4</seealso>(or equivalent function) using the <c>PrivateKey</c>, and returns the plaintext (message digest). This is a low level signature verification operation @@ -502,7 +521,7 @@ </func> <func> - <name>public_encrypt(Type, PlainText, PublicKey, Padding) -> ChipherText</name> + <name>public_encrypt(Type, PlainText, PublicKey, Padding) -> CipherText</name> <fsummary>Encrypts PlainText using the public Key.</fsummary> <type> <v>Type = rsa</v> @@ -513,7 +532,7 @@ used, where N is public modulus of the RSA key.</d> <v>PublicKey = rsa_public()</v> <v>Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding | rsa_no_padding</v> - <v>ChipherText = binary()</v> + <v>CipherText = binary()</v> </type> <desc> <p>Encrypts the <c>PlainText</c> (message digest) using the <c>PublicKey</c> @@ -537,6 +556,21 @@ </desc> </func> + <func> + <name>rand_seed(Seed) -> ok</name> + <fsummary>Set the seed for random bytes generation</fsummary> + <type> + <v>Seed = binary()</v> + </type> + <desc> + <p>Set the seed for PRNG to the given binary. This calls the + RAND_seed function from openssl. Only use this if the system + you are running on does not have enough "randomness" built in. + Normally this is when <seealso marker="#strong_rand_bytes/1"> + stong_rand_bytes/1</seealso> returns <c>low_entropy</c></p> + </desc> + </func> + <func> <name>rand_uniform(Lo, Hi) -> N</name> <fsummary>Generate a random number</fsummary> @@ -678,7 +712,29 @@ </desc> </func> - + <func> + <name>ec_curves() -> EllipticCurveList </name> + <fsummary>Provide a list of available named elliptic curves.</fsummary> + <type> + <v>EllipticCurveList = [ec_named_curve()]</v> + </type> + <desc> + <p>Can be used to determine which named elliptic curves are supported.</p> + </desc> + </func> + + <func> + <name>ec_curve(NamedCurve) -> EllipticCurve </name> + <fsummary>Get the defining parameters of a elliptic curve.</fsummary> + <type> + <v>NamedCurve = ec_named_curve()</v> + <v>EllipticCurve = ec_explicit_curve()</v> + </type> + <desc> + <p>Return the defining parameters of a elliptic curve.</p> + </desc> + </func> + <func> <name>verify(Algorithm, DigestType, Msg, Signature, Key) -> boolean()</name> <fsummary>Verifies a digital signature.</fsummary> diff --git a/lib/crypto/doc/src/crypto_app.xml b/lib/crypto/doc/src/crypto_app.xml index 6d26076c04..1d10773401 100644 --- a/lib/crypto/doc/src/crypto_app.xml +++ b/lib/crypto/doc/src/crypto_app.xml @@ -1,11 +1,11 @@ -<?xml version="1.0" encoding="iso-8859-1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE appref SYSTEM "appref.dtd"> <appref> <header> <copyright> <year>1999</year> - <year>2013</year> + <year>2014</year> <holder>Ericsson AB, All Rights Reserved</holder> </copyright> <legalnotice> diff --git a/lib/crypto/doc/src/fascicules.xml b/lib/crypto/doc/src/fascicules.xml index 8fc250bc75..cbc266cd30 100644 --- a/lib/crypto/doc/src/fascicules.xml +++ b/lib/crypto/doc/src/fascicules.xml @@ -1,4 +1,4 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE fascicules SYSTEM "fascicules.dtd"> <fascicules> diff --git a/lib/crypto/doc/src/insidecover.xml b/lib/crypto/doc/src/insidecover.xml index e7407b8052..bf2427afdf 100644 --- a/lib/crypto/doc/src/insidecover.xml +++ b/lib/crypto/doc/src/insidecover.xml @@ -1,4 +1,4 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE bookinsidecover SYSTEM "bookinsidecover.dtd"> <bookinsidecover> diff --git a/lib/crypto/doc/src/licenses.xml b/lib/crypto/doc/src/licenses.xml index 0b791acfa2..1c77d1f115 100644 --- a/lib/crypto/doc/src/licenses.xml +++ b/lib/crypto/doc/src/licenses.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE chapter SYSTEM "chapter.dtd"> <chapter> <header> <copyright> - <year>2003</year><year>2011</year> + <year>2003</year><year>2013</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml index 7408907ebd..34f2e3c469 100644 --- a/lib/crypto/doc/src/notes.xml +++ b/lib/crypto/doc/src/notes.xml @@ -1,4 +1,4 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE chapter SYSTEM "chapter.dtd"> <chapter> @@ -30,6 +30,110 @@ </header> <p>This document describes the changes made to the Crypto application.</p> +<section><title>Crypto 3.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fix memory leaks and invalid deallocations in + <c>mod_pow</c>, <c>mod_exp</c> and + <c>generate_key(srp,...)</c> when bad arguments are + passed. (Thanks to Florian Zumbiehi)</p> + <p> + Own Id: OTP-11550</p> + </item> + <item> + <p> + Correction of the word 'ChipherText' throughout the + documentation (Thanks to Andrew Tunnell-Jones)</p> + <p> + Own Id: OTP-11609</p> + </item> + <item> + <p> + Fix fatal bug when using a hmac context variable in more + than one call to <c>hmac_update</c> or <c>hmac_final</c>. + The reuse of hmac contexts has never worked as the + underlying OpenSSL implementation does not support it. It + is now documented as having undefined behaviour, but it + does not crash or corrupt the VM anymore.</p> + <p> + Own Id: OTP-11724</p> + </item> + <item> + <p> + Crypto handles out-of-memory with a controlled abort + instead of crash/corruption. (Thanks to Florian Zumbiehi)</p> + <p> + Own Id: OTP-11725</p> + </item> + <item> + <p> + Application upgrade (appup) files are corrected for the + following applications: </p> + <p> + <c>asn1, common_test, compiler, crypto, debugger, + dialyzer, edoc, eldap, erl_docgen, et, eunit, gs, hipe, + inets, observer, odbc, os_mon, otp_mibs, parsetools, + percept, public_key, reltool, runtime_tools, ssh, + syntax_tools, test_server, tools, typer, webtool, wx, + xmerl</c></p> + <p> + A new test utility for testing appup files is added to + test_server. This is now used by most applications in + OTP.</p> + <p> + (Thanks to Tobias Schlager)</p> + <p> + Own Id: OTP-11744</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + By giving --enable-static-{nifs,drivers} to configure it + is now possible to statically linking of nifs and drivers + to the main Erlang VM binary. At the moment only the asn1 + and crypto nifs of the Erlang/OTP nifs and drivers have + been prepared to be statically linked. For more details + see the Installation Guide in the System documentation.</p> + <p> + Own Id: OTP-11258</p> + </item> + <item> + <p> + Add IGE mode for AES cipher in crypto (Thanks to Yura + Beznos).</p> + <p> + Own Id: OTP-11522</p> + </item> + <item> + <p> + Moved elliptic curve definition from the crypto + NIF/OpenSSL into Erlang code, adds the RFC-5639 brainpool + curves and makes TLS use them (RFC-7027).</p> + <p> + Thanks to Andreas Schultz</p> + <p> + Own Id: OTP-11578</p> + </item> + <item> + <p> + Remove all obsolete application processes from crypto and + make it into a pure library application.</p> + <p> + Own Id: OTP-11619</p> + </item> + </list> + </section> + +</section> + <section><title>Crypto 3.2</title> <section><title>Fixed Bugs and Malfunctions</title> diff --git a/lib/crypto/doc/src/ref_man.xml b/lib/crypto/doc/src/ref_man.xml index f801221c81..d14ff053c9 100644 --- a/lib/crypto/doc/src/ref_man.xml +++ b/lib/crypto/doc/src/ref_man.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE application SYSTEM "application.dtd"> <application xmlns:xi="http://www.w3.org/2001/XInclude"> <header> <copyright> - <year>1999</year><year>2009</year> + <year>1999</year><year>2013</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> diff --git a/lib/crypto/doc/src/release_notes.xml b/lib/crypto/doc/src/release_notes.xml index 0a84ca1c15..4f9d448ad1 100644 --- a/lib/crypto/doc/src/release_notes.xml +++ b/lib/crypto/doc/src/release_notes.xml @@ -1,11 +1,11 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE part SYSTEM "part.dtd"> <part> <header> <copyright> <year>1999</year> - <year>2011</year> + <year>2013</year> <holder>Ericsson AB, All Rights Reserved</holder> </copyright> <legalnotice> diff --git a/lib/crypto/doc/src/usersguide.xml b/lib/crypto/doc/src/usersguide.xml index dc5bf520a9..e6fd291974 100644 --- a/lib/crypto/doc/src/usersguide.xml +++ b/lib/crypto/doc/src/usersguide.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE part SYSTEM "part.dtd"> <part xmlns:xi="http://www.w3.org/2001/XInclude"> <header> <copyright> - <year>2003</year><year>2009</year> + <year>2003</year><year>2013</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> |