2 files changed, 148 insertions, 3 deletions

diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 89ef529c5d..5b2c46a004 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -159,12 +159,24 @@
 
      <code>digest_type() =  md5 | sha | sha224 | sha256 | sha384 | sha512</code>
 
+     <code>rsa_digest_type() = md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512</code>
+
+     <code>dss_digest_type() = sha | sha224 | sha256 | sha384 | sha512</code> <p>Note that the actual supported
+     dss_digest_type depends on the underlying crypto library. In OpenSSL version >= 1.0.1 the listed digest are supported, while in 1.0.0 only sha, sha224 and sha256 are supported. In version 0.9.8 only sha is supported.</p>
+
+     <code>ecdsa_digest_type() = sha | sha224 | sha256 | sha384 | sha512</code>
+
+     <code>sign_options() = [{rsa_pad, rsa_sign_padding()} | {rsa_pss_saltlen, integer()}]</code>
+
+     <code>rsa_sign_padding() = rsa_pkcs1_padding | rsa_pkcs1_pss_padding</code>
+
      <code> hash_algorithms() =  md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 </code> <p>md4 is also supported for hash_init/1 and hash/2.
      Note that both md4 and md5 are recommended only for compatibility with existing applications.
      </p>
      <code> cipher_algorithms() = aes_cbc | aes_cfb8 | aes_cfb128 | aes_ctr | aes_gcm |
      aes_ige256 | blowfish_cbc | blowfish_cfb64 | chacha20_poly1305 | des_cbc | des_cfb |
      des3_cbc | des3_cfb | des_ede3 | rc2_cbc | rc4 </code>
+     <code> mac_algorithms() =   hmac | cmac</code>
      <code> public_key_algorithms() =   rsa |dss | ecdsa | dh | ecdh | ec_gf2m</code>
      <p>Note that ec_gf2m is not strictly a public key algorithm, but a restriction on what curves are supported
      with ecdsa and ecdh.
@@ -681,6 +693,7 @@
 
     <func>
       <name>sign(Algorithm, DigestType, Msg, Key) -> binary()</name>
+      <name>sign(Algorithm, DigestType, Msg, Key, Options) -> binary()</name>
       <fsummary> Create digital signature.</fsummary>
       <type>
 	<v>Algorithm = rsa | dss | ecdsa </v>
@@ -688,8 +701,9 @@
 	<d>The msg is either the binary "cleartext" data to be
 	signed or it is the hashed value of "cleartext" i.e. the
 	digest (plaintext).</d>
-	<v>DigestType = digest_type()</v>
+	<v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v>
 	<v>Key = rsa_private() | dss_private() | [ecdh_private(),ecdh_params()]</v>
+	<v>Options = sign_options()</v>
       </type>
       <desc>
 	<p>Creates a digital signature.</p>
@@ -835,7 +849,8 @@ _FloatValue = rand:uniform().     % [0.0; 1.0[</pre>
       <type>
       <v> AlgorithmList =  [{hashs, [hash_algorithms()]},
                             {ciphers, [cipher_algorithms()]},
-			    {public_keys, [public_key_algorithms()]}
+			    {public_keys, [public_key_algorithms()]},
+			    {macs, [mac_algorithms()]}]
       </v>
       </type>
       <desc>
@@ -869,15 +884,17 @@ _FloatValue = rand:uniform().     % [0.0; 1.0[</pre>
 
   <func>
       <name>verify(Algorithm, DigestType, Msg, Signature, Key) -> boolean()</name>
+      <name>verify(Algorithm, DigestType, Msg, Signature, Key, Options) -> boolean()</name>
       <fsummary>Verifies a digital signature.</fsummary>
       <type>
 	<v> Algorithm = rsa | dss | ecdsa </v>
 	<v>Msg = binary() | {digest,binary()}</v>
 	<d>The msg is either the binary "cleartext" data
         or it is the hashed value of "cleartext" i.e. the digest (plaintext).</d>
-	<v>DigestType = digest_type()</v>
+	<v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v>
 	<v>Signature = binary()</v>
 	<v>Key = rsa_public() | dss_public() | [ecdh_public(),ecdh_params()]</v>
+	<v>Options = sign_options()</v>
       </type>
       <desc>
 	<p>Verifies a digital signature</p>
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 62b013e463..574353ce7a 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -31,6 +31,134 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 4.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    LibreSSL can now be used by the modernized crypto app.</p>
+          <p>
+	    Own Id: OTP-14247</p>
+        </item>
+        <item>
+          <p>
+	    Add compile option <c>-compile(no_native)</c> in modules
+	    with <c>on_load</c> directive which is not yet supported
+	    by HiPE.</p>
+          <p>
+	    Own Id: OTP-14316 Aux Id: PR-1390 </p>
+        </item>
+        <item>
+          <p>
+	    Fix a bug in aes cfb128 function introduced by the bug
+	    fix in GitHub pull request <url
+	    href="https://github.com/erlang/otp/pull/1393">#1393</url>.</p>
+          <p>
+	    Own Id: OTP-14435 Aux Id: PR-1462, PR-1393, OTP-14313 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Add basic support for CMAC</p>
+          <p>
+	    Own Id: OTP-13779 Aux Id: ERL-82 PR-1138 </p>
+        </item>
+        <item>
+          <p>
+	    Removed functions deprecated in crypto-3.0 first released
+	    in OTP-R16B01</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-13873</p>
+        </item>
+        <item>
+          <p>
+	    The <c>crypto</c> application now supports OpenSSL 1.1.</p>
+          <p>
+	    Own Id: OTP-13900</p>
+        </item>
+        <item>
+          <p>
+	    Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in
+	    order to satisfy specific security requirements (mostly
+	    by different parts of the US federal government). </p>
+          <p>
+	    See the new crypto users guide "FIPS mode" chapter about
+	    building and using the FIPS support which is disabled by
+	    default.</p>
+          <p>
+	    (Thanks to dszoboszlay and legoscia)</p>
+          <p>
+	    Own Id: OTP-13921 Aux Id: PR-1180 </p>
+        </item>
+        <item>
+          <p>
+	    Crypto chacha20-poly1305 as in RFC 7539 enabled for
+	    OpenSSL >= 1.1.</p>
+          <p>
+	    Thanks to mururu.</p>
+          <p>
+	    Own Id: OTP-14092 Aux Id: PR-1291 </p>
+        </item>
+        <item>
+          <p>
+	    RSA key generation added to <c>crypto:generate_key/2</c>.
+	    Thanks to wiml.</p>
+          <p>
+	    An interface is also added to
+	    <c>public_key:generate_key/1</c>.</p>
+          <p>
+	    Own Id: OTP-14140 Aux Id: ERL-165, PR-1299 </p>
+        </item>
+        <item>
+          <p>
+	    Raised minimum requirement for OpenSSL version to
+	    OpenSSL-0.9.8.c although we recommend a much higher
+	    version, that is a version that is still maintained
+	    officially by the OpenSSL project. Note that using such
+	    an old version may restrict the crypto algorithms
+	    supported.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-14171</p>
+        </item>
+        <item>
+          <p>
+	    Deprecate crypto:rand_uniform/2 as it is not
+	    cryptographically strong</p>
+          <p>
+	    Own Id: OTP-14274</p>
+        </item>
+        <item>
+          <p>
+	    The Crypto application now supports generation of
+	    cryptographically strong random numbers (floats &lt; 1.0
+	    and integer arbitrary ranges) as a plugin to the 'rand'
+	    module.</p>
+          <p>
+	    Own Id: OTP-14317 Aux Id: PR-1372 </p>
+        </item>
+        <item>
+          <p>
+	    This replaces the hard coded test values for AES, CMAC
+	    and GCM ciphers with the full validation set from NIST's
+	    CAVP program.</p>
+          <p>
+	    Own Id: OTP-14436 Aux Id: PR-1396 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 3.7.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>